VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 13, 2015· Updated May 6, 2026

CVE-2015-0332

CVE-2015-0332

Description

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before specified versions on Windows, OS X, and Linux allows arbitrary code execution or denial of service via memory corruption.

Vulnerability

Adobe Flash Player before 13.0.0.277, 14.x through 17.x before 17.0.0.134 on Windows and OS X, and before 11.2.202.451 on Linux contains a memory corruption vulnerability that can be triggered via unspecified vectors [1][2]. The flaw allows an attacker to cause memory corruption, potentially leading to arbitrary code execution or denial of service.

Exploitation

An attacker can exploit this vulnerability by enticing a user to open a specially crafted Flash file, likely through a web page or email attachment. No additional privileges are required beyond user interaction to open the malicious file. The attack vector is remote, and the exploitation does not require authentication.

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected user or cause a denial of service (application crash). This could lead to full compromise of the system's confidentiality, integrity, and availability depending on the user's privileges.

Mitigation

The vulnerability is fixed in Adobe Flash Player 13.0.0.277, 17.0.0.134, and 11.2.202.451 for the respective platforms [1][2]. Red Hat and Gentoo advisories recommend upgrading to these versions. No workarounds are known. Users should update immediately. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.

References
  1. http://rhn.redhat.com/errata/RHSA-2015-0697.html
  2. Multiple vulnerabilities (GLSA 201503-09) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

19
  • Adobe Inc./Flashplayer17 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.305:*:*:*:*:*:*:*
    • (no CPE)range: <13.0.0.277 (Windows/OS X), <11.2.202.451 (Linux), 14.x-17.x <17.0.0.134
  • osv-coords2 versions
    pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
    < 11.2.202.451-77.1+ 1 more
    • (no CPE)range: < 11.2.202.451-77.1
    • (no CPE)range: < 11.2.202.451-77.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.