CVE-2015-5568

Adobe Flash Player <18.0.0.241-11.2.202.521, Adobe AIR <19.0.0.190 ...

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5568. PoCs published by Google Security Research.

AI-analyzed exploit summary This is a detailed writeup describing a vulnerability in Adobe Flash Player (CVE-2015-5568) involving Vector length checks. It explains how memory corruption can be exploited to bypass length checks and manipulate heap allocations, but does not include executable exploit code.

Description

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.

Exploits (1)

exploitdb WRITEUP
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/38348

This is a detailed writeup describing a vulnerability in Adobe Flash Player (CVE-2015-5568) involving Vector length checks. It explains how memory corruption can be exploited to bypass length checks and manipulate heap allocations, but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: Adobe Flash Player 18.0.0.232
No auth needed
Prerequisites: Memory corruption vulnerability in Flash Player · Debugger access to manipulate heap memory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1814.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38348/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201509-07
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76798
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033629

Scores

EPSS 0.1987
EPSS Percentile 97.1%

Details

CWE
CWE-20
Status published
Products (29)
adobe/air < 18.0.0.199
adobe/air_sdk < 18.0.0.199
adobe/air_sdk_\&_compiler < 18.0.0.180
adobe/flash_player 14.0.0.125
adobe/flash_player 14.0.0.145
adobe/flash_player 14.0.0.176
adobe/flash_player 14.0.0.179
adobe/flash_player 15.0.0.152
adobe/flash_player 15.0.0.167
adobe/flash_player 15.0.0.189
... and 19 more
Published Sep 22, 2015
Tracked Since Feb 18, 2026