CVE-2015-3104
Description
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in Adobe Flash Player before 13.0.0.292/18.0.0.160/11.2.202.466 allows remote code execution via unspecified vectors.
Vulnerability
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X, and before 11.2.202.466 on Linux, as well as in Adobe AIR and AIR SDK before specified versions, allows arbitrary code execution via unspecified vectors [1][2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a malicious SWF file or visit a compromised website hosting crafted Flash content. No authentication is required, and the attack can be conducted remotely [1][2].
Impact
Successful exploitation leads to arbitrary code execution in the context of the affected application, potentially allowing full compromise of the user's system [1][2].
Mitigation
Adobe released fixed versions: Flash Player 13.0.0.292, 18.0.0.160, and 11.2.202.466; AIR 18.0.0.144 (Windows) and 18.0.0.143 (OS X, Android). Red Hat and Gentoo have issued updates [1][2]. No workaround is known.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
27cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=17.0.0.144
- (no CPE)range: < 18.0.0.144 on Windows, < 18.0.0.143 on OS X and Android
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=17.0.0.172
- (no CPE)range: < 18.0.0.144 on Windows, < 18.0.0.143 on OS X
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=17.0.0.172
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.460
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
- (no CPE)range: < 13.0.0.292, < 18.0.0.160, < 11.2.202.466
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.466-86.1+ 1 more
- (no CPE)range: < 11.2.202.466-86.1
- (no CPE)range: < 11.2.202.466-86.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- helpx.adobe.com/security/products/flash-player/apsb15-11.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1086.htmlnvd
- www.securityfocus.com/bid/75081nvd
- www.securitytracker.com/id/1032519nvd
- security.gentoo.org/glsa/201506-01nvd
News mentions
0No linked articles in our index yet.