CVE-2015-3083

Adobe Flash Player <13.0.0.289 & Adobe AIR <17.0.0.172 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3083. PoCs published by KeenTeam.

AI-analyzed exploit summary This exploit leverages a NTFS junction attack in FlashBroker to bypass directory checks and write arbitrary files, such as calc.bat, to the startup folder. It targets a vulnerability in Adobe Flash Player 16.0.0.305 running in Internet Explorer Protected Mode on Windows 8.1.

Description

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085.

Exploits (1)

exploitdb WORKING POC VERIFIED

by KeenTeam · textremotewindows

https://www.exploit-db.com/exploits/37841

View Code ZIP pw:eip

This exploit leverages a NTFS junction attack in FlashBroker to bypass directory checks and write arbitrary files, such as calc.bat, to the startup folder. It targets a vulnerability in Adobe Flash Player 16.0.0.305 running in Internet Explorer Protected Mode on Windows 8.1.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player 16.0.0.305 (KB3021953) in Internet Explorer Protected Mode

No auth needed

Prerequisites: Windows 8.1 with Internet Explorer Protected Mode · Adobe Flash Player 16.0.0.305 installed · Ability to inject DLL into low integrity IE process

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1205 - Traffic Signaling

devstral-2 · analyzed Feb 16, 2026 Full analysis →