Published: 18/10/2015 Updated: 13/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player prior to and 19.x prior to on Windows and OS X and prior to on Linux allows malicious users to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

Vendor Advisories

Adobe Flash Player before 1800255 and 19x before 1900226 on Windows and OS X and before 112202540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648 ...


Source: codegooglecom/p/google-security-research/issues/detail?id=548 If IExternalizablereadExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption A ...

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93

Recent Articles

Emergency Adobe Flash Zero Day Patch Arrives Ahead of Schedule
Threatpost • Chris Brook • 16 Oct 2015

Adobe has decided to patch the zero day vulnerability that was disclosed in Flash Player earlier this week today — instead of next week as originally scheduled.
According to a security bulletin Adobe posted this morning the update actually fixes three vulnerabilities in the software, but the most pressing one is the zero day, CVE-2015-7645, the company said is being used in limited, targeted attacks.
The flaw, a type confusion vulnerability, has been tied to attacks carried out ...