CVE-2015-3123
Description
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 18.0.0.203 (and earlier) contains a memory corruption vulnerability allowing arbitrary code execution or denial of service.
Vulnerability
A memory corruption vulnerability exists in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X, and before 11.2.202.481 on Linux, as well as in Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180. The flaw can be triggered via unspecified vectors, likely through crafted SWF content [1][2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to visit a web page or open a file containing malicious Flash content. No authentication is required, and the attack vector is remote over the network. The exploitation requires user interaction, such as clicking a link or opening a crafted document [1][2].
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected Flash process or cause a denial of service due to memory corruption. This can lead to full system compromise, including data theft, malware installation, or system instability [2].
Mitigation
Adobe has released patched versions: Flash Player 18.0.0.203 (or 13.0.0.302), AIR 18.0.0.180, and Linux Flash Player 11.2.202.481. Users should update immediately. Red Hat and Gentoo have also provided updated packages [1][2]. No workarounds are known.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
29cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=18.0.0.144
- (no CPE)range: <18.0.0.180
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=18.0.0.144
- (no CPE)range: <18.0.0.180
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=18.0.0.144
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.468
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
- (no CPE)range: <=13.0.0.302 / 14.0 - 18.0.0.203 / <=11.2.202.481
- osv-coords2 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.481-93.1+ 1 more
- (no CPE)range: < 11.2.202.481-93.1
- (no CPE)range: < 11.2.202.481-93.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- helpx.adobe.com/security/products/flash-player/apsb15-16.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1214.htmlnvd
- www.securityfocus.com/bid/75591nvd
- www.securitytracker.com/id/1032810nvd
- security.gentoo.org/glsa/201507-13nvd
News mentions
0No linked articles in our index yet.