CVE-2015-3087
Description
Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in `Function.apply` in Adobe Flash Player allows remote code execution via crafted ActionScript.
Vulnerability
An integer overflow exists in the Function.apply implementation in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X, and before 11.2.202.460 on Linux, as well as in Adobe AIR before 17.0.0.172 and related SDKs [1][3]. The flaw resides in the apply() function within exec.cpp, where a crafted call with an array length 0xFFFFFFFF triggers an integer overflow when allocating the argument stack, leading to a heap-based buffer overflow [2].
Exploitation
An attacker must deliver a specially crafted Flash SWF file, typically via a web browser or other vector that loads the file. The ActionScript code creates an array with length 0xFFFFFFFF and passes it to Function.apply with a legitimate function that expects multiple arguments. The integer overflow causes insufficient memory allocation, and subsequent argument writes exceed the allocated buffer [2]. No authentication or special network position is required beyond serving the malicious SWF file to the target.
Impact
Successful exploitation allows arbitrary memory corruption, which can be leveraged to execute arbitrary code with the privileges of the Flash Player process. This can lead to full compromise of the affected system, including data theft, malware installation, or further propagation [1][2][3].
Mitigation
Adobe released Flash Player 13.0.0.289, 17.0.0.188 (or later), and Linux version 11.2.202.460; Adobe AIR 17.0.0.172 addresses the issue for AIR users. Red Hat and Gentoo issued security advisories urging immediate update [1][3]. There is no known workaround; users must apply the vendor-supplied patch or remove Flash Player if it is no longer supported.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
25cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=17.0.0.144
- (no CPE)range: <17.0.0.172
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=17.0.0.144
- (no CPE)range: <17.0.0.172
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=17.0.0.144
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.475
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- Range: <13.0.0.289 and >=14.x <17.0.0.188 on Windows/OS X, <11.2.202.460 on Linux
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.460-83.1+ 1 more
- (no CPE)range: < 11.2.202.460-83.1
- (no CPE)range: < 11.2.202.460-83.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- helpx.adobe.com/security/products/flash-player/apsb15-09.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1005.htmlnvd
- www.securityfocus.com/bid/74616nvd
- www.securitytracker.com/id/1032285nvd
- security.gentoo.org/glsa/201505-02nvd
- www.exploit-db.com/exploits/37843/nvd
News mentions
0No linked articles in our index yet.