Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7648Adobe Flash Player vulnerability

10 documents6 sources
Severity
10.0CRITICALNVD
EPSS
56.8%
top 1.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Flash Player
Timeline
PublishedOct 18
Latest updateMay 17

Description

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player11.2.202.535+1

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

4
GHSA
GHSA-5778-gw8x-3m7f: Adobe Flash Player before 182022-05-17
GHSA
GHSA-xj2j-8x6x-4m9r: Adobe Flash Player before 182022-05-17
OSV
CVE-2015-7648: Adobe Flash Player before 182015-10-18
OSV
CVE-2015-7647: Adobe Flash Player before 182015-10-18

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash - Type Confusion in Serialization with ObjectEncoder.dynamicPropertyWriter2015-12-14

📋Vendor Advisories

2
Red Hat
flash-plugin: multiple code execution issue fixed in APSB15-272015-10-14
Red Hat
flash-plugin: multiple code execution issue fixed in APSB15-272015-10-14

💬Community

1
Bugzilla
CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 flash-plugin: multiple code execution issue fixed in APSB15-272015-10-15
CVE-2015-7648 — Adobe Flash Player vulnerability | cvebase