1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Adobe Flash Player CVE-2014-0515

Web Attack: Adobe Flash Player CVE-2014-0515

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of leveraging non-ASLR enabled modules to create ROP chain which could lead to arbitrary code execution.

Additional Information

Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing Internet applications on the desktop.

Adobe Flash Player and AIR are prone to a remote code-execution vulnerability that occurs because of a double free error.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Affected

  • Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube