CVE-2015-3087

Adobe Flash Player <13.0.0.289-17.0.0.188 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3087. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages an integer overflow in Adobe Flash's Function.apply method to bypass argument validation, potentially leading to memory corruption. The PoC demonstrates the vulnerability by passing an array with a length of 0xFFFFFFFF to a function, triggering the overflow.

Description

Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/37843

This exploit leverages an integer overflow in Adobe Flash's Function.apply method to bypass argument validation, potentially leading to memory corruption. The PoC demonstrates the vulnerability by passing an array with a length of 0xFFFFFFFF to a function, triggering the overflow.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player 17.0.0.134
No auth needed
Prerequisites: Adobe Flash Player 17.0.0.134 or earlier · A system running the vulnerable Flash Player
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032285
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37843/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201505-02
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74616
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1005.html

Scores

EPSS 0.7429
EPSS Percentile 99.4%

Details

CWE
CWE-189
Status published
Products (20)
adobe/air < 17.0.0.144
adobe/air_sdk < 17.0.0.144
adobe/air_sdk_\&_compiler < 17.0.0.144
adobe/flash_player 14.0.0.125
adobe/flash_player 14.0.0.145
adobe/flash_player 14.0.0.176
adobe/flash_player 14.0.0.179
adobe/flash_player 15.0.0.152
adobe/flash_player 15.0.0.167
adobe/flash_player 15.0.0.189
... and 10 more
Published May 13, 2015
Tracked Since Feb 18, 2026