Unrated severityNVD Advisory· Published Aug 14, 2015· Updated May 6, 2026

CVE-2015-5553

Description

Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, and CVE-2015-5552.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before 18.0.0.232 and 11.2.202.508 contains a memory corruption vulnerability that allows arbitrary code execution via unspecified vectors.

Vulnerability

A memory corruption vulnerability exists in Adobe Flash Player before 18.0.0.232 on Windows and OS X, and before 11.2.202.508 on Linux. The affected products include Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199. The vulnerability is triggered via unspecified vectors and is distinct from several other Flash Player CVEs addressed in the same update [1][2].

Exploitation

An attacker can exploit this vulnerability by enticing a user to open a specially crafted Flash file (SWF), typically via a web page or email attachment. No authentication is required; the attack can be conducted remotely. The exact exploitation steps are not publicly detailed but rely on the memory corruption condition to achieve code execution [1][2].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the affected system, potentially gaining the same privileges as the user running Flash. This could lead to full system compromise, including data theft, installation of malware, or denial of service. The vulnerability is considered critical with a CVSS base score of 9.3 [1][2].

Mitigation

Adobe released fixed versions on August 11, 2015: Flash Player 18.0.0.232 (Windows/OS X) and 11.2.202.508 (Linux). For AIR, version 18.0.0.199 addresses the issue. Users should update immediately. The Gentoo security advisory also recommends upgrading to the patched version [1][2]. No workarounds are available; upgrading is the only mitigation.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Air2 versions
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=18.0.0.180
- (no CPE)range: before 18.0.0.199
Adobe Inc./Air Sdk2 versions
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=18.0.0.180
- (no CPE)range: before 18.0.0.199
Adobe Inc./Air Sdk \& Compiler
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
Range: <=18.0.0.180
Adobe Inc./Flashplayer2 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=18.0.0.209
- (no CPE)range: before 18.0.0.232 (Windows/OS X) and before 11.2.202.508 (Linux)
osv-coords4 versions
pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.508-0.14.1+ 3 more
- (no CPE)range: < 11.2.202.508-0.14.1
- (no CPE)range: < 11.2.202.508-0.14.1
- (no CPE)range: < 11.2.202.508-99.1
- (no CPE)range: < 11.2.202.508-99.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000