CVE-2014-0515

EXPLOITED IN THE WILD RANSOMWARE

Adobe Flash Player Shader Buffer Overflow

Title source: metasploit

Description

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/33333

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb

View Code ZIP pw:eip

References (8)

[Patch, Vendor Advisory] http://helpx.adobe.com/security/products/flash-player/apsb14-13.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-0447.html

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201405-04.xml

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67092

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030155

Scores

EPSS 0.9227

EPSS Percentile 99.7%

Exploitation Intel

VulnCheck KEV 2014-04-29

InTheWild.io 2018-12-13

Ransomware Use Confirmed

Classification

CWE

CWE-119

Status draft

Affected Products (1)

adobe/flash_player < 11.2.202.346

Timeline

Published Apr 29, 2014

Tracked Since Feb 18, 2026