Skip to main content
Mallory
Back to vulnerabilities
HighCISA KEVExploited in the wildPublic exploit

Integer Overflow RCE in Adobe Flash Player and Adobe AIR

IdentifiersCVE-2015-8651CWE-190· Integer Overflow or Wraparound

CVE-2015-8651 is an integer overflow vulnerability in Adobe Flash Player and Adobe AIR. According to the provided content, affected products include Adobe Flash Player before 18.0.0.324 and 19.x/20.x before 20.0.0.267 on Windows and OS X, Flash Player before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233. Successful exploitation allows arbitrary code execution via unspecified vectors. The supporting context also indicates the flaw was used in exploit-kit-driven attacks, where a Flash object selected this exploit based on the victim's installed Flash version.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in arbitrary code execution in the context of the targeted application/user. In observed campaigns referenced in the content, exploitation of CVE-2015-8651 was used as an execution primitive within malvertising and exploit-kit chains, enabling delivery and execution of follow-on malware payloads including trojan downloaders and banking malware.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, disable or uninstall Adobe Flash Player and Adobe AIR where feasible, restrict execution of Flash content in browsers and applications, use click-to-play or equivalent browser controls, limit exposure to untrusted web content and malvertising, and apply application control and endpoint protections to reduce post-exploitation payload execution. Network filtering and browser hardening can reduce exposure to exploit-kit delivery paths.

Remediation

Patch, then assume compromise.

Upgrade affected Adobe products to fixed versions or later. Specifically, update Adobe Flash Player to 18.0.0.324 or later for the 18.x branch, 20.0.0.267 or later for affected 19.x/20.x branches on Windows and OS X, 11.2.202.559 or later on Linux, and update Adobe AIR, Adobe AIR SDK, and Adobe AIR SDK & Compiler to 20.0.0.233 or later. Where possible, remove or fully decommission Adobe Flash Player and associated runtimes from environments that no longer require them.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
AdobeAirapplication
AdobeAir Sdkapplication
AdobeAir Sdk & Compilerapplication
AdobeFlash Playerapplication
Hewlett Packard EnterpriseInsight Controlapplication
Hewlett Packard EnterpriseInsight Control Server Provisioningapplication
Hewlett Packard EnterpriseMatrix Operating Environmentapplication
Hewlett Packard EnterpriseSystem Management Homepageapplication
Hewlett Packard EnterpriseSystems Insight Managerapplication
Hewlett Packard EnterpriseVersion Control Repository Managerapplication
OpensuseEvergreenoperating_system
OpensuseOpensuseoperating_system
Red HatEnterprise Linux Desktopoperating_system
Red HatEnterprise Linux Serveroperating_system
Red HatEnterprise Linux Workstationoperating_system
SuseLinux Enterprise Desktopoperating_system
SuseLinux Enterprise Workstation Extensionoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app
eset welivesecurity blogNews
Dec 6, 2016
Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads

An Adobe Flash Player vulnerability used by the Stegano exploit kit to compromise victims, selected based on the installed Flash version.

Read more
mitre attackNews
Jan 25, 2026
Exploitation for Client Execution, Technique T1203 - Enterprise | MITRE ATT&CK®

An Adobe Flash vulnerability exploited for code execution.

Read more
mitre attackNews
Jan 25, 2026
Exploitation for Client Execution, Technique T1203 - Enterprise | MITRE ATT&CK®

An Adobe Flash vulnerability used for code execution.

Read more
mitre attackNews
Mar 18, 2026
Exploitation for Client Execution, Technique T1203 - Enterprise | MITRE ATT&CK®

An Adobe Flash vulnerability exploited for code execution.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence3

Every observed campaign linking this CVE to a named adversary.

Associated malware3

Malware families riding this exploit, with evidence and IOCs.

Detection signatures2

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2015-8651
NVD
nvd.nist.gov/vuln/detail/CVE-2015-8651
MITRE CWE · CWE-190
Integer Overflow or Wraparound
Third Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html
Third Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html
Third Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html
Third Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html
Third Party Advisory
rhn.redhat.com/errata/RHSA-2015-2697.html
Third Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Third Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Third Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Third Party Advisory
security.gentoo.org/glsa/201601-03
+1 more reference
view more in app