What is the severity of CVE-2015-8634?

CVE-2015-8634 has a critical severity rating due to the potential for remote code execution by an attacker.

How do I fix CVE-2015-8634?

To fix CVE-2015-8634, users should update Adobe Flash Player and Adobe AIR to the latest versions that address the vulnerability.

Which versions of Adobe software are affected by CVE-2015-8634?

CVE-2015-8634 affects Adobe Flash Player versions before 18.0.0.324, 19.x before 20.0.0.267, and Adobe AIR before 20.0.0.233.

Can CVE-2015-8634 affect users on macOS or Linux?

Yes, CVE-2015-8634 can affect users on macOS and Linux if they are using the vulnerable versions of Adobe Flash Player or Adobe AIR.

What types of attacks can exploit CVE-2015-8634?

CVE-2015-8634 can be exploited through malicious Flash content, allowing attackers to execute arbitrary code on the victim's system.

Vulnerability/
CVE-2015-8634

critical

9.3

CWE

416

28/12/2015

6/8/2024

CVE-2015-8634: Use After Free

First published: Mon Dec 28 2015(Updated: )

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Flash Player for Internet Explorer 11	<=18.0.0.268
Adobe Flash Player for Internet Explorer 11	=19.0.0.185
Adobe Flash Player for Internet Explorer 11	=19.0.0.207
Adobe Flash Player for Internet Explorer 11	=19.0.0.226
Adobe Flash Player for Internet Explorer 11	=19.0.0.245
Adobe Flash Player for Internet Explorer 11	=20.0.0.228
Adobe Flash Player for Internet Explorer 11	=20.0.0.235
macOS Yosemite
Microsoft Windows
Adobe AIR SDK and Compiler	<=20.0.0.204
Adobe AIR SDK & Compiler	<=20.0.0.204
Apple iPhone OS
Google Android
Adobe Flash Player for Internet Explorer 11	<=11.2.202.554
Linux Kernel
Adobe AIR	<=20.0.0.204

Remedy

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8634?
CVE-2015-8634 has a critical severity rating due to the potential for remote code execution by an attacker.
How do I fix CVE-2015-8634?
To fix CVE-2015-8634, users should update Adobe Flash Player and Adobe AIR to the latest versions that address the vulnerability.
Which versions of Adobe software are affected by CVE-2015-8634?
CVE-2015-8634 affects Adobe Flash Player versions before 18.0.0.324, 19.x before 20.0.0.267, and Adobe AIR before 20.0.0.233.
Can CVE-2015-8634 affect users on macOS or Linux?
Yes, CVE-2015-8634 can affect users on macOS and Linux if they are using the vulnerable versions of Adobe Flash Player or Adobe AIR.
What types of attacks can exploit CVE-2015-8634?
CVE-2015-8634 can be exploited through malicious Flash content, allowing attackers to execute arbitrary code on the victim's system.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/adobe
canonical/adobe flash player for internet explorer 11
version/adobe flash player for internet explorer 11/18.0.0.268
version/adobe flash player for internet explorer 11/19.0.0.185
version/adobe flash player for internet explorer 11/19.0.0.207
version/adobe flash player for internet explorer 11/19.0.0.226
version/adobe flash player for internet explorer 11/19.0.0.245
version/adobe flash player for internet explorer 11/20.0.0.228
version/adobe flash player for internet explorer 11/20.0.0.235
vendor/apple
canonical/macos yosemite
vendor/microsoft
canonical/microsoft windows
canonical/adobe air sdk and compiler
version/adobe air sdk and compiler/20.0.0.204
canonical/adobe air sdk & compiler
version/adobe air sdk & compiler/20.0.0.204
canonical/apple iphone os
vendor/google
canonical/google android
version/adobe flash player for internet explorer 11/11.2.202.554
vendor/linux
canonical/linux kernel
canonical/adobe air
version/adobe air/20.0.0.204

Frequently Asked Questions

What is the severity of CVE-2015-8634?
CVE-2015-8634 has a critical severity rating due to the potential for remote code execution by an attacker.
How do I fix CVE-2015-8634?
To fix CVE-2015-8634, users should update Adobe Flash Player and Adobe AIR to the latest versions that address the vulnerability.
Which versions of Adobe software are affected by CVE-2015-8634?
CVE-2015-8634 affects Adobe Flash Player versions before 18.0.0.324, 19.x before 20.0.0.267, and Adobe AIR before 20.0.0.233.
Can CVE-2015-8634 affect users on macOS or Linux?
Yes, CVE-2015-8634 can affect users on macOS and Linux if they are using the vulnerable versions of Adobe Flash Player or Adobe AIR.
What types of attacks can exploit CVE-2015-8634?
CVE-2015-8634 can be exploited through malicious Flash content, allowing attackers to execute arbitrary code on the victim's system.

CVE-2015-8634: Use After Free

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8634?

How do I fix CVE-2015-8634?

Which versions of Adobe software are affected by CVE-2015-8634?

Can CVE-2015-8634 affect users on macOS or Linux?

What types of attacks can exploit CVE-2015-8634?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-8634?

How do I fix CVE-2015-8634?

Which versions of Adobe software are affected by CVE-2015-8634?

Can CVE-2015-8634 affect users on macOS or Linux?

What types of attacks can exploit CVE-2015-8634?