VYPR
Unrated severityNVD Advisory· Published Dec 10, 2015· Updated Jun 17, 2026

CVE-2015-8456

CVE-2015-8456

Description

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-8439.

Affected products

12
  • Adobe Inc./Flashplayerinferred7 versions
    <=18.0.0.268, >=19.0<20.0.0.228, <=11.2.202.554+ 6 more
    • (no CPE)range: <=18.0.0.268, >=19.0<20.0.0.228, <=11.2.202.554
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=18.0.0.261
    • cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*
    • (no CPE)range: < 18.0.0.268 on Windows/OS X, 19.x and 20.x < 20.0.0.228 on Windows/OS X, < 11.2.202.554 on Linux
  • Adobe Inc./Air2 versions
    cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=19.0.0.241
    • (no CPE)range: < 20.0.0.204
  • cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=19.0.0.241
    • (no CPE)range: < 20.0.0.204 (also applies to AIR SDK & Compiler)
  • cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
    Range: <=19.0.0.241

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.