Published: 18/10/2015 Updated: 13/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Adobe Flash Player prior to 18.0.0.255 and 19.x prior to 19.0.0.226 on Windows and OS X and prior to 11.2.202.540 on Linux allows malicious users to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash_player

Adobe Flash Player before 1800255 and 19x before 1900226 on Windows and OS X and before 112202540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647 ...

Source: codegooglecom/p/google-security-research/issues/detail?id=545 There is a type confusion issue during serialization if ObjectEncoderdynamicPropertyWriter is overridden with a value that is not a function In the following ActionScript: flashnetObjectEncodingdynamicPropertyWriter = new subdpw(); var b = new ByteArray(); ...

NVD-CWE-Other https://helpx.adobe.com/security/products/flash-player/apsb15-27.html http://www.securityfocus.com/bid/77116 http://rhn.redhat.com/errata/RHSA-2015-2024.html http://rhn.redhat.com/errata/RHSA-2015-1913.html http://www.securitytracker.com/id/1033850 https://security.gentoo.org/glsa/201511-02 https://www.exploit-db.com/exploits/38970/https://nvd.nist.gov https://www.exploit-db.com/exploits/38970/https://access.redhat.com/security/cve/cve-2015-7648

CVE-2015-7648

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect