CVE-2015-3082
Description
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 13.0.0.289/17.0.0.188/11.2.202.460 allows remote attackers to bypass filesystem write restrictions.
Vulnerability
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X, and before 11.2.202.460 on Linux, as well as Adobe AIR before 17.0.0.172 and related SDKs, contain an unspecified vulnerability that allows remote attackers to bypass intended restrictions on filesystem write operations [1][2]. The exact code path is not disclosed, but it is triggered when processing crafted Flash content.
Exploitation
An attacker can exploit this vulnerability by delivering a malicious SWF file to a user, typically via a web page or email. No authentication or special privileges are required; the user only needs to open the content in a vulnerable Flash Player instance. The attack vector is remote and does not require user interaction beyond normal browsing [1].
Impact
Successful exploitation allows the attacker to write arbitrary files to the filesystem, bypassing the security sandbox that normally restricts Flash Player's write access. This could lead to further compromise, such as code execution or persistent modification of system files [2].
Mitigation
Adobe released fixed versions: Flash Player 13.0.0.289, 17.0.0.188, and 11.2.202.460; AIR 17.0.0.172 and corresponding SDKs. Users should update immediately. Red Hat and Gentoo have also issued advisories [1][2]. No workaround is available.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
24cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=17.0.0.144
- (no CPE)range: <17.0.0.172
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=17.0.0.144
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- Range: <17.0.0.188 (Windows/OS X) and <11.2.202.460 (Linux)
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.460-83.1+ 1 more
- (no CPE)range: < 11.2.202.460-83.1
- (no CPE)range: < 11.2.202.460-83.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- helpx.adobe.com/security/products/flash-player/apsb15-09.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1005.htmlnvd
- www.securityfocus.com/bid/74610nvd
- www.securitytracker.com/id/1032285nvd
- security.gentoo.org/glsa/201505-02nvd
- www.exploit-db.com/exploits/37840/nvd
News mentions
0No linked articles in our index yet.