What is the severity of CVE-2015-8649?

CVE-2015-8649 is classified as a critical severity vulnerability that can allow remote code execution.

How do I fix CVE-2015-8649?

To fix CVE-2015-8649, update Adobe Flash Player to the latest version available.

What products are affected by CVE-2015-8649?

CVE-2015-8649 affects Adobe Flash Player versions before 18.0.0.324, along with several versions of Adobe AIR.

What types of attacks can exploit CVE-2015-8649?

CVE-2015-8649 can be exploited through specially crafted content that could lead to arbitrary code execution.

Can I still use Adobe Flash Player with CVE-2015-8649 vulnerability?

It is not safe to use Adobe Flash Player with CVE-2015-8649 until you ensure it is updated to a secure version.

Vulnerability/
CVE-2015-8649

critical

9.3

CWE

416

28/12/2015

6/8/2024

CVE-2015-8649: Use After Free

First published: Mon Dec 28 2015(Updated: )

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8650.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Macromedia Flash Player	<=18.0.0.268
Macromedia Flash Player	=19.0.0.185
Macromedia Flash Player	=19.0.0.207
Macromedia Flash Player	=19.0.0.226
Macromedia Flash Player	=19.0.0.245
Macromedia Flash Player	=20.0.0.228
Macromedia Flash Player	=20.0.0.235
Apple iOS and macOS
Microsoft Windows Operating System
Adobe AIR	<=20.0.0.204
Adobe AIR SDK & Compiler	<=20.0.0.204
iPhone OS
Android
Adobe	<=20.0.0.204
Macromedia Flash Player	<=11.2.202.554
Linux Kernel

Remedy

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8649?
CVE-2015-8649 is classified as a critical severity vulnerability that can allow remote code execution.
How do I fix CVE-2015-8649?
To fix CVE-2015-8649, update Adobe Flash Player to the latest version available.
What products are affected by CVE-2015-8649?
CVE-2015-8649 affects Adobe Flash Player versions before 18.0.0.324, along with several versions of Adobe AIR.
What types of attacks can exploit CVE-2015-8649?
CVE-2015-8649 can be exploited through specially crafted content that could lead to arbitrary code execution.
Can I still use Adobe Flash Player with CVE-2015-8649 vulnerability?
It is not safe to use Adobe Flash Player with CVE-2015-8649 until you ensure it is updated to a secure version.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/remedy
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/adobe
canonical/macromedia flash player
version/macromedia flash player/18.0.0.268
version/macromedia flash player/19.0.0.185
version/macromedia flash player/19.0.0.207
version/macromedia flash player/19.0.0.226
version/macromedia flash player/19.0.0.245
version/macromedia flash player/20.0.0.228
version/macromedia flash player/20.0.0.235
vendor/apple
canonical/apple ios and macos
vendor/microsoft
canonical/microsoft windows operating system
canonical/adobe air
version/adobe air/20.0.0.204
canonical/adobe air sdk & compiler
version/adobe air sdk & compiler/20.0.0.204
canonical/iphone os
vendor/google
canonical/android
canonical/adobe
version/adobe/20.0.0.204
version/macromedia flash player/11.2.202.554
vendor/linux
canonical/linux kernel