CVE-2015-5555

Adobe Flash Player <18.0.0.232 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5555. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a type confusion vulnerability in Adobe Flash's TextRenderer.setAdvancedAntialiasingTable method, where non-integer objects are incorrectly treated as integers. The PoC crashes the application to prove the issue, though direct exploitation is difficult due to limited script access to the affected values.

Description

Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5558, and CVE-2015-5562.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/37874

View Code ZIP pw:eip

This exploit demonstrates a type confusion vulnerability in Adobe Flash's TextRenderer.setAdvancedAntialiasingTable method, where non-integer objects are incorrectly treated as integers. The PoC crashes the application to prove the issue, though direct exploitation is difficult due to limited script access to the affected values.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (versions affected by CVE-2015-5555)

No auth needed

Prerequisites: Adobe Flash Player with vulnerable TextRenderer implementation

MITRE ATT&CK