CVE-2015-0340
Description
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 13.0.0.277/17.0.0.134/11.2.202.451 allows remote attackers to bypass file-upload restrictions, potentially leading to arbitrary code execution.
Vulnerability
Adobe Flash Player versions prior to 13.0.0.277 on Windows and OS X, 14.x through 17.x before 17.0.0.134, and 11.2.202.451 on Linux contain an unspecified vulnerability that allows remote attackers to bypass intended file-upload restrictions [1][2]. The exact mechanism is not disclosed in the available references.
Exploitation
An attacker can exploit this vulnerability by delivering a crafted Flash file to a victim, typically via a malicious web page or email attachment. No authentication or user interaction beyond loading the Flash content is required [1][2]. The attack vector is remote.
Impact
Successful exploitation enables the attacker to bypass file-upload restrictions, which may lead to arbitrary code execution in the context of the affected user's browser or application [2]. The Gentoo security advisory lists remote code execution as the worst-case impact.
Mitigation
Adobe released fixed versions: 13.0.0.277, 17.0.0.134, and 11.2.202.451 [1][2]. Red Hat issued RHSA-2015-0697 for affected Linux distributions [1]. Gentoo recommends upgrading to >=www-plugins/adobe-flash-11.2.202.451 [2]. No workaround is known.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.442
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.305:*:*:*:*:*:*:*
- (no CPE)range: <13.0.0.277, >=14.x <17.0.0.134, <11.2.202.451
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.451-77.1+ 1 more
- (no CPE)range: < 11.2.202.451-77.1
- (no CPE)range: < 11.2.202.451-77.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- helpx.adobe.com/security/products/flash-player/apsb15-05.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0697.htmlnvd
- www.securitytracker.com/id/1031922nvd
- security.gentoo.org/glsa/201503-09nvd
News mentions
0No linked articles in our index yet.