CVE-2015-7648
published 2015-10-18CVE-2015-7648: Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code…
PriorityP267critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
29.53%
98.0th percentile
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 11.2.202.535 | — |
| adobe | flash_player | <= 19.0.0.207 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SWF files exploiting type confusion via ObjectEncoder.dynamicPropertyWriter overridden with a non-function value — look for bytecode where 'writeDynamicProperties' is patched (e.g., string 'writeDocumentProperties' replacing 'triteDocumentProperties' in decompressed SWF). ↗
- →Flag ActionScript/SWF payloads that set flash.net.ObjectEncoding.dynamicPropertyWriter to a non-function object and then call ByteArray.writeObject() on a dynamic-property-bearing object, as this triggers the type confusion code path. ↗
- →Monitor for decompressed (flasm -x) SWF files in transit or on disk, as the PoC requires the SWF to be decompressed and manually modified at the bytecode level to bypass compiler type checks. ↗
- ·The type confusion is not triggerable via normal ActionScript compilation — the SWF bytecode must be manually modified post-compilation to override writeDynamicProperties with a non-function, meaning standard static AS3 analysis will miss this variant. ↗
- ·Affected versions span multiple platforms: Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows/OS X, and before 11.2.202.540 on Linux — detections should account for all three platform version ranges. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
flash-plugin: multiple code execution issue fixed in APSB15-27
vendor_redhat·2015-10-14·CVSS 10.0
CVE-2015-7647 [CRITICAL] flash-plugin: multiple code execution issue fixed in APSB15-27
flash-plugin: multiple code execution issue fixed in APSB15-27
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.
Red Hat
flash-plugin: multiple code execution issue fixed in APSB15-27
vendor_redhat·2015-10-14·CVSS 10.0
CVE-2015-7648 [CRITICAL] flash-plugin: multiple code execution issue fixed in APSB15-27
flash-plugin: multiple code execution issue fixed in APSB15-27
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.
GHSA
GHSA-5778-gw8x-3m7f: Adobe Flash Player before 18
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-7647 [CRITICAL] GHSA-5778-gw8x-3m7f: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.
GHSA
GHSA-xj2j-8x6x-4m9r: Adobe Flash Player before 18
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-7648 [CRITICAL] GHSA-xj2j-8x6x-4m9r: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.
OSV
CVE-2015-7648: Adobe Flash Player before 18
osv·2015-10-18·CVSS 10.0
CVE-2015-7648 [CRITICAL] CVE-2015-7648: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.
OSV
CVE-2015-7647: Adobe Flash Player before 18
osv·2015-10-18·CVSS 10.0
CVE-2015-7647 [CRITICAL] CVE-2015-7647: Adobe Flash Player before 18
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.
No detection rules found.
http://rhn.redhat.com/errata/RHSA-2015-1913.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2024.htmlhttp://www.securityfocus.com/bid/77116http://www.securitytracker.com/id/1033850https://helpx.adobe.com/security/products/flash-player/apsb15-27.htmlhttps://security.gentoo.org/glsa/201511-02https://www.exploit-db.com/exploits/38970/http://rhn.redhat.com/errata/RHSA-2015-1913.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2024.htmlhttp://www.securityfocus.com/bid/77116http://www.securitytracker.com/id/1033850https://helpx.adobe.com/security/products/flash-player/apsb15-27.htmlhttps://security.gentoo.org/glsa/201511-02https://www.exploit-db.com/exploits/38970/
2015-10-18
Published