CVE-2015-4432

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-5118.

Published: Jul 9, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-4432
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
adobe / air	-	18.0.0.144.x
adobe / air_sdk	-	18.0.0.144.x
adobe / air_sdk_&_compiler	-	18.0.0.144.x
adobe / flash_player	-	11.2.202.468.x
adobe / flash_player	-	13.0.0.289.x
adobe / flash_player	14.0.0.125	14.0.0.125.x
adobe / flash_player	14.0.0.145	14.0.0.145.x
adobe / flash_player	14.0.0.176	14.0.0.176.x
adobe / flash_player	14.0.0.179	14.0.0.179.x
adobe / flash_player	15.0.0.152	15.0.0.152.x
adobe / flash_player	15.0.0.167	15.0.0.167.x
adobe / flash_player	15.0.0.189	15.0.0.189.x
adobe / flash_player	15.0.0.223	15.0.0.223.x
adobe / flash_player	15.0.0.239	15.0.0.239.x
adobe / flash_player	15.0.0.246	15.0.0.246.x
adobe / flash_player	16.0.0.235	16.0.0.235.x
adobe / flash_player	16.0.0.257	16.0.0.257.x
adobe / flash_player	16.0.0.287	16.0.0.287.x
adobe / flash_player	16.0.0.296	16.0.0.296.x
adobe / flash_player	17.0.0.134	17.0.0.134.x
adobe / flash_player	17.0.0.169	17.0.0.169.x
adobe / flash_player	17.0.0.188	17.0.0.188.x
adobe / flash_player	17.0.0.190	17.0.0.190.x
adobe / flash_player	18.0.0.160	18.0.0.160.x
adobe / flash_player	18.0.0.194	18.0.0.194.x

Vulnerability Database

289,782

CVE-2015-4432