Adobe Flash Player Stack-based Buffer Overflow Vulnerability (CVE-2014-0498)
Severity: CRITICAL
CVE Identifier: CVE-2014-0498
Advisory Date: JUL 21, 2015
DESCRIPTION
Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
PATCH: http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
Trend Micro Deep Security DPI Rule Number: 1005918
Trend Micro Deep Security DPI Rule Name: 1005918 - Adobe Flash Player Stack-based Buffer Overflow Vulnerability (CVE-2014-0498)
AFFECTED SOFTWARE AND VERSION
- Adobe AIR 4.0.0.1390 and earlier versions for Android
- Adobe AIR 3.9.0.1390 SDK & Compiler and earlier versions
- Adobe AIR 3.9.0.1390 SDK and earlier versions
- Adobe Flash Player 11.2.202.336 and earlier versions for Linux
- Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh
- adobe adobe_air 1.0
- adobe adobe_air 1.0.1
- adobe adobe_air 1.0.4990
- adobe adobe_air 1.0.8.4990
- adobe adobe_air 1.1
- adobe adobe_air 1.1.0.5790
- adobe adobe_air 1.5
- adobe adobe_air 1.5.0.7220
- adobe adobe_air 1.5.1
- adobe adobe_air 1.5.1.8210
- adobe adobe_air 1.5.2
- adobe adobe_air 1.5.3
- adobe adobe_air 1.5.3.9120
- adobe adobe_air 1.5.3.9130
- adobe adobe_air 2.0.2
- adobe adobe_air 2.0.2.12610
- adobe adobe_air 2.0.3
- adobe adobe_air 2.0.3.13070
- adobe adobe_air 2.0.4
- adobe adobe_air 2.5.0.16600
- adobe adobe_air 2.5.1.17730
- adobe adobe_air 2.6
- adobe adobe_air 2.6.0.19120
- adobe adobe_air 2.6.0.19140
- adobe adobe_air 2.7
- adobe adobe_air 2.7.0.1948
- adobe adobe_air 2.7.0.19480
- adobe adobe_air 2.7.0.1953
- adobe adobe_air 2.7.0.19530
- adobe adobe_air 2.7.1
- adobe adobe_air 2.7.1.19610
- adobe adobe_air 3.0.0.408
- adobe adobe_air 3.0.0.4080
- adobe adobe_air 3.1.0.485
- adobe adobe_air 3.1.0.488
- adobe adobe_air 3.1.0.4880
- adobe adobe_air 3.2.0.207
- adobe adobe_air 3.2.0.2070
- adobe adobe_air 3.3.0.3670
- adobe adobe_air 3.4.0.2540
- adobe adobe_air 3.4.0.2710
- adobe adobe_air 3.5.0.1060
- adobe adobe_air 3.5.0.600
- adobe adobe_air 3.5.0.880
- adobe adobe_air 3.5.0.890
- adobe adobe_air 3.6.0.597
- adobe adobe_air 3.6.0.6090
- adobe adobe_air 3.7.0.1530
- adobe adobe_air 3.7.0.1860
- adobe adobe_air 3.7.0.2090
- adobe adobe_air 3.8.0.870
- adobe adobe_air 3.8.0.910
- adobe adobe_air 3.9.0.1030
- adobe adobe_air 3.9.0.1060
- adobe adobe_air 3.9.0.1210
- adobe adobe_air 3.9.0.1380
- adobe adobe_air 4.0.0.1390
- adobe adobe_air_sdk 3.0.0.4080
- adobe adobe_air_sdk 3.1.0.488
- adobe adobe_air_sdk 3.2.0.2070
- adobe adobe_air_sdk 3.3.0.3650
- adobe adobe_air_sdk 3.3.0.3690
- adobe adobe_air_sdk 3.4.0.2540
- adobe adobe_air_sdk 3.4.0.2710
- adobe adobe_air_sdk 3.5.0.1060
- adobe adobe_air_sdk 3.5.0.600
- adobe adobe_air_sdk 3.5.0.880
- adobe adobe_air_sdk 3.5.0.890
- adobe adobe_air_sdk 3.6.0.599
- adobe adobe_air_sdk 3.6.0.6090
- adobe adobe_air_sdk 3.7.0.1530
- adobe adobe_air_sdk 3.7.0.1860
- adobe adobe_air_sdk 3.7.0.2090
- adobe adobe_air_sdk 3.8.0.1430
- adobe adobe_air_sdk 3.8.0.870
- adobe adobe_air_sdk 3.8.0.910
- adobe adobe_air_sdk 3.9.0.1030
- adobe adobe_air_sdk 3.9.0.1210
- adobe adobe_air_sdk 3.9.0.1380
- adobe adobe_air_sdk 4.0.0.1390
- adobe flash_player 11.0
- adobe flash_player 11.0.1.152
- adobe flash_player 11.0.1.153
- adobe flash_player 11.1
- adobe flash_player 11.1.102.55
- adobe flash_player 11.1.102.59
- adobe flash_player 11.1.102.62
- adobe flash_player 11.1.102.63
- adobe flash_player 11.1.111.44
- adobe flash_player 11.1.111.50
- adobe flash_player 11.1.111.54
- adobe flash_player 11.1.111.8
- adobe flash_player 11.1.115.34
- adobe flash_player 11.1.115.48
- adobe flash_player 11.1.115.54
- adobe flash_player 11.1.115.58
- adobe flash_player 11.1.115.7
- adobe flash_player 11.2.202.223
- adobe flash_player 11.2.202.228
- adobe flash_player 11.2.202.233
- adobe flash_player 11.2.202.235
- adobe flash_player 11.2.202.236
- adobe flash_player 11.2.202.238
- adobe flash_player 11.2.202.243
- adobe flash_player 11.2.202.251
- adobe flash_player 11.2.202.258
- adobe flash_player 11.2.202.261
- adobe flash_player 11.2.202.262
- adobe flash_player 11.2.202.270
- adobe flash_player 11.2.202.273
- adobe flash_player 11.2.202.275
- adobe flash_player 11.2.202.280
- adobe flash_player 11.2.202.285
- adobe flash_player 11.2.202.291
- adobe flash_player 11.2.202.297
- adobe flash_player 11.2.202.310
- adobe flash_player 11.2.202.327
- adobe flash_player 11.2.202.332
- adobe flash_player 11.2.202.335
- adobe flash_player 11.2.202.336
- adobe flash_player 11.3.300.257
- adobe flash_player 11.3.300.262
- adobe flash_player 11.3.300.265
- adobe flash_player 11.3.300.268
- adobe flash_player 11.3.300.270
- adobe flash_player 11.3.300.271
- adobe flash_player 11.3.300.273
- adobe flash_player 11.4.402.265
- adobe flash_player 11.4.402.278
- adobe flash_player 11.4.402.287
- adobe flash_player 11.5.502.110
- adobe flash_player 11.5.502.135
- adobe flash_player 11.5.502.136
- adobe flash_player 11.5.502.146
- adobe flash_player 11.5.502.149
- adobe flash_player 11.6.602.167
- adobe flash_player 11.6.602.168
- adobe flash_player 11.6.602.171
- adobe flash_player 11.6.602.180
- adobe flash_player 11.7.700.169
- adobe flash_player 11.7.700.202
- adobe flash_player 11.7.700.224
- adobe flash_player 11.7.700.225
- adobe flash_player 11.7.700.232
- adobe flash_player 11.7.700.242
- adobe flash_player 11.7.700.252
- adobe flash_player 11.7.700.257
- adobe flash_player 11.7.700.260
- adobe flash_player 11.7.700.261
- adobe flash_player 11.8.800.168
- adobe flash_player 11.8.800.94
- adobe flash_player 11.8.800.97
- adobe flash_player 11.9.900.117
- adobe flash_player 11.9.900.152
- adobe flash_player 11.9.900.170
- adobe flash_player 12.0.0.38
- adobe flash_player 12.0.0.41
- adobe flash_player 12.0.0.43
- adobe flash_player 12.0.0.44
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more