VYPR
← All advisories
Unrated severityNVD Advisory· Published May 13, 2015· Updated May 6, 2026

CVE-2015-3083

CVE-2015-3083

Description

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before certain versions allows remote attackers to bypass filesystem write restrictions via a junction check bypass in FlashBroker.

Vulnerability

Adobe Flash Player versions prior to 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X, and prior to 11.2.202.460 on Linux, along with Adobe AIR before 17.0.0.172, contain a flaw that allows remote attackers to bypass intended restrictions on filesystem write operations [1][3]. The vulnerability resides in the FlashBroker component, specifically in the BrokerCreateFile and BrokerMoveFileEx methods. These methods use CreateFile with dwShareMode set to 0, causing the call to fail if another process holds a handle to the destination folder. This failure incorrectly marks the path as valid, enabling an NTFS junction attack to write arbitrary files under user permissions [2].

Exploitation

An attacker can exploit this vulnerability by delivering a crafted SWF file to a user running a vulnerable Flash Player on Windows with Internet Explorer Protected Mode. The attack requires no authentication beyond user interaction (e.g., visiting a malicious website). The proof-of-concept demonstrates writing calc.bat to the startup folder by injecting a DLL into a low-integrity IE process with Flash Player 16.0.0.305 [2]. The attacker must set up an NTFS junction to redirect the write operation to a target location.

Impact

Successful exploitation allows an attacker to write arbitrary files to the filesystem under the user's permissions. By writing a malicious executable to the startup folder, the attacker can achieve code execution on the next system login, effectively gaining persistent access at the user privilege level [2].

Mitigation

Adobe released fixed versions on May 12, 2015: Flash Player 13.0.0.289, 17.0.0.188 (Windows/OS X), 11.2.202.460 (Linux), and AIR 17.0.0.172 [1][3]. Users should update to these versions immediately. No workaround is available [3].

References
  1. http://rhn.redhat.com/errata/RHSA-2015-1005.html
  2. OffSec’s Exploit Database Archive
  3. Multiple vulnerabilities (GLSA 201505-02) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

24
  • Adobe Inc./Air2 versions
    cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=17.0.0.144
    • (no CPE)range: <17.0.0.172
  • Adobe Inc./Air Sdk
    cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
    Range: <=17.0.0.144
  • Adobe Inc./Air Sdk \& Compiler
    cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
    Range: <=17.0.0.144
  • Adobe Inc./Flashplayer17 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.475
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
  • GNU/Flash Playerllm-fuzzy
    Range: <13.0.0.289, >=14.0 <17.0.0.188, <11.2.202.460 (Linux)
  • osv-coords2 versions
    pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
    < 11.2.202.460-83.1+ 1 more
    • (no CPE)range: < 11.2.202.460-83.1
    • (no CPE)range: < 11.2.202.460-83.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.