CVE-2015-7645

Published: Oct 15, 2015Modified: Apr 22, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.

Affected (20)

Products: Adobe: Flash Player · Opensuse: Evergreen, Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Workstation Extension · +1 more

Show all products

Adobe: Flash Player · Opensuse: Evergreen, Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Workstation Extension · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server From Rhui, Enterprise Linux Workstation

1 product

2 products

2 products

Linux Enterprise Desktop

Linux Enterprise Workstation Extension

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server From Rhui

Enterprise Linux Workstation

Configuration A

3 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 18.0.0.160 to 18.0.0.252
Adobe Flash Player	Version 19.0.0.185
Adobe Flash Player	Version 19.0.0.207

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.2.202.535

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Evergreen	Version 11.4
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2
Suse Linux Enterprise Desktop	Version 11 sp3
Suse Linux Enterprise Desktop	Version 11 sp4
Suse Linux Enterprise Desktop	Version 12
Suse Linux Enterprise Workstation Extension	Version 12

Configuration D

9 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.7
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server From Rhui	Version 5.0
Redhat Enterprise Linux Server From Rhui	Version 6.0
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0

References (29)

http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/

Source: psirt@adobe.com

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2015-1913.html

Source: psirt@adobe.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-2024.html

Source: psirt@adobe.com

Third Party Advisory

http://www.securityfocus.com/bid/77081

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033850

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsa15-05.html

Source: psirt@adobe.com

Broken LinkPatchVendor Advisory

https://helpx.adobe.com/security/products/flash-player/apsb15-27.html

Source: psirt@adobe.com

Broken Link

https://security.gentoo.org/glsa/201511-02

Source: psirt@adobe.com

Third Party Advisory

https://www.exploit-db.com/exploits/38490/

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2015-1913.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-2024.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/77081

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033850

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsa15-05.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchVendor Advisory

https://helpx.adobe.com/security/products/flash-player/apsb15-27.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://security.gentoo.org/glsa/201511-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/38490/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7645

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.