Published: 05/02/2014 Updated: 13/12/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Integer underflow in Adobe Flash Player prior to 11.7.700.261 and 11.8.x up to and including 12.0.x prior to 12.0.0.44 on Windows and Mac OS X, and prior to 11.2.202.336 on Linux, allows remote malicious users to execute arbitrary code via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash_player

Integer underflow in Adobe Flash Player before 117700261 and 118x through 120x before 120044 on Windows and Mac OS X, and before 112202336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' ...

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 120043 By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in Februa ...

The mysterious case of CVE-2016-0034: the hunt for a Microsoft Silverlight 0-day

Securelist • Costin Raiu Anton Ivanov • 13 Jan 2016

Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company. For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the brea...

Darkhotel’s attacks in 2015

Securelist • GReAT • 10 Aug 2015

Darkhotel APT attacks dated 2014 and earlier are characterized by the misuse of stolen certificates, the deployment of .hta files with multiple techniques, and the use of unusual methods like the infiltration of hotel Wi-Fi to place backdoors in targets’ systems. In 2015, many of these techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team. The...

The Register • Darren Pauli • 13 Feb 2015

There is no honour among thieves

A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators including UK hacker known as MalwareTech (@MalwareTechBlog) and French bod Kaffeine (@kafeine) discovered the source code being slung on HackForums by the apparent former r...

The Register • Darren Pauli • 26 Aug 2014

66,000 users popped by malicious Flash fudging add-on

Web admins beware: social media buttons that load scripts from unknown external sites could see your sites foisting the FlashPack exploit kit to visitors. Several sources warn that popular JavaScript social media panels are being modified to load external resources that pulled down FlashPack, formerly known as SafePack, which has so far compromised at least 66,000 users. It was loaded onto visitor computers who failed to apply a February Adobe Flash patch (CVE-2014-0497), which would capture a d...

CVE-2014-0497

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect