Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0327

Description

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Heap-based buffer overflow in Adobe Flash Player allows remote code execution via unspecified vectors; fixed in versions 13.0.0.269, 16.0.0.305, and 11.2.202.442.

Vulnerability

A heap-based buffer overflow exists in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X, and before 11.2.202.442 on Linux [1][2][3]. The vulnerability is triggered via unspecified vectors, likely involving crafted SWF content. Affected versions include those bundled with Internet Explorer and Microsoft Edge on Windows [1], as well as the standalone player on Linux distributions [2][3].

Exploitation

An attacker can exploit this vulnerability by delivering a malicious SWF file, typically through a compromised website or email attachment. No authentication is required; user interaction (e.g., visiting a malicious page or opening a crafted file) is sufficient to trigger the overflow. The exact exploitation steps are not detailed in the available references, but the heap-based nature suggests a memory corruption that can be leveraged for code execution.

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running Flash Player [1][2][3]. This can lead to full system compromise, including data theft, installation of malware, or further lateral movement. Additionally, the vulnerability may enable denial of service or information disclosure [3].

Mitigation

Adobe released fixed versions: 13.0.0.269, 16.0.0.305, and 11.2.202.442 [1][2][3]. Microsoft provided updates for Internet Explorer and Microsoft Edge via security advisory 2755801 [1]. Red Hat and Gentoo advisories recommend updating to the patched versions [2][3]. No workaround is available [3]. Users should apply updates immediately.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer15 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
GNU/Flash Playerllm-fuzzy
Range: <16.0.0.305
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.442-67.1+ 1 more
- (no CPE)range: < 11.2.202.442-67.1
- (no CPE)range: < 11.2.202.442-67.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000