⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2014-0515Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer21 documents12 sources
Severity
10.0CRITICALNVD
EPSS
92.6%
top 0.25%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Flash Player
Timeline
PublishedApr 29
Latest updateMay 14

Description

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player11.011.2.202.346+2

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-77rc-jc7q-8wrw: Buffer overflow in Adobe Flash Player before 112022-05-14
VulnCheck
Adobe Flash Player Improper Restriction of Operations within the Bounds of a Memory Buffer2014

💥Exploits & PoCs

2
Exploit-DB
Adobe Flash Player - Shader Buffer Overflow (Metasploit)2014-05-12
Metasploit
Adobe Flash Player Shader Buffer Overflow

📋Vendor Advisories

1
Red Hat
flash-plugin: buffer overflow vulnerability leads to arbitrary code execution (APSB14-13)2014-04-28

🕵️Threat Intelligence

14
Securelist
How Security Products are Tested – Part 12017-02-27
Zscaler
Bad Actors On GMHOST Alexander Mulgin Serginovic | Zscaler2016-01-12
Talos
Evolution of the Nuclear Exploit Kit2014-10-09
Talos
Evolution of the Nuclear Exploit Kit2014-10-09
Zscaler
Nuclear Exploit Kit And Flash CVE-2014-0515 | Zscaler2014-09-05

💬Community

1
Bugzilla
CVE-2014-0515 flash-plugin: buffer overflow vulnerability leads to arbitrary code execution (APSB14-13)2014-04-28