VYPR
← All advisories
Unrated severityNVD Advisory· Published May 13, 2015· Updated May 6, 2026

CVE-2015-3079

CVE-2015-3079

Description

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR before certain versions allow remote attackers to bypass access restrictions and obtain sensitive information via unspecified vectors.

Vulnerability

Adobe Flash Player versions before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X, and before 11.2.202.460 on Linux, as well as Adobe AIR before 17.0.0.172, AIR SDK before 17.0.0.172, and AIR SDK & Compiler before 17.0.0.172, contain a vulnerability that allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors [1][2].

Exploitation

The vulnerability is exploitable remotely without authentication, as the attack vector is network-based. The exact exploitation steps are not disclosed in the available references, but the issue is triggered through unspecified vectors, likely involving crafted SWF content or similar [1][2].

Impact

Successful exploitation allows an attacker to bypass access restrictions and obtain sensitive information from the affected system. The confidentiality of data is compromised, though the scope is limited to information disclosure [1][2].

Mitigation

Adobe released fixed versions: Flash Player 13.0.0.289 and 17.0.0.188 on Windows/OS X, 11.2.202.460 on Linux, and AIR 17.0.0.172 (including SDK and SDK & Compiler) on May 12, 2015 [1][2]. Users should upgrade to these versions. No workaround is available [2].

References
  1. http://rhn.redhat.com/errata/RHSA-2015-1005.html
  2. Multiple vulnerabilities (GLSA 201505-02) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

26
  • Adobe Inc./Air2 versions
    cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=17.0.0.144
    • (no CPE)range: <17.0.0.172
  • Adobe Inc./Air Sdk2 versions
    cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=17.0.0.144
    • (no CPE)range: <17.0.0.172
  • Adobe Inc./Air Sdk \& Compiler2 versions
    cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*range: <=17.0.0.144
    • (no CPE)range: <17.0.0.172
  • Adobe Inc./Flashplayer17 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
  • GNU/Flash Playerllm-fuzzy
    Range: <13.0.0.289, >=14.0 <17.0.0.188, <11.2.202.460
  • osv-coords2 versions
    pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
    < 11.2.202.460-83.1+ 1 more
    • (no CPE)range: < 11.2.202.460-83.1
    • (no CPE)range: < 11.2.202.460-83.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.