Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2014-0569

Published: 15/10/2014 Updated: 10/11/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Integer overflow in Adobe Flash Player prior to 13.0.0.250 and 14.x and 15.x prior to 15.0.0.189 on Windows and OS X and prior to 11.2.202.411 on Linux, Adobe AIR prior to 15.0.0.293, Adobe AIR SDK prior to 15.0.0.302, and Adobe AIR SDK & Compiler prior to 15.0.0.302 allows malicious users to execute arbitrary code via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

adobe flash_player_desktop_runtime

adobe air_desktop_runtime

adobe air_sdk

opensuse evergreen 11.4

opensuse opensuse 12.3

opensuse opensuse 13.1

suse linux enterprise desktop 11

Vendor Advisories

Red Hat: CVE-2014-0569
Integer overflow in Adobe Flash Player before 1300250 and 14x and 15x before 1500189 on Windows and OS X and before 112202411 on Linux, Adobe AIR before 1500293, Adobe AIR SDK before 1500302, and Adobe AIR SDK & Compiler before 1500302 allows attackers to execute arbitrary code via unspecified vectors ...

Exploits

Exploit DB: Adobe Flash Player - casi32 Integer Overflow (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Powershell include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super ...
Exploit DB: Adobe Flash Player casi32 Integer Overflow
This Metasploit module exploits an integer overflow in Adobe Flash Player The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 150 ...

Recent Articles

Ad bidding network caught slinging ransomware
The Register • Darren Pauli • 11 Mar 2015

Advertisers cry 'f**k AdBlock'

Attackers are using Flash exploits and foisting ransomware through real time advertising bidding networks, FireEye researchers say. The attacks link to malicious or compromised advertising sites which participate in real time bidding systems in which ad inventory is sold to and by publishers. More than 1700 malicious advertising requests have been detected that led to malicious .swf Flash files being downloaded over hundreds of unnamed sites. "We believe this activity is part of an active malver...

Read more...

References

CWE-190http://helpx.adobe.com/security/products/flash-player/apsb14-22.htmlhttp://www.zerodayinitiative.com/advisories/ZDI-14-365/http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1648.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.htmlhttp://www.securitytracker.com/id/1031019http://secunia.com/advisories/61980http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.htmlhttp://www.securityfocus.com/bid/70441https://nvd.nist.govhttps://www.exploit-db.com/exploits/36744/https://access.redhat.com/security/cve/cve-2014-0569
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook