CVE-2015-8657

Published: Mar 4, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820.

Affected (10)

Products: Adobe: Flash Player, Flash Player Desktop Runtime, Air Desktop Runtime, Air Sdk, Air Sdk & Compiler, Air

Adobe

6 products

Flash Player

Flash Player Desktop Runtime

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.2.202.548

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player Desktop Runtime	Up to 19.0.0.245

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 18.0.0.261

Configuration D

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 19.0.0.245

Running on/with	Platform Versions
Microsoft Windows 8	All versions
Microsoft Windows 8.1	All versions

Configuration E

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 19.0.0.245

Running on/with	Platform Versions
Google Chrome Os	All versions
Linux Linux Kernel	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 19.0.0.245

Running on/with	Platform Versions
Microsoft Windows 10	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Air Desktop Runtime	Up to 19.0.0.241

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Adobe Air Sdk	Up to 19.0.0.241

Configuration I

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Adobe Air Sdk & Compiler	Up to 19.0.0.241

Running on/with	Platform Versions
Apple Iphone Os	All versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Air	Up to 19.0.0.241

Running on/with	Platform Versions
Google Android	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

http://www.securityfocus.com/bid/84160

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-15-660

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

Source: psirt@adobe.com

PatchVendor Advisory

http://www.securityfocus.com/bid/84160

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-15-660

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.