1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Adobe Flash Player CVE-2014-0515 3

Web Attack: Adobe Flash Player CVE-2014-0515 3

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of leveraging a buffer-overflow vulnerability in Adobe Flash Player which could lead to arbitrary code execution.

Additional Information

Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing Internet applications on the desktop.

Adobe Flash Player is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Limited information is currently available regarding this issue. We will update this BID as more information emerges.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions.

Affected

  • Adobe Flash Player 13.0.0.182 and earlier versions for Windows
  • Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.350 and earlier versions for Linux
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube