CVE-2015-7630
Description
Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7633, and CVE-2015-7634.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player before 18.0.0.252/19.0.0.207 and 11.2.202.535 on Linux allows arbitrary code execution or denial of service via memory corruption.
Vulnerability
CVE-2015-7630 is a memory corruption vulnerability in Adobe Flash Player affecting versions before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X, and before 11.2.202.535 on Linux. It also affects Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213. The vulnerability is triggered via unspecified vectors, likely involving a specially crafted SWF file [1][2][3].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious SWF file and convincing a user to load it, typically by visiting a compromised or malicious web page. No authentication or special privileges are required; the attack is remote and relies on user interaction [2][3]. The exact exploitation steps are not publicly detailed, but the memory corruption can be leveraged to execute arbitrary code [1][2].
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the affected user or cause a denial of service (application crash). This can lead to full system compromise, data theft, or disruption of service [1][2][3].
Mitigation
Adobe released fixed versions: Flash Player 18.0.0.252 and 19.0.0.207 for Windows/OS X, 11.2.202.535 for Linux, and AIR 19.0.0.213. Red Hat provided updated packages (flash-plugin-11.2.202.548) for Red Hat Enterprise Linux 5 and 6 Supplementary [1][2]. Gentoo recommended upgrading to >=www-plugins/adobe-flash-11.2.202.548 [3]. Users should apply the latest updates from their respective vendors. No workaround is available [3].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=19.0.0.190
- (no CPE)range: < 19.0.0.213
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*Range: <=19.0.0.190
- Range: < 18.0.0.252 on Windows/OS X, < 19.0.0.207 on Windows/OS X, < 11.2.202.535 on Linux
- osv-coords4 versionspkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/flash-player&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012
< 11.2.202.535-0.20.1+ 3 more
- (no CPE)range: < 11.2.202.535-0.20.1
- (no CPE)range: < 11.2.202.535-0.20.1
- (no CPE)range: < 11.2.202.535-105.1
- (no CPE)range: < 11.2.202.535-105.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- helpx.adobe.com/security/products/flash-player/apsb15-25.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-1893.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-2024.htmlnvd
- www.securityfocus.com/bid/77065nvd
- www.securitytracker.com/id/1033797nvd
- security.gentoo.org/glsa/201511-02nvd
News mentions
0No linked articles in our index yet.