Vulnerability Details : CVE-2014-0569
Public exploit exists!
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-0569
- cpe:2.3:a:adobe:flash_player:*:*:*:*:extended_support:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_10:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0569
89.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-0569
-
Adobe Flash Player casi32 Integer Overflow
Disclosure Date: 2014-10-14First seen: 2020-04-26exploit/windows/browser/adobe_flash_casi32_int_overflowThis module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain. This module has been tested successfully
CVSS scores for CVE-2014-0569
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-0569
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0569
-
http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html
openSUSE-SU-2014:1329-1: moderate: update for flash-playerThird Party Advisory
-
http://secunia.com/advisories/61980
Sign inThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
[security-announce] openSUSE-SU-2015:0725-1: important: Security updateMailing List;Third Party Advisory
-
http://www.zerodayinitiative.com/advisories/ZDI-14-365/
ZDI-14-365 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2014-1648.html
RHSA-2014:1648 - Security Advisory - Red Hat Customer PortalBroken Link
-
http://www.securitytracker.com/id/1031019
Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html
[security-announce] SUSE-SU-2014:1360-1: important: Security update forMailing List;Third Party Advisory
-
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/70441
Adobe Flash Player and AIR CVE-2014-0569 Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to