First published: Mon Dec 28 2015(Updated: )
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Macromedia Flash Player | ||
All of | ||
Any of | ||
Adobe AIR | <20.0.0.233 | |
Adobe AIR SDK & Compiler | <20.0.0.233 | |
Any of | ||
iPhone OS | ||
Apple iOS and macOS | ||
Android | ||
Microsoft Windows Operating System | ||
All of | ||
Macromedia Flash Player | <11.2.202.559 | |
Linux Kernel | ||
All of | ||
Adobe | <20.0.0.233 | |
Any of | ||
Apple iOS and macOS | ||
Android | ||
Microsoft Windows Operating System | ||
All of | ||
Any of | ||
Macromedia Flash Player | <18.0.0.324 | |
Macromedia Flash Player | >=19.0.0.185<20.0.0.267 | |
Any of | ||
Apple iOS and macOS | ||
Microsoft Windows Operating System | ||
Red Hat Enterprise Linux Desktop | =5.0 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Server | =5.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Workstation | =5.0 | |
Red Hat Enterprise Linux Workstation | =6.0 | |
Evergreen ILS | =11.4 | |
openSUSE | =13.1 | |
openSUSE | =13.2 | |
SUSE Linux Enterprise Desktop | =11-sp3 | |
SUSE Linux Enterprise Desktop | =11-sp4 | |
SUSE Linux Enterprise Desktop | =12 | |
SUSE Linux Enterprise Desktop | =12-sp1 | |
SUSE Linux Workstation Extension | =12 | |
SUSE Linux Workstation Extension | =12-sp1 | |
HP Insight Control for Linux | <7.6 | |
HP Insight Control Server Provisioning | <7.6 | |
HP Matrix Operating Environment | =7.6 | |
HP System Management Homepage | <7.6 | |
HP Systems Insight Manager | <7.6 | |
HP Version Control Repository Manager | <7.6 | |
Adobe AIR | <=20.0.0.204 | |
Adobe AIR SDK & Compiler | <=20.0.0.204 | |
iPhone OS | ||
Apple iOS and macOS | ||
Android | ||
Microsoft Windows Operating System | ||
Macromedia Flash Player | <=11.2.202.554 | |
Linux Kernel | ||
Adobe | <=20.0.0.204 | |
Macromedia Flash Player | <=18.0.0.268 | |
Macromedia Flash Player | =19.0.0.185 | |
Macromedia Flash Player | =19.0.0.207 | |
Macromedia Flash Player | =19.0.0.226 | |
Macromedia Flash Player | =19.0.0.245 | |
Macromedia Flash Player | =20.0.0.228 | |
Macromedia Flash Player | =20.0.0.235 |
The impacted product is end-of-life and should be disconnected if still in use.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-8651 is rated as critical due to its potential to allow remote code execution.
To mitigate CVE-2015-8651, update Adobe Flash Player to version 18.0.0.324 or later, or update Adobe AIR to at least version 20.0.0.233.
Adobe Flash Player versions prior to 18.0.0.324, specifically 19.x and 20.x version before 20.0.0.267, are affected by CVE-2015-8651.
Yes, Adobe AIR versions before 20.0.0.233 are vulnerable to CVE-2015-8651.
CVE-2015-8651 affects Adobe Flash Player on Windows, OS X, and Linux, as well as Adobe AIR across these platforms.