CVE-2015-5575
Description
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Memory corruption in Adobe Flash Player and AIR allows remote code execution or denial of service.
Vulnerability
CVE-2015-5575 is a memory corruption vulnerability in Adobe Flash Player and Adobe AIR. Affected versions include Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X, and before 11.2.202.521 on Linux; Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190. The vulnerability is triggered via unspecified vectors, leading to memory corruption. This issue is distinct from other CVEs listed in the advisory [1][2].
Exploitation
An attacker can exploit this vulnerability remotely by delivering a specially crafted Flash file or by luring a user to a malicious web page that loads the exploit. No authentication is required, and the attack relies on user interaction (e.g., opening a file or visiting a site). The exact exploitation steps are not detailed in the available references, but the vulnerability is known to be exploitable in the wild [1][2].
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected user or cause a denial of service (memory corruption). This could lead to full system compromise if the user has administrative rights, or at minimum, disruption of the application [1][2].
Mitigation
Adobe released patched versions: Flash Player 18.0.0.241, 19.0.0.185, and 11.2.202.521; AIR 19.0.0.190, AIR SDK 19.0.0.190, and AIR SDK & Compiler 19.0.0.190. Users should update immediately. No workaround is available [1][2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
36cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=18.0.0.143
- (no CPE)range: before 19.0.0.190
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=18.0.0.199
- (no CPE)range: before 19.0.0.190
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=18.0.0.180
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.289
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.191:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.232:*:*:*:*:*:*:*
- Range: before 18.0.0.241 (Windows/OS X), <19.0.0.185 (Windows/OS X 19.x), <11.2.202.521 (Linux)
- osv-coords4 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.521-0.17.1+ 3 more
- (no CPE)range: < 11.2.202.521-0.17.1
- (no CPE)range: < 11.2.202.521-0.17.1
- (no CPE)range: < 11.2.202.521-102.1
- (no CPE)range: < 11.2.202.521-102.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- helpx.adobe.com/security/products/flash-player/apsb15-23.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1814.htmlnvd
- www.securityfocus.com/bid/76799nvd
- www.securitytracker.com/id/1033629nvd
- h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvd
- security.gentoo.org/glsa/201509-07nvd
News mentions
0No linked articles in our index yet.