VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 18, 2015· Updated May 6, 2026

CVE-2015-7647

CVE-2015-7647

Description

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player type confusion vulnerability allows remote attackers to execute arbitrary code via a crafted SWF file.

Vulnerability

CVE-2015-7647 is an unspecified type confusion vulnerability in Adobe Flash Player. It affects versions before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X, and versions before 11.2.202.540 on Linux [1][2][3]. The vulnerability occurs when processing a specially crafted SWF file, leading to memory corruption.

Exploitation

An attacker can exploit this vulnerability by delivering a malicious SWF file to a victim, typically through a compromised website or email attachment. No authentication or user interaction beyond loading the SWF is required. The attacker must convince the victim to visit a page hosting the malicious content.

Impact

Successful exploitation allows arbitrary code execution within the context of the affected Adobe Flash Player process. This can lead to complete compromise of the victim's system, including data exfiltration, installation of malware, and further propagation.

Mitigation

Adobe released fixes in versions 18.0.0.255 and 19.0.0.226 for Windows/OS X, and version 11.2.202.540 for Linux. Subsequently, Red Hat updated its packages to version 11.2.202.548 [1][2]. Gentoo recommends upgrading to >=11.2.202.548 [3]. No workarounds are available; users must upgrade to a patched version.

References
  1. http://rhn.redhat.com/errata/RHSA-2015-2024.html
  2. http://rhn.redhat.com/errata/RHSA-2015-1913.html
  3. Multiple vulnerabilities (GLSA 201511-02) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Adobe Inc./Flashplayerinferred2 versions
    <18.0.0.255 || (>=19.0.0, <19.0.0.226) || <11.2.202.540+ 1 more
    • (no CPE)range: <18.0.0.255 || (>=19.0.0, <19.0.0.226) || <11.2.202.540
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.535
  • Adobe Inc./Flash Playerllm-fuzzy
    Range: <18.0.0.255, <19.0.0.226, <11.2.202.540

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.