CVE-2015-8651

Name: CVE-2015-8651
Creator: NVD / NIST
Published: 2015-12-28T23:59:19.05+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10Actively ExploitedEPSS 67.92%

Last modified Jun 17, 2026

CVE-2015-8651 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.. CISA has confirmed active exploitation in the wild. EPSS estimates a 67.92% chance of exploitation in the next 30 days.

Description

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

67.92%

99.2th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jun 15, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Adobe	Air Sdk	< 20.0.0.233	—
Adobe	Air Sdk \& Compiler	< 20.0.0.233	—
Adobe	Flash Player	< 11.2.202.559	—
Adobe	Air	< 20.0.0.233	—
Adobe	Flash Player	< 18.0.0.324	—
Adobe	Flash Player	>= 19.0.0.185, < 20.0.0.267	—
Redhat	Enterprise Linux Desktop	5.0	—
Redhat	Enterprise Linux Desktop	6.0	—
Redhat	Enterprise Linux Server	5.0	—
Redhat	Enterprise Linux Server	6.0	—
Redhat	Enterprise Linux Workstation	5.0	—
Redhat	Enterprise Linux Workstation	6.0	—
Opensuse	Evergreen	11.4	—
Opensuse	Opensuse	13.1	—
Opensuse	Opensuse	13.2	—
Suse	Linux Enterprise Desktop	11	Sp3
Suse	Linux Enterprise Desktop	12	—
Suse	Linux Enterprise Workstation Extension	12	—
Hp	Insight Control	< 7.6	—
Hp	Insight Control Server Provisioning	< 7.6	—
Hp	Matrix Operating Environment	7.6	—
Hp	System Management Homepage	< 7.6	—
Hp	Systems Insight Manager	< 7.6	—
Hp	Version Control Repository Manager	< 7.6	—

References

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2697.htmlThird Party Advisory
http://www.securityfocus.com/bid/79705Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1034544Broken Link, Third Party Advisory, VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-01.htmlNot Applicable, Patch, Vendor Advisory
https://security.gentoo.org/glsa/201601-03Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2697.htmlThird Party Advisory
http://www.securityfocus.com/bid/79705Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1034544Broken Link, Third Party Advisory, VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-01.htmlNot Applicable, Patch, Vendor Advisory
https://security.gentoo.org/glsa/201601-03Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-8651US Government Resource

Timeline

Published: Dec 28, 2015
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2015-8651?

How severe is CVE-2015-8651?

CVE-2015-8651 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 67.92% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2015-8651?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-8651?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST