Remote code execution in Adobe Flash Player 11.x through 18.x allows unauthenticated network attackers to execute arbitrary code via crafted Flash content exploiting a use-after-free flaw in the ByteArray class. Confirmed actively exploited (CISA KEV) in July 2015 following the Hacking Team data breach, which exposed weaponized exploit code targeting this vulnerability. With EPSS score of 93.21% (100th percentile) and publicly available proof-of-concept, this represents critical risk to unpatched Flash installations across Windows, OS X, and Linux platforms. Vendor-released patches available via Adobe APSB15-16.
Buffer Overflow
Memory Corruption
Denial Of Service
RCE
Adobe
+2
NVD
GitHub
Exploit-DB
VulDB
CVSS 3.1
9.8
EPSS
93.2%
Threat
9.8