Vulnerability Details : CVE-2014-0515
Public exploit exists!
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-0515
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0515
96.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-0515
-
Adobe Flash Player Shader Buffer Overflow
Disclosure Date: 2014-04-28First seen: 2020-04-26exploit/multi/browser/adobe_flash_pixel_bender_bofThis module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This module has been tested successful
CVSS scores for CVE-2014-0515
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-0515
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0515
-
http://www.securityfocus.com/bid/67092
Adobe Flash Player CVE-2014-0515 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1030155
Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.html
[security-announce] openSUSE-SU-2014:0585-1: critical: update for flash-Mailing List;Third Party Advisory
-
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.html
[security-announce] SUSE-SU-2014:0605-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.html
[security-announce] openSUSE-SU-2014:0589-1: critical: update for flash-Mailing List;Third Party Advisory
-
http://security.gentoo.org/glsa/glsa-201405-04.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 201405-04) — Gentoo securityThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0447.html
RHSA-2014:0447 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to