CVE-2015-5574

Adobe Flash Player <18.0.0.241, 19.x <19.0.0.185 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5574. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a Use-after-Free (UaF) vulnerability in Adobe Flash Player by manipulating the `Color.setTransform` method to delete a TextField object while it is still in use. The PoC triggers the vulnerability by removing the TextField during a `valueOf` call, leading to potential arbitrary code execution.

Description

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/39652

View Code ZIP pw:eip

This exploit demonstrates a Use-after-Free (UaF) vulnerability in Adobe Flash Player by manipulating the `Color.setTransform` method to delete a TextField object while it is still in use. The PoC triggers the vulnerability by removing the TextField during a `valueOf` call, leading to potential arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (versions affected by CVE-2015-5574)

No auth needed

Prerequisites: Victim must open a malicious SWF file

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1814.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/76795

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201509-07

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39652/

Vendor Advisory x_refsource_confirm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

Vendor Advisory x_refsource_confirm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1033629

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html

Various Sources x_refsource_confirm

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841

Vendor Advisory x_refsource_confirm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Patch, Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsb15-23.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

Scores

EPSS 0.7101

EPSS Percentile 98.7%

Details

Status published

Products (28)

adobe/air < 18.0.0.143

adobe/air_sdk < 18.0.0.199

adobe/air_sdk_\&_compiler < 18.0.0.180

adobe/flash_player 14.0.0.125

adobe/flash_player 14.0.0.145

adobe/flash_player 14.0.0.176

adobe/flash_player 14.0.0.179

adobe/flash_player 15.0.0.152

adobe/flash_player 15.0.0.167

adobe/flash_player 15.0.0.189

... and 18 more

Published Sep 22, 2015

Tracked Since Feb 18, 2026