CVE-2015-7645

CVE Database · CVE-2015-7645

CVE-2015-7645

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

68.40%

Published

Oct 15, 2015

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-24

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBAdobe Flash - 'IExternalizable.writeExternal' Type Confusion TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products (23)

adobe · flash_playervulnerable

apple · mac_os_x

microsoft · windows

adobe · flash_playervulnerable

linux · linux_kernel

opensuse · evergreenvulnerable

opensuse · opensusevulnerable

suse · linux_enterprise_desktopvulnerable

References (20)

http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

Mailing ListThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs