← back
CVE-2015-7645

CVE-2015-7645

CVSS 7.8 HIGHEPSS 68.4%● KEV
In short

Adobe Flash Player has a vulnerability that allows attackers to run malicious code on your computer by tricking you into opening a specially crafted Flash file. This was actively exploited in real attacks during October 2015.

Technical detail

Remote code execution vulnerability in Adobe Flash Player (versions 18.x-18.0.0.252, 19.x-19.0.0.207 on Windows/OS X; 11.x-11.2.202.535 on Linux) triggered via malicious SWF file delivery. Attack requires user interaction to open the crafted file; successful exploitation results in arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38490/unverifiedexploitdbwww.exploit-db.com/exploits/38490unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlhttp://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1913.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2024.htmlhttps://helpx.adobe.com/security/products/flash-player/apsa15-05.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb15-27.htmlhttps://security.gentoo.org/glsa/201511-02https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645