CVE-2014-0515

EXPLOITED IN THE WILD RANSOMWARE

Adobe Flash Player Shader Buffer Overflow

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2014-0515 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 2 public exploits from researchers including Metasploit, Unknown, juan vazquez, including a Metasploit module exploits/multi/browser/adobe_flash_pixel_bender_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Adobe Flash Player's Shader class (CVE-2014-0515) by delivering a malicious SWF file via a crafted HTML page. It achieves remote code execution on vulnerable Flash versions (11.x, 12.x, or 13.x <= 13.0.0.182) on Windows systems.

Description

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/33333

This Metasploit module exploits a buffer overflow in Adobe Flash Player's Shader class (CVE-2014-0515) by delivering a malicious SWF file via a crafted HTML page. It achieves remote code execution on vulnerable Flash versions (11.x, 12.x, or 13.x <= 13.0.0.182) on Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player 11.x, 12.x, 13.x <= 13.0.0.182
No auth needed
Prerequisites: Victim must visit a malicious webpage · Target must have vulnerable Flash Player version installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Unknown, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb

This Metasploit module exploits a buffer overflow in Adobe Flash Player's Shader class (CVE-2014-0515) by delivering a malicious SWF file via a crafted HTML page. It achieves remote code execution on vulnerable Flash versions across Windows and Linux.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player (versions 11.x, 12.x, 13.x)
No auth needed
Prerequisites: Vulnerable Flash Player version · Browser with Flash plugin enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67092
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201405-04.xml
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0447.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030155

Scores

EPSS 0.9449
EPSS Percentile 99.8%

Details

VulnCheck KEV 2014-04-29
InTheWild.io 2018-12-13
Ransomware Use Confirmed
CWE
CWE-119
Status published
Products (1)
adobe/flash_player 11.0 - 11.2.202.346
Published Apr 29, 2014
Tracked Since Feb 18, 2026