CVE-2015-0341
Description
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in Adobe Flash Player allows remote code execution via unspecified vectors, affecting versions before 13.0.0.277, 17.0.0.134, and 11.2.202.451.
Vulnerability
A use-after-free vulnerability exists in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X, and before 11.2.202.451 on Linux [1][2]. The flaw can be triggered via unspecified vectors, likely involving crafted SWF content.
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted Flash file, typically via a web page or email attachment. No authentication is required. The use-after-free condition allows the attacker to control program flow [2].
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the affected Flash Player process, potentially leading to full system compromise. The impact includes confidentiality, integrity, and availability loss [1][2].
Mitigation
Adobe released fixed versions on March 12, 2015. Users should update to Flash Player 13.0.0.277, 17.0.0.134, or 11.2.202.451 as appropriate [1][2]. No workaround is available.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
19cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.442
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.305:*:*:*:*:*:*:*
- (no CPE)range: <13.0.0.277, >=14 <17.0.0.134 (Windows/OS X), <11.2.202.451 (Linux)
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.451-77.1+ 1 more
- (no CPE)range: < 11.2.202.451-77.1
- (no CPE)range: < 11.2.202.451-77.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- helpx.adobe.com/security/products/flash-player/apsb15-05.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0697.htmlnvd
- www.securitytracker.com/id/1031922nvd
- security.gentoo.org/glsa/201503-09nvd
News mentions
0No linked articles in our index yet.