CVE-2015-7645

HIGH KEV RANSOMWARE

Adobe Flash Player <18.0.0.252-19.0.0.207 & 11.2.202.535 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-7645 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including Google Security Research.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in Adobe Flash's AVM serializer, where overriding IExternalizable.writeExternal with a non-function value leads to memory corruption. The PoC requires manual modification of a SWF file to trigger the bug.

Description

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/38490

This exploit leverages a type confusion vulnerability in Adobe Flash's AVM serializer, where overriding IExternalizable.writeExternal with a non-function value leads to memory corruption. The PoC requires manual modification of a SWF file to trigger the bug.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player (versions affected by CVE-2015-7645)
No auth needed
Prerequisites: A vulnerable version of Adobe Flash Player · Ability to deliver a malicious SWF file to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1913.html
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38490/
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2024.html
Broken Link, Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00016.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033850
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00017.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/77081
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201511-02
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00015.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

Scores

CVSS v3 7.8
EPSS 0.6840
EPSS Percentile 99.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-03
VulnCheck KEV 2015-10-13
InTheWild.io 2015-10-13
ENISA EUVD EUVD-2015-7548
Ransomware Use Confirmed
Status published
Products (18)
adobe/flash_player 19.0.0.185
adobe/flash_player 19.0.0.207
adobe/flash_player 18.0.0.160 - 18.0.0.252
opensuse/evergreen 11.4
opensuse/opensuse 13.1
opensuse/opensuse 13.2
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 6.7
redhat/enterprise_linux_server 5.0
... and 8 more
Published Oct 15, 2015
KEV Added Mar 03, 2022
Tracked Since Feb 18, 2026