CVE-2015-8651

Confirmed PUBLISHED

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux,...

Adobe · Flash Player
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.8 High

At a Glance

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

windows cisa linux
CVE Published
Dec 28, 2015
Exploitation Reported
May 25, 2022
CVSS
8.8 High
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • openSUSE-SU-2015:2403 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048...
  • RHSA-2015:2697 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2015-2697.html
  • SUSE-SU-2015:2401 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046...
  • SUSE-SU-2015:2402 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047...
  • openSUSE-SU-2015:2400 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045...
Show 7 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.