cbcvebase.
CVE-2014-9163
published 2014-12-10

CVE-2014-9163: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux…

PriorityP180high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-04
Exploited in the wild
EPSS
20.36%
97.2th percentile
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.

Affected

4 ranges
VendorProductVersion rangeFixed in
adobeflash_player>= 11.0 < 11.2.202.42511.2.202.425
adobeflash_player>= 13.0 < 13.0.0.25913.0.0.259
adobeflash_player14.0 – 14.0.0.179
adobeflash_player>= 15.0 < 15.0.0.24615.0.0.246

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2014-9163 was actively exploited in the wild in December 2014; any Adobe Flash Player process running versions before 13.0.0.259, before 15.0.0.246 (14.x/15.x on Windows/OS X), or before 11.2.202.425 (Linux) should be flagged as vulnerable and potentially exploited.
  • Adobe confirmed an in-the-wild exploit for CVE-2014-9163 existed at the time of the December 2014 patch release; prioritize detection of unpatched Flash Player instances (below v16.0.0.235 on Windows/Mac) in network telemetry from that period.
  • The vulnerability class is a stack-based buffer overflow in Flash Player; monitor for crash telemetry or abnormal stack activity originating from flash-plugin or Flash Player processes, particularly on Linux systems running versions prior to 11.2.202.425.
  • ·Adobe Flash Player is end-of-life; if still present in any environment it should be treated as an unacceptable risk and disconnected rather than patched.
  • ·The exploit vector is described only as 'unspecified vectors' in all authoritative sources; no specific file, URL, or network indicator was publicly disclosed, limiting precise IOC-based detection.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vulncheck7.8HIGH
cisa7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.