CVE-2015-5125
Description
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player versions before 18.0.0.232 (Windows/OS X) or 11.2.202.508 (Linux) allow vector-length corruption leading to denial of service or possible code execution.
Vulnerability
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, as well as Adobe AIR before 18.0.0.199 (including SDK and SDK & Compiler), contains a vector-length corruption vulnerability. The exact code path is not disclosed, but the flaw resides in the SWF rendering engine and is triggered when processing crafted Flash content [1].
Exploitation
An attacker can trigger this vulnerability by convincing a user to open a malicious SWF file or visit a compromised web page hosting the crafted Flash content. No authentication is required; exploitation occurs upon user interaction (clicking or loading the file). The attacker does not need local access [1].
Impact
Successful exploitation can cause a denial of service through vector-length corruption or potentially lead to arbitrary code execution with the privileges of the user running Flash. No further details on other unspecified impacts are provided [1].
Mitigation
Fixed versions: Adobe Flash Player 18.0.0.232 (Windows/OS X), 11.2.202.508 (Linux); Adobe AIR 18.0.0.199 (including SDK). Patches were released on 2015-08-11. Users should upgrade immediately. No workaround exists [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
12- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=18.0.0.180
- Range: before 18.0.0.199
- Range: before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux
- Range: before 18.0.0.199
- osv-coords4 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.508-0.14.1+ 3 more
- (no CPE)range: < 11.2.202.508-0.14.1
- (no CPE)range: < 11.2.202.508-0.14.1
- (no CPE)range: < 11.2.202.508-99.1
- (no CPE)range: < 11.2.202.508-99.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- helpx.adobe.com/security/products/flash-player/apsb15-19.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/76291nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1033235nvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- security.gentoo.org/glsa/201508-01nvd
News mentions
0No linked articles in our index yet.