Skip to main content
CVE-2015-5119 CRITICAL POC KEV PATCH THREAT Act Now

Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16.

Buffer Overflow Memory Corruption Denial Of Service RCE Adobe +2
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.2%
Threat
9.8

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy