Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0321

Description

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 13.0.0.269/16.0.0.305 (Windows/OS X) and before 11.2.202.442 (Linux) allows arbitrary code execution via memory corruption.

Vulnerability

CVE-2015-0321 is a memory corruption vulnerability in Adobe Flash Player affecting versions prior to 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X, and prior to 11.2.202.442 on Linux. The vulnerability is triggered via unspecified vectors, and it is distinct from other Flash Player CVEs such as CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330 [3].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted SWF file or visit a malicious web page that loads the file. No authentication is required, and the attack can be launched remotely. The exact exploitation steps are not publicly detailed, but the vulnerability is reachable through standard Flash Player content delivery mechanisms [3].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running Flash Player, or to cause a denial of service (memory corruption). This could lead to full compromise of the affected system, including data theft, installation of malware, or disruption of service [3].

Mitigation

Adobe released fixed versions: 13.0.0.269, 16.0.0.305 for Windows and OS X, and 11.2.202.442 for Linux. Microsoft provided updates for Flash Player in Internet Explorer and Microsoft Edge via advisory 2755801 [1]. Red Hat issued RHSA-2015:0140 for Red Hat Enterprise Linux [2], and Gentoo published GLSA 201502-02 recommending upgrade to the patched version [3]. No workaround is available; users must apply the update.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer15 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.440
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
Adobe Inc./Flash Playerllm-fuzzy
Range: <13.0.0.269, >=14.0.0 <16.0.0.305 (Windows/OS X); <11.2.202.442 (Linux)
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.442-67.1+ 1 more
- (no CPE)range: < 11.2.202.442-67.1
- (no CPE)range: < 11.2.202.442-67.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000