VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 18, 2015· Updated May 6, 2026

CVE-2015-7641

CVE-2015-7641

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free in Adobe Flash Player before 18.0.0.252, 19.0.0.207, or 11.2.202.535 allows remote code execution via crafted SWF.

Vulnerability

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X, and before 11.2.202.535 on Linux, as well as Adobe AIR before 19.0.0.213, allows arbitrary code execution via unspecified vectors [1][2]. The issue is one of multiple similar bugs fixed in these versions.

Exploitation

An attacker can exploit this by crafting a malicious SWF file and convincing a user to load it, typically through a web page or email. No authentication is required. The vulnerability is triggered during Flash Player's handling of certain actions, leading to a use-after-free condition.

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the affected user's browser or application, potentially leading to full system compromise.

Mitigation

Adobe released Flash Player 18.0.0.252, 19.0.0.207, and 11.2.202.535 to address this vulnerability [1]. For Linux, Red Hat provided updated packages (flash-plugin-11.2.202.548) in RHSA-2015:2024 [2]. Users should upgrade to the latest versions. No workaround is available.

References
  1. http://rhn.redhat.com/errata/RHSA-2015-1893.html
  2. http://rhn.redhat.com/errata/RHSA-2015-2024.html

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Adobe Inc./Air2 versions
    cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=19.0.0.190
    • (no CPE)range: before 19.0.0.213
  • Adobe Inc./Air Sdk2 versions
    cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=19.0.0.190
    • (no CPE)range: before 19.0.0.213
  • Adobe Inc./Air Sdk \& Compiler2 versions
    cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*range: <=19.0.0.190
    • (no CPE)range: before 19.0.0.213
  • Adobe Inc./Flashplayer
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
    Range: <=19.0.0.185
  • GNU/Flash Playerllm-fuzzy
    Range: before 18.0.0.252 and 19.x before 19.0.0.207 on Windows/OS X, before 11.2.202.535 on Linux

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.