CVE-2015-0319
Description
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0317.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Type confusion in Adobe Flash Player before specified versions allows remote code execution via crafted SWF.
Vulnerability
A type confusion vulnerability exists in Adobe Flash Player, affecting versions before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X, and before 11.2.202.442 on Linux [2] [3]. This flaw allows attackers to execute arbitrary code by leveraging an unspecified type confusion [2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a malicious Flash file, typically delivered via a web page or email attachment. No authentication is required, and the attack can be performed remotely [3].
Impact
Successful exploitation allows an attacker to execute arbitrary code within the context of the user running Flash Player, potentially leading to complete compromise of the affected system [3].
Mitigation
Mitigation involves updating Adobe Flash Player to version 13.0.0.269, 16.0.0.305, or 11.2.202.442, depending on the platform [2] [3]. These updates are available from Adobe and are also distributed by vendors such as Red Hat [2] and Gentoo [3]. No workaround is available for unpatched versions [3].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
18cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.440
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- (no CPE)range: <16.0.0.305 (Windows/OS X), <13.0.0.269, <11.2.202.442 (Linux)
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.442-67.1+ 1 more
- (no CPE)range: < 11.2.202.442-67.1
- (no CPE)range: < 11.2.202.442-67.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- helpx.adobe.com/security/products/flash-player/apsb15-04.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0140.htmlnvd
- secunia.com/advisories/62777nvd
- secunia.com/advisories/62886nvd
- secunia.com/advisories/62895nvd
- security.gentoo.org/glsa/glsa-201502-02.xmlnvd
- www.securityfocus.com/bid/72514nvd
- www.securitytracker.com/id/1031706nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/100707nvd
- technet.microsoft.com/library/security/2755801nvd
News mentions
0No linked articles in our index yet.