What is the severity of CVE-2015-8640?

CVE-2015-8640 is classified as a critical vulnerability that can lead to arbitrary code execution.

How do I fix CVE-2015-8640?

The fix for CVE-2015-8640 involves updating Adobe Flash Player to versions 18.0.0.324 or later, or to versions 19.x and 20.x at or above 20.0.0.267.

Which versions of Adobe Flash Player are affected by CVE-2015-8640?

CVE-2015-8640 affects Adobe Flash Player versions before 18.0.0.324, all 19.x versions before 20.0.0.267, and 20.x versions before 20.0.0.267.

Is Adobe AIR affected by CVE-2015-8640?

Yes, Adobe AIR versions prior to 20.0.0.233 are affected by CVE-2015-8640.

Can CVE-2015-8640 be exploited on Linux systems?

Yes, CVE-2015-8640 can be exploited on Linux systems running vulnerable versions of Adobe Flash Player.

Vulnerability/
CVE-2015-8640

critical

9.3

CWE

416

28/12/2015

6/8/2024

CVE-2015-8640: Use After Free

First published: Mon Dec 28 2015(Updated: )

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Flash Player for Internet Explorer 11	<=18.0.0.268
Adobe Flash Player for Internet Explorer 11	=19.0.0.185
Adobe Flash Player for Internet Explorer 11	=19.0.0.207
Adobe Flash Player for Internet Explorer 11	=19.0.0.226
Adobe Flash Player for Internet Explorer 11	=19.0.0.245
Adobe Flash Player for Internet Explorer 11	=20.0.0.228
Adobe Flash Player for Internet Explorer 11	=20.0.0.235
macOS Yosemite
Microsoft Windows
Adobe AIR	<=20.0.0.204
Google Android
Adobe AIR SDK and Compiler	<=20.0.0.204
Adobe AIR SDK & Compiler	<=20.0.0.204
Apple iPhone OS
Adobe Flash Player for Internet Explorer 11	<=11.2.202.554
Linux Kernel

Remedy

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8640?
CVE-2015-8640 is classified as a critical vulnerability that can lead to arbitrary code execution.
How do I fix CVE-2015-8640?
The fix for CVE-2015-8640 involves updating Adobe Flash Player to versions 18.0.0.324 or later, or to versions 19.x and 20.x at or above 20.0.0.267.
Which versions of Adobe Flash Player are affected by CVE-2015-8640?
CVE-2015-8640 affects Adobe Flash Player versions before 18.0.0.324, all 19.x versions before 20.0.0.267, and 20.x versions before 20.0.0.267.
Is Adobe AIR affected by CVE-2015-8640?
Yes, Adobe AIR versions prior to 20.0.0.233 are affected by CVE-2015-8640.
Can CVE-2015-8640 be exploited on Linux systems?
Yes, CVE-2015-8640 can be exploited on Linux systems running vulnerable versions of Adobe Flash Player.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/adobe
canonical/adobe flash player for internet explorer 11
version/adobe flash player for internet explorer 11/18.0.0.268
version/adobe flash player for internet explorer 11/19.0.0.185
version/adobe flash player for internet explorer 11/19.0.0.207
version/adobe flash player for internet explorer 11/19.0.0.226
version/adobe flash player for internet explorer 11/19.0.0.245
version/adobe flash player for internet explorer 11/20.0.0.228
version/adobe flash player for internet explorer 11/20.0.0.235
vendor/apple
canonical/macos yosemite
vendor/microsoft
canonical/microsoft windows
canonical/adobe air
version/adobe air/20.0.0.204
vendor/google
canonical/google android
canonical/adobe air sdk and compiler
version/adobe air sdk and compiler/20.0.0.204
canonical/adobe air sdk & compiler
version/adobe air sdk & compiler/20.0.0.204
canonical/apple iphone os
version/adobe flash player for internet explorer 11/11.2.202.554
vendor/linux
canonical/linux kernel

Frequently Asked Questions

What is the severity of CVE-2015-8640?
CVE-2015-8640 is classified as a critical vulnerability that can lead to arbitrary code execution.
How do I fix CVE-2015-8640?
The fix for CVE-2015-8640 involves updating Adobe Flash Player to versions 18.0.0.324 or later, or to versions 19.x and 20.x at or above 20.0.0.267.
Which versions of Adobe Flash Player are affected by CVE-2015-8640?
CVE-2015-8640 affects Adobe Flash Player versions before 18.0.0.324, all 19.x versions before 20.0.0.267, and 20.x versions before 20.0.0.267.
Is Adobe AIR affected by CVE-2015-8640?
Yes, Adobe AIR versions prior to 20.0.0.233 are affected by CVE-2015-8640.
Can CVE-2015-8640 be exploited on Linux systems?
Yes, CVE-2015-8640 can be exploited on Linux systems running vulnerable versions of Adobe Flash Player.

CVE-2015-8640: Use After Free

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8640?

How do I fix CVE-2015-8640?

Which versions of Adobe Flash Player are affected by CVE-2015-8640?

Is Adobe AIR affected by CVE-2015-8640?

Can CVE-2015-8640 be exploited on Linux systems?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-8640?

How do I fix CVE-2015-8640?

Which versions of Adobe Flash Player are affected by CVE-2015-8640?

Is Adobe AIR affected by CVE-2015-8640?

Can CVE-2015-8640 be exploited on Linux systems?