CVE-2015-3105

EXPLOITED RANSOMWARE

Adobe Flash Player Drawing Fill Shader Memory Corruption

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2015-3105 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 2 public exploits from researchers including Metasploit, Chris Evans, Unknown, juan vazquez, including a Metasploit module exploits/multi/browser/adobe_flash_shader_drawing_fill.

AI-analyzed exploit summary This Metasploit module exploits a memory corruption vulnerability in Adobe Flash Player (CVE-2015-3105) by applying a Shader as a drawing fill. It delivers a malicious SWF file via a browser exploit server, targeting specific versions of Flash on Windows and Linux.

Description

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/37448

This Metasploit module exploits a memory corruption vulnerability in Adobe Flash Player (CVE-2015-3105) by applying a Shader as a drawing fill. It delivers a malicious SWF file via a browser exploit server, targeting specific versions of Flash on Windows and Linux.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player <= 17.0.0.188 (Windows), <= 11.2.202.460 (Linux)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target must have vulnerable Flash Player version installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Chris Evans, Unknown, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/adobe_flash_shader_drawing_fill.rb

This Metasploit module exploits a memory corruption vulnerability in Adobe Flash Player (CVE-2015-3105) by applying a Shader as a drawing fill, leading to remote code execution. It delivers a malicious SWF file via an HTML template to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player (versions up to 17.0.0.188 on Windows, 11.2.202.460 on Linux)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target must have a vulnerable version of Adobe Flash Player installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75086
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201506-01
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1086.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032519

Scores

EPSS 0.9608
EPSS Percentile 99.9%

Details

VulnCheck KEV 2015-06-16
Ransomware Use Confirmed
CWE
CWE-119
Status published
Products (22)
adobe/air < 17.0.0.172
adobe/air_sdk < 17.0.0.172
adobe/air_sdk_\&_compiler < 17.0.0.172
adobe/flash_player 14.0.0.125
adobe/flash_player 14.0.0.145
adobe/flash_player 14.0.0.176
adobe/flash_player 14.0.0.179
adobe/flash_player 15.0.0.152
adobe/flash_player 15.0.0.167
adobe/flash_player 15.0.0.189
... and 12 more
Published Jun 10, 2015
Tracked Since Feb 18, 2026