CVE-2015-0313

CRITICAL KEV

Adobe Flash Player < 11.2.202.442 - Use-After-Free

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-0313 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2022. EIP tracks 4 public exploits from researchers including Metasploit, SecurityObscurity, Unknown, hdarwin, juan vazquez, including a Metasploit module exploits/windows/browser/adobe_flash_worker_byte_array_uaf.

AI-analyzed exploit summary This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player (CVE-2015-0313) by manipulating ByteArray objects in ActionScript workers. It delivers a malicious SWF file to trigger the vulnerability and execute arbitrary code via a PowerShell payload.

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/36579

This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player (CVE-2015-0313) by manipulating ByteArray objects in ActionScript workers. It delivers a malicious SWF file to trigger the vulnerability and execute arbitrary code via a PowerShell payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player 16.0.0.296
No auth needed
Prerequisites: Target must be using Windows 7 SP1 with Internet Explorer 8-11 and Flash Player 16.0.0.296
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by SecurityObscurity · textremotewindows
https://www.exploit-db.com/exploits/36491

This exploit targets a vulnerability in Adobe Flash Player (CVE-2015-0313), which was used in the Angler Exploit Kit. The exploit likely achieves remote code execution by leveraging a use-after-free vulnerability in Flash.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player up to 16.0.0.296
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Adobe Flash Player must be installed and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 21 stars
by SecurityObscurity · poc
https://github.com/SecurityObscurity/cve-2015-0313

This repository contains a README file referencing CVE-2015-0313, an Adobe Flash vulnerability exploited by the Angler Exploit Kit. It provides links to external analyses but does not include exploit code or technical details.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Adobe Flash Player up to 16.0.0.296
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Unknown, hdarwin, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_worker_byte_array_uaf.rb

This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player (CVE-2015-0313) by manipulating a ByteArray object in an ActionScript worker thread. It delivers a malicious SWF file embedded in HTML to trigger the vulnerability, leading to remote code execution on vulnerable Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player <= 16.0.0.296
No auth needed
Prerequisites: Vulnerable Flash Player version · Target must visit a malicious webpage
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (18)

Core 18
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031686
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62895
Patch, Vendor Advisory x_refsource_confirm
https://technet.microsoft.com/library/security/2755801
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/117853
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62777
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100641
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62528
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72429
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36579/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html

Scores

CVSS v3 9.8
EPSS 0.9254
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-04-13
VulnCheck KEV 2015-01-14
InTheWild.io 2015-01-14
ENISA EUVD EUVD-2015-0326
CWE
CWE-416
Status published
Products (10)
adobe/flash_player < 11.2.202.442
microsoft/edge
microsoft/internet_explorer 10
microsoft/internet_explorer 11
opensuse/evergreen 11.4
opensuse/opensuse 13.1
opensuse/opensuse 13.2
suse/linux_enterprise_desktop 11 sp3
suse/linux_enterprise_desktop 12
suse/linux_enterprise_workstation_extension 12
Published Feb 02, 2015
KEV Added Apr 13, 2022
Tracked Since Feb 18, 2026