1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Adobe Flash Player CVE-2014-0569 2

Web Attack: Adobe Flash Player CVE-2014-0569 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an Integer Overflow vulnerability in Adobe Flash Player and AIR.

Additional Information

Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe AIR is a cross-platform runtime for developing Internet applications on the desktop.

Adobe Flash Player and AIR are prone to an integer-overflow vulnerability because it fails to sanitize a user-supplied length value with a specific array implementation. Specifically, this issue exists within the implementation of 'casi32'.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.

Affected

  • Various Flash Player versions.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube