Adobe Flash Player and AIR CVE-2014-0556 Unspecified Heap Based Buffer Overflow Vulnerability

Bugtraq ID:	69696
Class:	Unknown
CVE:	CVE-2014-0556
Remote:	Yes
Local:	No
Published:	Sep 09 2014 12:00AM
Updated:	Jul 15 2015 12:14AM
Credit:	Chris Evans of Google Project Zero
Vulnerable:	SuSE openSUSE 11.4 Red Hat Enterprise Linux Workstation Supplementary 6 Red Hat Enterprise Linux Supplementary 5 server Red Hat Enterprise Linux Server Supplementary 6 Red Hat Enterprise Linux Desktop Supplementary 6 Red Hat Enterprise Linux Desktop Supplementary 5 client Gentoo Linux Adobe Flash Player 10.1.53 .64 Adobe Flash Player 10.1.51 .66 Adobe Flash Player 10.0.45 2 Adobe Flash Player 10.0.32 18 Adobe Flash Player 10.0.22 .87 Adobe Flash Player 10.0.15 .3 Adobe Flash Player 10.0.12 .36 Adobe Flash Player 10.0.12 .35 Adobe Flash Player 9.0.262 Adobe Flash Player 9.0.246 0 Adobe Flash Player 9.0.152 .0 Adobe Flash Player 9.0.151 .0 Adobe Flash Player 9.0.124 .0 Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.289.0 Adobe Flash Player 9.0.283.0 Adobe Flash Player 9.0.280 Adobe Flash Player 9.0.28.0 Adobe Flash Player 9.0.277.0 Adobe Flash Player 9.0.262.0 Adobe Flash Player 9.0.260.0 Adobe Flash Player 9.0.246.0 Adobe Flash Player 9.0.159.0 Adobe Flash Player 9.0.155.0 Adobe Flash Player 9.0.115.0 Adobe Flash Player 9 Adobe Flash Player 8.0.35.0 Adobe Flash Player 8.0.34.0 Adobe Flash Player 8 Adobe Flash Player 7.0.73.0 Adobe Flash Player 7.0.70.0 Adobe Flash Player 7.0.69.0 Adobe Flash Player 7.0.68.0 Adobe Flash Player 7.0.67.0 Adobe Flash Player 7.0.66.0 Adobe Flash Player 7.0.61.0 Adobe Flash Player 7.0.60.0 Adobe Flash Player 7.0.53.0 Adobe Flash Player 7.0.24.0 Adobe Flash Player 7.0.19.0 Adobe Flash Player 7.0.14.0 Adobe Flash Player 7 Adobe Flash Player 6.0.79 Adobe Flash Player 6.0.21.0 Adobe Flash Player 11.2.202.235 Adobe Flash Player 11.2.202.233 Adobe Flash Player 11.2.202.229 Adobe Flash Player 11.2.202.228 Adobe Flash Player 11.2.202.223 Adobe Flash Player 11.1.115.8 Adobe Flash Player 11.1.115.7 Adobe Flash Player 11.1.115.6 Adobe Flash Player 11.1.112.61 Adobe Flash Player 11.1.111.9 Adobe Flash Player 11.1.111.8 Adobe Flash Player 11.1.111.7 Adobe Flash Player 11.1.111.6 Adobe Flash Player 11.1.111.5 Adobe Flash Player 11.1.102.63 Adobe Flash Player 11.1.102.62 Adobe Flash Player 11.1.102.55 Adobe Flash Player 11.1.102.228 Adobe Flash Player 11.0.1.152 Adobe Flash Player 10.3.186.7 Adobe Flash Player 10.3.186.6 Adobe Flash Player 10.3.186.3 Adobe Flash Player 10.3.186.2 Adobe Flash Player 10.3.185.25 Adobe Flash Player 10.3.185.23 Adobe Flash Player 10.3.185.22 Adobe Flash Player 10.3.185.21 Adobe Flash Player 10.3.183.7 Adobe Flash Player 10.3.183.5 Adobe Flash Player 10.3.183.4 Adobe Flash Player 10.3.183.10 Adobe Flash Player 10.3.181.34 Adobe Flash Player 10.3.181.26 Adobe Flash Player 10.3.181.23 Adobe Flash Player 10.3.181.22 Adobe Flash Player 10.3.181.16 Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.2.159.1 Adobe Flash Player 10.2.157.51 Adobe Flash Player 10.2.156.12 Adobe Flash Player 10.2.154.28 Adobe Flash Player 10.2.154.27 Adobe Flash Player 10.2.154.25 Adobe Flash Player 10.2.154.24 Adobe Flash Player 10.2.154.18 Adobe Flash Player 10.2.154.13 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.152.33 Adobe Flash Player 10.2.152.32 Adobe Flash Player 10.2.152.21 Adobe Flash Player 10.2.152 Adobe Flash Player 10.1.95.2 Adobe Flash Player 10.1.95.1 Adobe Flash Player 10.1.92.8 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.82.76 Adobe Flash Player 10.1.52.15 Adobe Flash Player 10.1.52.14.1 Adobe Flash Player 10.1.106.16 Adobe Flash Player 10.1.105.6 Adobe Flash Player 10.1.102.65 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.1 Release Candida Adobe Flash Player 10.0.42.34 Adobe Flash Player 10.0.32.18 Adobe Flash Player 10 Adobe AIR 2.0.4 Adobe AIR 2.0.3 Adobe AIR 1.5.3 .9130 Adobe AIR 1.5.3 .9120 Adobe AIR 1.5.3 Adobe AIR 1.5.2 Adobe AIR 1.5.1 Adobe AIR 3.2.0.2080 Adobe AIR 3.2.0.2070 Adobe AIR 3.1.0.4880 Adobe AIR 3.0 Adobe AIR 2.7.1.1961 Adobe AIR 2.7.1 Adobe AIR 2.7 Adobe AIR 2.6.19140 Adobe AIR 2.6.19120 Adobe AIR 2.6 Adobe AIR 2.5.1 Adobe AIR 2.0.3 Adobe AIR 2.0.2.12610 Adobe AIR 2.0.2 Adobe AIR 1.5 Adobe AIR 1.1 Adobe AIR 1.01 Adobe AIR 1.0
Not Vulnerable:

Adobe Flash Player and AIR CVE-2014-0556 Unspecified Heap Based Buffer Overflow Vulnerability

Adobe Flash Player and AIR are prone to an unspecified heap-based buffer-overflow.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions.

Adobe Flash Player and AIR CVE-2014-0556 Unspecified Heap Based Buffer Overflow Vulnerability

The following exploits are available:

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

• /data/vulnerabilities/exploits/69696.txt
• /data/vulnerabilities/exploits/69696.rb

Adobe Flash Player and AIR CVE-2014-0556 Unspecified Heap Based Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Adobe Flash Player and AIR CVE-2014-0556 Unspecified Heap Based Buffer Overflow Vulnerability

References:

• Adobe AIR homepage (Adobe)
  
• Adobe Homepage (Adobe)