VIR Vulnerability Intelligence Relay

CVE-2015-8043

critical
Published 2015-11-11 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8044, and CVE-2015-8046.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/flash-player/apsb15-28.html

OS impact
OSVersionStatusFixed in
macos macos-not-affected
macos macosnot-affected
linux linux-kernel-not-affected

Application impact
VendorProductVersionsFixed
adobeair{"endIncluding":"19.0.0.213"}
adobeair_sdk{"endIncluding":"19.0.0.213"}
adobeair_sdk_\&_compiler{"endIncluding":"19.0.0.213"}
adobeflash_player{"endIncluding":"11.2.202.540"}
adobeflash_player19.0.0.185
adobeflash_player19.0.0.207
adobeflash_player19.0.0.226

References

Verify integrity in audit chain (admin only). AS-IS.