Unrated severityNVD Advisory· Published Mar 13, 2015· Updated May 6, 2026

CVE-2015-0339

Description

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0335.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 13.0.0.277 and 17.0.0.134 on Windows/OS X and before 11.2.202.451 on Linux is vulnerable to memory corruption leading to arbitrary code execution or denial of service.

Vulnerability

A memory corruption vulnerability exists in Adobe Flash Player versions prior to 13.0.0.277, 14.x through 17.x before 17.0.0.134 on Windows and OS X, and before 11.2.202.451 on Linux [1][2]. The flaw is triggered via unspecified vectors, likely involving crafted SWF content, and does not require any special configuration beyond having an affected version installed.

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by delivering a malicious SWF file, typically through a compromised website or via an ad network. The victim must open the crafted content in a browser or application using the vulnerable Flash Player. No additional privileges or user interaction beyond visiting the malicious page is required. The memory corruption is triggered during processing of the SWF file, allowing the attacker to control execution flow.

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the user running Flash Player, or to cause a denial of service (application crash). This can lead to full system compromise if the user has administrative rights. The vulnerability may also be leveraged for information disclosure, though the primary impact is code execution and DoS [1][2].

Mitigation

Adobe released fixed versions on March 12, 2015: 13.0.0.277, 17.0.0.134 for Windows and OS X, and 11.2.202.451 for Linux [1][2]. Users should update immediately. No workarounds are available. Flash Player is now end-of-life, but at the time of disclosure, updating to the patched versions was the only mitigation.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Flashplayer17 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.442
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.305:*:*:*:*:*:*:*
- (no CPE)range: <=13.0.0.277, >=14.0 <17.0.0.134, <=11.2.202.451
osv-coords2 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.451-77.1+ 1 more
- (no CPE)range: < 11.2.202.451-77.1
- (no CPE)range: < 11.2.202.451-77.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000