VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 6, 2015· Updated May 6, 2026

CVE-2015-0330

CVE-2015-0330

Description

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 13.0.0.269/16.0.0.305/11.2.202.442 allows remote code execution or denial of service via memory corruption.

Vulnerability

Adobe Flash Player before versions 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X, and before 11.2.202.442 on Linux, contains a memory corruption vulnerability [1][2][3]. The issue can be triggered via unspecified vectors, allowing an attacker to corrupt memory in the Flash Player process.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious SWF file and hosting it on a website or embedding it in an email. No authentication is required. The victim must visit the malicious page or open the email, causing Flash Player to process the crafted content and trigger the memory corruption [1][2][3].

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the current user, or cause a denial of service (application crash). This could lead to full system compromise if the user has administrative rights [1][2][3].

Mitigation

Adobe released fixed versions: 13.0.0.269, 16.0.0.305, and 11.2.202.442 [2][3]. Microsoft provided updates for Flash Player in Internet Explorer and Microsoft Edge via security updates [1]. Red Hat and Gentoo also issued advisories urging users to update [2][3]. No workaround is available; users should apply the latest updates immediately.

References
  1. Microsoft Security Advisory 2755801
  2. http://rhn.redhat.com/errata/RHSA-2015-0140.html
  3. Multiple vulnerabilities (GLSA 201502-02) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

18
  • Adobe Inc./Flashplayer15 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
  • GNU/Flash Playerllm-fuzzy
    Range: < 13.0.0.269, 14.x-16.x < 16.0.0.305 (Windows/OS X); < 11.2.202.442 (Linux)
  • osv-coords2 versions
    pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
    < 11.2.202.442-67.1+ 1 more
    • (no CPE)range: < 11.2.202.442-67.1
    • (no CPE)range: < 11.2.202.442-67.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.