CVE-2015-8651

CVE Database · CVE-2015-8651

CVE-2015-8651

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

67.92%

Published

Dec 28, 2015

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-05-25 · Due: 2022-06-15

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCGitlabpro/The-analysis-of-the-cve-2015-8651★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-190CWE-190

Affected Products (37)

adobe · air_sdk (up to 20.0.0.233)vulnerable

adobe · air_sdk_\&_compiler (up to 20.0.0.233)vulnerable

apple · iphone_os

apple · mac_os_x

google · android

microsoft · windows

adobe · flash_player (up to 11.2.202.559)vulnerable