← back
CVE-2014-0556

CVE-2014-0556

EPSS 84.2%
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/131516/Adobe-Flash-Player-copyPixelsToByteArray-Integer-Overflow.htmlunverifiedcve_referencewww.exploit-db.com/exploits/36808/unverifiedexploitdbwww.exploit-db.com/exploits/36808unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://googleprojectzero.blogspot.com/2014/09/exploiting-cve-2014-0556-in-flash.htmlhttp://helpx.adobe.com/security/products/flash-player/apsb14-21.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.htmlhttp://packetstormsecurity.com/files/131516/Adobe-Flash-Player-copyPixelsToByteArray-Integer-Overflow.htmlhttps://code.google.com/p/google-security-research/issues/detail?id=46http://secunia.com/advisories/61089http://security.gentoo.org/glsa/glsa-201409-05.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/95826https://www.exploit-db.com/exploits/36808/http://www.osvdb.org/111110