VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 14, 2015· Updated May 6, 2026

CVE-2015-0356

CVE-2015-0356

Description

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 13.0.0.281/17.0.0.169 (Windows/OS X) and 11.2.202.457 (Linux) allows remote code execution via type confusion.

Vulnerability

CVE-2015-0356 is a type confusion vulnerability in Adobe Flash Player affecting versions before 13.0.0.281, 14.x through 17.x before 17.0.0.169 on Windows and OS X, and before 11.2.202.457 on Linux [1][2]. The exact component where the type confusion occurs is not publicly disclosed, but the flaw can be triggered when processing a crafted SWF file.

Exploitation

An attacker can exploit this vulnerability by delivering a malicious SWF file to a victim, typically through a compromised website, email attachment, or malvertising. No authentication is required; the victim only needs to load the SWF file in an affected Flash Player instance. The type confusion leads to memory corruption, which the attacker can leverage to achieve arbitrary code execution.

Impact

Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running Flash Player. This can result in full system compromise, including data theft, installation of malware, or denial of service [2]. The impact is limited to the user context, but on multi-user systems or with elevated privileges, the scope may be broader.

Mitigation

Adobe released fixed versions: 13.0.0.281, 17.0.0.169 for Windows and OS X, and 11.2.202.457 for Linux [1][2]. Red Hat and Gentoo have issued advisories urging immediate updates. No workaround is available; users must upgrade to the patched versions. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.

References
  1. http://rhn.redhat.com/errata/RHSA-2015-0813.html
  2. Multiple vulnerabilities (GLSA 201504-07) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

19
  • Adobe Inc./Flashplayer17 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.451
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
    • (no CPE)range: before 13.0.0.281, 14.x-17.x before 17.0.0.169, before 11.2.202.457
  • osv-coords2 versions
    pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
    < 11.2.202.457-80.1+ 1 more
    • (no CPE)range: < 11.2.202.457-80.1
    • (no CPE)range: < 11.2.202.457-80.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.