CVE-2014-8440

Adobe Flash Player < 13.0.0.252 - Denial of Service

Title source: rule

Description

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/36880

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Nicolas Joly, Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_uncompress_zlib_uninitialized.rb

View Code ZIP pw:eip

References (6)

[Patch, Vendor Advisory] http://helpx.adobe.com/security/products/flash-player/apsb14-24.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/71047

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/98615

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/36880/

[Third Party Advisory] https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1081

Scores

EPSS 0.8681

EPSS Percentile 99.4%

Classification

Status draft

Affected Products (4)

adobe/flash_player < 13.0.0.252

adobe/air_sdk < 15.0.0.356

adobe/air < 15.0.0.356

adobe/air_sdk_\&_compiler < 15.0.0.356

Timeline

Published Nov 11, 2014

Tracked Since Feb 18, 2026