Adobe Flash Player Stack-based Buffer Overflow Vulnerability (CVE-2014-0498)

Publish date: July 21, 2015

Severity: CRITICAL

CVE Identifier: CVE-2014-0498

Advisory Date: JUL 21, 2015

DESCRIPTION

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.

TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

SOLUTION

PATCH: http://helpx.adobe.com/security/products/flash-player/apsb14-07.html

Trend Micro Deep Security DPI Rule Number: 1005918

Trend Micro Deep Security DPI Rule Name: 1005918 - Adobe Flash Player Stack-based Buffer Overflow Vulnerability (CVE-2014-0498)

AFFECTED SOFTWARE AND VERSION

Adobe AIR 4.0.0.1390 and earlier versions for Android
Adobe AIR 3.9.0.1390 SDK & Compiler and earlier versions
Adobe AIR 3.9.0.1390 SDK and earlier versions
Adobe Flash Player 11.2.202.336 and earlier versions for Linux
Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh
adobe adobe_air 1.0
adobe adobe_air 1.0.1
adobe adobe_air 1.0.4990
adobe adobe_air 1.0.8.4990
adobe adobe_air 1.1
adobe adobe_air 1.1.0.5790
adobe adobe_air 1.5
adobe adobe_air 1.5.0.7220
adobe adobe_air 1.5.1
adobe adobe_air 1.5.1.8210
adobe adobe_air 1.5.2
adobe adobe_air 1.5.3
adobe adobe_air 1.5.3.9120
adobe adobe_air 1.5.3.9130
adobe adobe_air 2.0.2
adobe adobe_air 2.0.2.12610
adobe adobe_air 2.0.3
adobe adobe_air 2.0.3.13070
adobe adobe_air 2.0.4
adobe adobe_air 2.5.0.16600
adobe adobe_air 2.5.1.17730
adobe adobe_air 2.6
adobe adobe_air 2.6.0.19120
adobe adobe_air 2.6.0.19140
adobe adobe_air 2.7
adobe adobe_air 2.7.0.1948
adobe adobe_air 2.7.0.19480
adobe adobe_air 2.7.0.1953
adobe adobe_air 2.7.0.19530
adobe adobe_air 2.7.1
adobe adobe_air 2.7.1.19610
adobe adobe_air 3.0.0.408
adobe adobe_air 3.0.0.4080
adobe adobe_air 3.1.0.485
adobe adobe_air 3.1.0.488
adobe adobe_air 3.1.0.4880
adobe adobe_air 3.2.0.207
adobe adobe_air 3.2.0.2070
adobe adobe_air 3.3.0.3670
adobe adobe_air 3.4.0.2540
adobe adobe_air 3.4.0.2710
adobe adobe_air 3.5.0.1060
adobe adobe_air 3.5.0.600
adobe adobe_air 3.5.0.880
adobe adobe_air 3.5.0.890
adobe adobe_air 3.6.0.597
adobe adobe_air 3.6.0.6090
adobe adobe_air 3.7.0.1530
adobe adobe_air 3.7.0.1860
adobe adobe_air 3.7.0.2090
adobe adobe_air 3.8.0.870
adobe adobe_air 3.8.0.910
adobe adobe_air 3.9.0.1030
adobe adobe_air 3.9.0.1060
adobe adobe_air 3.9.0.1210
adobe adobe_air 3.9.0.1380
adobe adobe_air 4.0.0.1390
adobe adobe_air_sdk 3.0.0.4080
adobe adobe_air_sdk 3.1.0.488
adobe adobe_air_sdk 3.2.0.2070
adobe adobe_air_sdk 3.3.0.3650
adobe adobe_air_sdk 3.3.0.3690
adobe adobe_air_sdk 3.4.0.2540
adobe adobe_air_sdk 3.4.0.2710
adobe adobe_air_sdk 3.5.0.1060
adobe adobe_air_sdk 3.5.0.600
adobe adobe_air_sdk 3.5.0.880
adobe adobe_air_sdk 3.5.0.890
adobe adobe_air_sdk 3.6.0.599
adobe adobe_air_sdk 3.6.0.6090
adobe adobe_air_sdk 3.7.0.1530
adobe adobe_air_sdk 3.7.0.1860
adobe adobe_air_sdk 3.7.0.2090
adobe adobe_air_sdk 3.8.0.1430
adobe adobe_air_sdk 3.8.0.870
adobe adobe_air_sdk 3.8.0.910
adobe adobe_air_sdk 3.9.0.1030
adobe adobe_air_sdk 3.9.0.1210
adobe adobe_air_sdk 3.9.0.1380
adobe adobe_air_sdk 4.0.0.1390
adobe flash_player 11.0
adobe flash_player 11.0.1.152
adobe flash_player 11.0.1.153
adobe flash_player 11.1
adobe flash_player 11.1.102.55
adobe flash_player 11.1.102.59
adobe flash_player 11.1.102.62
adobe flash_player 11.1.102.63
adobe flash_player 11.1.111.44
adobe flash_player 11.1.111.50
adobe flash_player 11.1.111.54
adobe flash_player 11.1.111.8
adobe flash_player 11.1.115.34
adobe flash_player 11.1.115.48
adobe flash_player 11.1.115.54
adobe flash_player 11.1.115.58
adobe flash_player 11.1.115.7
adobe flash_player 11.2.202.223
adobe flash_player 11.2.202.228
adobe flash_player 11.2.202.233
adobe flash_player 11.2.202.235
adobe flash_player 11.2.202.236
adobe flash_player 11.2.202.238
adobe flash_player 11.2.202.243
adobe flash_player 11.2.202.251
adobe flash_player 11.2.202.258
adobe flash_player 11.2.202.261
adobe flash_player 11.2.202.262
adobe flash_player 11.2.202.270
adobe flash_player 11.2.202.273
adobe flash_player 11.2.202.275
adobe flash_player 11.2.202.280
adobe flash_player 11.2.202.285
adobe flash_player 11.2.202.291
adobe flash_player 11.2.202.297
adobe flash_player 11.2.202.310
adobe flash_player 11.2.202.327
adobe flash_player 11.2.202.332
adobe flash_player 11.2.202.335
adobe flash_player 11.2.202.336
adobe flash_player 11.3.300.257
adobe flash_player 11.3.300.262
adobe flash_player 11.3.300.265
adobe flash_player 11.3.300.268
adobe flash_player 11.3.300.270
adobe flash_player 11.3.300.271
adobe flash_player 11.3.300.273
adobe flash_player 11.4.402.265
adobe flash_player 11.4.402.278
adobe flash_player 11.4.402.287
adobe flash_player 11.5.502.110
adobe flash_player 11.5.502.135
adobe flash_player 11.5.502.136
adobe flash_player 11.5.502.146
adobe flash_player 11.5.502.149
adobe flash_player 11.6.602.167
adobe flash_player 11.6.602.168
adobe flash_player 11.6.602.171
adobe flash_player 11.6.602.180
adobe flash_player 11.7.700.169
adobe flash_player 11.7.700.202
adobe flash_player 11.7.700.224
adobe flash_player 11.7.700.225
adobe flash_player 11.7.700.232
adobe flash_player 11.7.700.242
adobe flash_player 11.7.700.252
adobe flash_player 11.7.700.257
adobe flash_player 11.7.700.260
adobe flash_player 11.7.700.261
adobe flash_player 11.8.800.168
adobe flash_player 11.8.800.94
adobe flash_player 11.8.800.97
adobe flash_player 11.9.900.117
adobe flash_player 11.9.900.152
adobe flash_player 11.9.900.170
adobe flash_player 12.0.0.38
adobe flash_player 12.0.0.41
adobe flash_player 12.0.0.43
adobe flash_player 12.0.0.44

Related Blog Entries

New Adobe Flash Player Zero-day Exploit Leads to PlugX

Related Web Attack

Gateways to Infection: Exploiting Software Vulnerabilities

Featured Stories

$Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services$
Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services
To conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.
Read more
$Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities$
Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities
How can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.
Read more
$The Mirage of AI Programming: Hallucinations and Code Integrity$
The Mirage of AI Programming: Hallucinations and Code Integrity
The adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.
Read more
$Open Ran Attack of xApps$
Open RAN: Attack of the xApps
This article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handling
Read more