Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAdobe Flash Player
APPAdobe< 11.2.202.442< 13.0.0.26914.0.0.125 – 16.0.0.305 (bez)Apple Mac Os X
OSApplewszystkie wersjeLinux Kernel
OSLinuxwszystkie wersjeMicrosoft Edge
APPMicrosoftwszystkie wersjeMicrosoft Internet Explorer
APPMicrosoft1011Microsoft Windows
OSMicrosoftwszystkie wersjeMicrosoft Windows 10 1507
OSMicrosoftwszystkie wersjeMicrosoft Windows 8
OSMicrosoftwszystkie wersjeMicrosoft Windows 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Rt
OSMicrosoftwszystkie wersjeMicrosoft Windows Rt 8.1
OSMicrosoftwszystkie wersjeMicrosoft Windows Server 2012
OSMicrosoftr2Opensuse Evergreen
OSOpensuse11.4Opensuse
OSOpensuse13.113.2SUSE Linux Enterprise Desktop
OSSuse1112SUSE Linux Enterprise Workstation Extension
OSSuse12
CISA KEV — detailsi
- Vendori
- Adobe ↗
- Producti
- Flash Player
- Added to KEVi
- April 13, 2022
- Remediation deadline (US Federal)i
- May 4, 2022(overdue)
The impacted product is end-of-life and should be disconnected if still in use.
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
RCE w Windows Server Update Service (WSUS) — deserializacja danych
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP