CVE-2014-0569

EXPLOITED RANSOMWARE

Adobe Flash Player < 13.0.0.250, 14.x-15.x < 15.0.0.189, < 11.2.202.411 - Remote Code Execution via Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2014-0569 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 2 public exploits from researchers including Metasploit, bilou, juan vazquez, including a Metasploit module exploits/windows/browser/adobe_flash_casi32_int_overflow.

AI-analyzed exploit summary This Metasploit module exploits an integer overflow in Adobe Flash Player's casi32 method by delivering a malicious SWF file via a browser exploit server. It achieves remote code execution by embedding a PowerShell payload in the FlashVars parameter.

Description

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/36744

This Metasploit module exploits an integer overflow in Adobe Flash Player's casi32 method by delivering a malicious SWF file via a browser exploit server. It achieves remote code execution by embedding a PowerShell payload in the FlashVars parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player 15.0.0.167
No auth needed
Prerequisites: Target must be using Windows 7 SP1 with Internet Explorer 8-11 and Flash Player 15.0.0.167
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by bilou, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_casi32_int_overflow.rb

This Metasploit module exploits an integer overflow in Adobe Flash Player's casi32 method by sending a malicious SWF file to trigger remote code execution. It targets Windows 7/8.1 with Flash versions up to 15.0.0.167 via browser exploitation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player <= 15.0.0.167
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Flash Player must be enabled in the browser
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/70441
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61980
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html
Broken Link vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1648.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031019
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-365/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html

Scores

EPSS 0.8901
EPSS Percentile 99.5%

Details

VulnCheck KEV 2016-12-13
Ransomware Use Confirmed
CWE
CWE-190
Status published
Products (11)
adobe/air_desktop_runtime < 15.0.0.249
adobe/air_sdk < 15.0.0.249
adobe/flash_player < 11.2.202.406
adobe/flash_player < 13.0.0.244
adobe/flash_player < 15.0.0.152
adobe/flash_player < 15.0.0.167 (2 CPE variants)
adobe/flash_player_desktop_runtime < 15.0.0.167
opensuse/evergreen 11.4
opensuse/opensuse 12.3
opensuse/opensuse 13.1
... and 1 more
Published Oct 15, 2014
Tracked Since Feb 18, 2026