VIR Vulnerability Intelligence Relay

CVE-2015-7657

critical
Published 2015-11-11 · Modified 2026-05-06
CVSS v3
VIR risk
9.3

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionCallMethod arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact
OSVersionStatusFixed in
macos macos-not-affected
macos macosnot-affected
linux linux-kernel-not-affected

Application impact
VendorProductVersionsFixed
adobe adobeair{"endIncluding":"19.0.0.190"}
adobe adobeflash_player{"endIncluding":"18.0.0.255"}
adobe adobeflash_player19.0.0.185
adobe adobeflash_player19.0.0.207
adobe adobeflash_player19.0.0.226
adobe adobeair_sdk{"endIncluding":"19.0.0.213"}
adobe adobeair_sdk_\&_compiler{"endIncluding":"19.0.0.213"}

References

💬 Discuss CVE-2015-7657 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.