CVE-2015-3090

EXPLOITED

Adobe Flash Player ShaderJob Buffer Overflow

Title source: metasploit

Exploitation Summary

CVE-2015-3090 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Metasploit, Xattam1, Chris Evans, Unknown, juan vazquez, including a Metasploit module exploits/multi/browser/adobe_flash_shader_job_overflow.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Adobe Flash Player's ShaderJob functionality (CVE-2015-3090) by manipulating Bitmap objects to achieve remote code execution. It delivers a malicious SWF file via a crafted HTML page targeting vulnerable Flash versions on Windows and Linux.

Description

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/37368

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Adobe Flash Player's ShaderJob functionality (CVE-2015-3090) by manipulating Bitmap objects to achieve remote code execution. It delivers a malicious SWF file via a crafted HTML page targeting vulnerable Flash versions on Windows and Linux.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player <= 17.0.0.169 (Windows), <= 11.2.202.457 (Linux)

No auth needed

Prerequisites: Vulnerable Flash Player version · User interaction to visit malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Xattam1 · poc

https://github.com/Xattam1/Adobe-Flash-Exploits_17-18

View Code ZIP pw:eip

This repository contains a Python3 script that hosts a web server to exploit multiple Adobe Flash vulnerabilities (CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, CVE-2015-5122) by delivering malicious SWF files and executing a base64-encoded payload. The exploit supports both direct HTML and XSS-based attack paths.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player versions 17.0.0.169, 17.0.0.188, 18.0.0.194, 18.0.0.203

No auth needed

Prerequisites: Victim must visit the attacker-controlled web server · Victim must have a vulnerable version of Adobe Flash Player installed · Attacker must generate and configure a compatible payload (e.g., Meterpreter)

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by Chris Evans, Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Adobe Flash Player's ShaderJob by manipulating the 'width' attribute after starting the job, allowing controlled buffer overflow conditions. It targets specific versions of Flash on Windows and Linux via a crafted SWF file delivered through an HTML page.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (Windows: <= 17.0.0.169, Linux: <= 11.2.202.457)

No auth needed

Prerequisites: Vulnerable Adobe Flash Player version · Browser with Flash support · Network access to target

MITRE ATT&CK