High severity7.8CISA KEVNVD Advisory· Published Oct 15, 2015· Updated Apr 22, 2026

CVE-2015-7645

Description

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.

Affected products

Adobe Inc./Flash Player3 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: >=18.0.0.160,<=18.0.0.252
- cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
OpenSUSE/Evergreen
cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server From Rhui2 versions
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop3 versions
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Workstation Extension
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsa15-05.htmlnvdBroken LinkPatchVendor Advisory
lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlnvdMailing ListThird Party Advisory
packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.htmlnvdThird Party AdvisoryVDB Entry
rhn.redhat.com/errata/RHSA-2015-1913.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-2024.htmlnvdThird Party Advisory
www.securityfocus.com/bid/77081nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1033850nvdBroken LinkThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201511-02nvdThird Party Advisory
www.exploit-db.com/exploits/38490/nvdThird Party AdvisoryVDB Entry
blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/nvdBroken Link
helpx.adobe.com/security/products/flash-player/apsb15-27.htmlnvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.068
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060