VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 18, 2015· Updated May 6, 2026

CVE-2015-7642

CVE-2015-7642

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7643, and CVE-2015-7644.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A use-after-free vulnerability in Adobe Flash Player allows remote code execution via a crafted SWF file; patched in Oct 2015.

Vulnerability

This use-after-free vulnerability resides in Adobe Flash Player 18.x before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X, and before 11.2.202.535 on Linux. Affected products include Adobe AIR before 19.0.0.213, AIR SDK before 19.0.0.213, and AIR SDK & Compiler before 19.0.0.213. The flaw is reachable when the player processes a specially crafted SWF file.

Exploitation

An attacker can exploit this vulnerability by convincing a user to visit a web page hosting a malicious SWF file. No additional authentication or network position beyond typical web access is required. The specific sequence of operations leading to the use-after-free condition has not been publicly detailed.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the user running Flash Player. This can lead to full system compromise, including data disclosure, modification, or disruption.

Mitigation

Adobe patched this vulnerability with Flash Player 18.0.0.252, 19.0.0.207, and 11.2.202.535, released 2015-10-13. Red Hat shipped updates in RHSA-2015:1893 and RHSA-2015:2024, upgrading to version 11.2.202.548. Users should apply the latest available updates from Adobe or their vendor [1][2].

References
  1. http://rhn.redhat.com/errata/RHSA-2015-1893.html
  2. http://rhn.redhat.com/errata/RHSA-2015-2024.html

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Adobe Inc./Flashplayerinferred2 versions
    <=18.0.0.252 (<18.0.x), <=19.0.0.207 (<19.0.x), <=11.2.202.535 (Linux)+ 1 more
    • (no CPE)range: <=18.0.0.252 (<18.0.x), <=19.0.0.207 (<19.0.x), <=11.2.202.535 (Linux)
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=19.0.0.185
  • Adobe Inc./Air2 versions
    cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=19.0.0.190
    • (no CPE)range: <19.0.0.213
  • Adobe Inc./Air Sdk2 versions
    cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=19.0.0.190
    • (no CPE)range: <19.0.0.213
  • Adobe Inc./Air Sdk \& Compiler
    cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
    Range: <=19.0.0.190
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <18.0.0.252 & <19.0.0.207 on Windows/OS X, <11.2.202.535 on Linux

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.