CVE-2015-3133
EXPLOITED RANSOMWAREAdobe Flash Player <13.0.0.302,14.x<18.0.0.203 - Memory Corruption
Title source: llmExploitation Summary
CVE-2015-3133 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.
Description
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3134, and CVE-2015-4431.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032810
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75591
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1214.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201507-13
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Scores
EPSS
0.0531
EPSS Percentile
91.6%
Details
VulnCheck KEV
2015-06-29
Ransomware Use
Confirmed
CWE
CWE-119
Status
published
Products (24)
adobe/air
< 18.0.0.144
adobe/air_sdk
< 18.0.0.144
adobe/air_sdk_\&_compiler
< 18.0.0.144
adobe/flash_player
14.0.0.125
adobe/flash_player
14.0.0.145
adobe/flash_player
14.0.0.176
adobe/flash_player
14.0.0.179
adobe/flash_player
15.0.0.152
adobe/flash_player
15.0.0.167
adobe/flash_player
15.0.0.189
... and 14 more
Published
Jul 09, 2015
Tracked Since
Feb 18, 2026