CVE-2015-5552
Description
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, and CVE-2015-5553.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player and AIR before certain versions are vulnerable to memory corruption that allows arbitrary code execution or denial of service.
Vulnerability
A memory corruption vulnerability exists in Adobe Flash Player and Adobe AIR. Affected versions are Flash Player before 18.0.0.232 on Windows and OS X, before 11.2.202.508 on Linux, and Adobe AIR before 18.0.0.199 (including SDK and SDK & Compiler). The vulnerability can be triggered via unspecified vectors, as described in the official advisory[1][2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted Flash file or visit a malicious web page. No authentication or special privileges are required. The attack vector is remote, requiring user interaction (such as clicking a link or opening a file). The exact exploitation steps are not detailed in public references, but the vulnerability is classified as memory corruption, often leveraged for code execution.
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the current user, or cause a denial of service (memory corruption). This could lead to full compromise of the affected system's confidentiality, integrity, and availability, depending on the attacker's payload.
Mitigation
Adobe released fixed versions: Flash Player 18.0.0.232 (Windows and OS X), 11.2.202.508 (Linux), and AIR 18.0.0.199. Users should update to these or newer versions. No workaround is known. Red Hat and Gentoo have issued advisories urging upgrades[1][2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=18.0.0.180
- (no CPE)range: < 18.0.0.199
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*range: <=18.0.0.180
- (no CPE)range: < 18.0.0.199
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.491
- (no CPE)range: < 18.0.0.232 (Windows/OS X) and < 11.2.202.508 (Linux)
- osv-coords4 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.508-0.14.1+ 3 more
- (no CPE)range: < 11.2.202.508-0.14.1
- (no CPE)range: < 11.2.202.508-0.14.1
- (no CPE)range: < 11.2.202.508-99.1
- (no CPE)range: < 11.2.202.508-99.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- helpx.adobe.com/security/products/flash-player/apsb15-19.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1603.htmlnvd
- www.securityfocus.com/bid/76283nvd
- www.securitytracker.com/id/1033235nvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- security.gentoo.org/glsa/201508-01nvd
News mentions
0No linked articles in our index yet.