What is the severity of CVE-2015-8649?

CVE-2015-8649 is classified as a critical severity vulnerability that can allow remote code execution.

How do I fix CVE-2015-8649?

To fix CVE-2015-8649, update Adobe Flash Player to the latest version available.

What products are affected by CVE-2015-8649?

CVE-2015-8649 affects Adobe Flash Player versions before 18.0.0.324, along with several versions of Adobe AIR.

What types of attacks can exploit CVE-2015-8649?

CVE-2015-8649 can be exploited through specially crafted content that could lead to arbitrary code execution.

Can I still use Adobe Flash Player with CVE-2015-8649 vulnerability?

It is not safe to use Adobe Flash Player with CVE-2015-8649 until you ensure it is updated to a secure version.

Vulnerability/
CVE-2015-8649

critical

9.3

CWE

416

28/12/2015

6/8/2024

CVE-2015-8649: Use After Free

First published: Mon Dec 28 2015(Updated: )

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8650.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Adobe Flash Player for Internet Explorer 11	<=18.0.0.268
Adobe Flash Player for Internet Explorer 11	=19.0.0.185
Adobe Flash Player for Internet Explorer 11	=19.0.0.207
Adobe Flash Player for Internet Explorer 11	=19.0.0.226
Adobe Flash Player for Internet Explorer 11	=19.0.0.245
Adobe Flash Player for Internet Explorer 11	=20.0.0.228
Adobe Flash Player for Internet Explorer 11	=20.0.0.235
macOS Yosemite
Microsoft Windows
Adobe AIR SDK and Compiler	<=20.0.0.204
Adobe AIR SDK & Compiler	<=20.0.0.204
Apple iPhone OS
Google Android
Adobe AIR	<=20.0.0.204
Adobe Flash Player for Internet Explorer 11	<=11.2.202.554
Linux Kernel

Remedy

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8649?
CVE-2015-8649 is classified as a critical severity vulnerability that can allow remote code execution.
How do I fix CVE-2015-8649?
To fix CVE-2015-8649, update Adobe Flash Player to the latest version available.
What products are affected by CVE-2015-8649?
CVE-2015-8649 affects Adobe Flash Player versions before 18.0.0.324, along with several versions of Adobe AIR.
What types of attacks can exploit CVE-2015-8649?
CVE-2015-8649 can be exploited through specially crafted content that could lead to arbitrary code execution.
Can I still use Adobe Flash Player with CVE-2015-8649 vulnerability?
It is not safe to use Adobe Flash Player with CVE-2015-8649 until you ensure it is updated to a secure version.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/remedy
agent/weakness
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/adobe
canonical/adobe flash player for internet explorer 11
version/adobe flash player for internet explorer 11/18.0.0.268
version/adobe flash player for internet explorer 11/19.0.0.185
version/adobe flash player for internet explorer 11/19.0.0.207
version/adobe flash player for internet explorer 11/19.0.0.226
version/adobe flash player for internet explorer 11/19.0.0.245
version/adobe flash player for internet explorer 11/20.0.0.228
version/adobe flash player for internet explorer 11/20.0.0.235
vendor/apple
canonical/macos yosemite
vendor/microsoft
canonical/microsoft windows
canonical/adobe air sdk and compiler
version/adobe air sdk and compiler/20.0.0.204
canonical/adobe air sdk & compiler
version/adobe air sdk & compiler/20.0.0.204
canonical/apple iphone os
vendor/google
canonical/google android
canonical/adobe air
version/adobe air/20.0.0.204
version/adobe flash player for internet explorer 11/11.2.202.554
vendor/linux
canonical/linux kernel

Frequently Asked Questions

What is the severity of CVE-2015-8649?
CVE-2015-8649 is classified as a critical severity vulnerability that can allow remote code execution.
How do I fix CVE-2015-8649?
To fix CVE-2015-8649, update Adobe Flash Player to the latest version available.
What products are affected by CVE-2015-8649?
CVE-2015-8649 affects Adobe Flash Player versions before 18.0.0.324, along with several versions of Adobe AIR.
What types of attacks can exploit CVE-2015-8649?
CVE-2015-8649 can be exploited through specially crafted content that could lead to arbitrary code execution.
Can I still use Adobe Flash Player with CVE-2015-8649 vulnerability?
It is not safe to use Adobe Flash Player with CVE-2015-8649 until you ensure it is updated to a secure version.

CVE-2015-8649: Use After Free

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8649?

How do I fix CVE-2015-8649?

What products are affected by CVE-2015-8649?

What types of attacks can exploit CVE-2015-8649?

Can I still use Adobe Flash Player with CVE-2015-8649 vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-8649?

How do I fix CVE-2015-8649?

What products are affected by CVE-2015-8649?

What types of attacks can exploit CVE-2015-8649?

Can I still use Adobe Flash Player with CVE-2015-8649 vulnerability?