CVE-2015-5569
Description
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 improperly implement the Flash broker API, which has unspecified impact and attack vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper implementation of Flash broker API in Adobe Flash Player and AIR allows remote code execution via crafted SWF.
Vulnerability
CVE-2015-5569 is an unspecified vulnerability in the Flash broker API implementation in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X, before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, and Adobe AIR SDK before 19.0.0.213 [1][2]. The flaw resides in the improper handling of the Flash broker API, which can be exploited by a crafted SWF file.
Exploitation
An attacker can exploit this vulnerability by convincing a user to visit a web page containing a specially crafted SWF file. No additional authentication is required beyond the user's browser session. The attack vector is remote via network.
Impact
Successful exploitation could lead to arbitrary code execution in the context of the current user, causing a crash or sensitive information disclosure [2][3]. This gives the attacker the same privileges as the user running Flash.
Mitigation
Adobe released updates: Flash Player 18.0.0.252/19.0.0.207, AIR 19.0.0.213, and SDK updates. Red Hat provided updates to version 11.2.202.548 [2][3]. Users should upgrade to the latest fix. No workaround is known [3].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=19.0.0.190
- (no CPE)range: <19.0.0.213
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=19.0.0.190
- (no CPE)range: <19.0.0.213
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=19.0.0.190
- Range: <18.0.0.252 on Windows/OS X, <19.0.0.207 on Windows/OS X, <11.2.202.535 on Linux
- osv-coords4 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.535-0.20.1+ 3 more
- (no CPE)range: < 11.2.202.535-0.20.1
- (no CPE)range: < 11.2.202.535-0.20.1
- (no CPE)range: < 11.2.202.535-105.1
- (no CPE)range: < 11.2.202.535-105.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- helpx.adobe.com/security/products/flash-player/apsb15-25.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1893.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2024.htmlnvd
- www.securityfocus.com/bid/77060nvd
- www.securitytracker.com/id/1033797nvd
- security.gentoo.org/glsa/201511-02nvd
News mentions
0No linked articles in our index yet.