CVE-2015-3085
Description
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player sandbox escape via path traversal in BrokerCreateFile allows arbitrary file write and code execution.
Vulnerability
A path traversal vulnerability exists in the BrokerCreateFile method of Adobe Flash Player. This allows an attacker to write arbitrary files outside the intended sandbox directory. Affected versions include Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X, before 11.2.202.460 on Linux, as well as Adobe AIR before 17.0.0.172 and AIR SDK before 17.0.0.172 [1][2].
Exploitation
An attacker must convince a user to visit a malicious web page or open a malicious file. No authentication is required. By leveraging the path traversal in BrokerCreateFile, the attacker can force the output file to be written to an arbitrary location on the filesystem, bypassing sandbox restrictions [2].
Impact
Successful exploitation results in arbitrary file write, which can lead to code execution at medium integrity level. This constitutes a sandbox escape, allowing the attacker to execute arbitrary code on the compromised system [2].
Mitigation
Adobe released fixed versions on May 12, 2015: Flash Player 13.0.0.289, 17.0.0.188 (Windows/OS X), and 11.2.202.460 (Linux); AIR 17.0.0.172. Users should update to these versions [1][4]. No workaround is available.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
24cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=17.0.0.144
- (no CPE)range: < 17.0.0.172
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=17.0.0.144
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.264
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- Range: < 13.0.0.289 (Windows/OS X), < 17.0.0.188 (14.x-17.x Windows/OS X), < 11.2.202.460 (Linux)
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.460-83.1+ 1 more
- (no CPE)range: < 11.2.202.460-83.1
- (no CPE)range: < 11.2.202.460-83.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- helpx.adobe.com/security/products/flash-player/apsb15-09.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1005.htmlnvd
- www.securityfocus.com/bid/74610nvd
- www.securitytracker.com/id/1032285nvd
- www.zerodayinitiative.com/advisories/ZDI-15-216nvd
- www.zerodayinitiative.com/advisories/ZDI-15-216/nvd
- security.gentoo.org/glsa/201505-02nvd
News mentions
0No linked articles in our index yet.