Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0329

Description

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 13.0.0.269/16.0.0.305 (Windows/OS X) or 11.2.202.442 (Linux) has a memory corruption flaw that allows arbitrary code execution or denial of service via unspecified vectors.

Vulnerability

Adobe Flash Player versions before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X, and before 11.2.202.442 on Linux, are affected by a memory corruption vulnerability (CVE-2015-0329). The flaw can be triggered via unspecified vectors, meaning an attacker can craft a malicious SWF file that, when processed by the Flash Player, corrupts memory [3].

Exploitation

An attacker must deliver a specially crafted SWF file to the target, typically by hosting it on a website or injecting it into a compromised ad network. No authentication is required; user interaction is limited to visiting the page or opening the file. The exploit does not require any special network position beyond the ability to serve the malicious content [3].

Impact

Successful exploitation can lead to arbitrary code execution within the security context of the user running Flash Player, or cause a denial of service due to memory corruption. An attacker could gain full control of the affected system, install programs, view/change/delete data, or create new accounts with complete user rights [2][3].

Mitigation

Adobe released fixed versions: 13.0.0.269, 16.0.0.305, and 11.2.202.442. Users on Windows and OS X should update to Flash Player 16.0.0.305 or later; Linux users to 11.2.202.442 [3]. Microsoft provided updates for affected Internet Explorer and Edge environments [1]. Red Hat issued RHSA-2015:0140 for Red Hat Enterprise Linux [2]. No workaround is known [3].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer15 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.440
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
GNU/Flash Playerllm-fuzzy
Range: <13.0.0.269 on Windows/OS X, <16.0.0.305 on Windows/OS X, <11.2.202.442 on Linux
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.442-67.1+ 1 more
- (no CPE)range: < 11.2.202.442-67.1
- (no CPE)range: < 11.2.202.442-67.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000