← back
CVE-2015-8651

CVE-2015-8651

CVSS 8.8 HIGHEPSS 67.9%● KEVCWE-190
In short

Adobe Flash Player and AIR have a flaw where numbers can overflow, allowing attackers to run malicious code on your computer. This is dangerous because attackers can take complete control of your system.

Technical detail

Integer overflow vulnerability in Adobe Flash Player (versions before 18.0.0.324, 20.0.0.267, and 11.2.202.559), Adobe AIR, and related SDKs allows remote code execution through unspecified attack vectors. The vulnerability stems from improper integer validation, enabling attackers to bypass memory protections and execute arbitrary code with user privileges.

Summary generated and translated by AI from the official description.
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
githubgithub.com/Gitlabpro/The-analysis-of-the-cve-2015-86510
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2697.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://helpx.adobe.com/security/products/flash-player/apsb16-01.htmlhttps://security.gentoo.org/glsa/201601-03https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-8651http://www.securityfocus.com/bid/79705