CVE-2015-0333
Description
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player memory corruption vulnerability allows arbitrary code execution or denial of service via unspecified vectors.
Vulnerability
CVE-2015-0333 is a memory corruption vulnerability in Adobe Flash Player. The flaw affects versions before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X, and before 11.2.202.451 on Linux [1][2]. The exact mechanism is not disclosed, but it is triggered by unspecified vectors, likely involving crafted SWF content.
Exploitation
An attacker can exploit this vulnerability by delivering a malicious SWF file to a victim, typically through a compromised website or via email. No authentication is required; the victim must only open the content in a vulnerable Flash Player instance. The exploitation does not require any special network position beyond the ability to serve the malicious file [1][2].
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected user or cause a denial of service (memory corruption). This can lead to full system compromise, data theft, or disruption of service [1][2].
Mitigation
Adobe released fixed versions: 13.0.0.277, 17.0.0.134, and 11.2.202.451 for Linux. Users should update immediately via the Adobe Flash Player download page or their operating system's update mechanism [1][2]. No workaround is available; the only mitigation is applying the patch.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.305:*:*:*:*:*:*:*
- (no CPE)range: <17.0.0.134
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.451-77.1+ 1 more
- (no CPE)range: < 11.2.202.451-77.1
- (no CPE)range: < 11.2.202.451-77.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- helpx.adobe.com/security/products/flash-player/apsb15-05.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0697.htmlnvd
- www.securitytracker.com/id/1031922nvd
- security.gentoo.org/glsa/201503-09nvd
News mentions
0No linked articles in our index yet.