Use-after-free vulnerability in Adobe Flash Player prior to 11.7.700.275 and 11.8.x up to and including 13.0.x prior to 13.0.0.182 on Windows and OS X and prior to 11.2.202.350 on Linux, Adobe AIR prior to 13.0.0.83 on Android, Adobe AIR SDK prior to 13.0.0.83, and Adobe AIR SDK & Compiler prior to 13.0.0.83 allows remote malicious users to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
adobe flash_player 12.0.0.77 |
This month’s Adobe Patch Tuesday revolves around Flash. This means the zero-days used by VUPEN to exploit Adobe Reader at CanSecWest last month go unpatched. CVE-2014-0506 and CVE-2014-0507 deal with remote code execution and were both used separately at CanSecWest’s Pwn2Own. (It looks like these CVEs were initially assigned CVE-2014-0511 and CVE-2014-0510.) CVE-2014-0508 deals with information leakage, while CVE-2014-0509 deals with an XSS issue. Though we haven’t seen in the wild expl...
Vulmon