ID CVE-2014-0569
Summary Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • Adobe Flash Player 11.2.202.223
    cpe:2.3:a:adobe:flash_player:11.2.202.223
  • Adobe Flash Player 11.2.202.228
    cpe:2.3:a:adobe:flash_player:11.2.202.228
  • Adobe Flash Player 11.2.202.233
    cpe:2.3:a:adobe:flash_player:11.2.202.233
  • Adobe Flash Player 11.2.202.235
    cpe:2.3:a:adobe:flash_player:11.2.202.235
  • Adobe Flash Player 11.2.202.236
    cpe:2.3:a:adobe:flash_player:11.2.202.236
  • Adobe Flash Player 11.2.202.238
    cpe:2.3:a:adobe:flash_player:11.2.202.238
  • Adobe Flash Player 11.2.202.243
    cpe:2.3:a:adobe:flash_player:11.2.202.243
  • Adobe Flash Player 11.2.202.251
    cpe:2.3:a:adobe:flash_player:11.2.202.251
  • Adobe Flash Player 11.2.202.258
    cpe:2.3:a:adobe:flash_player:11.2.202.258
  • Adobe Flash Player 11.2.202.261
    cpe:2.3:a:adobe:flash_player:11.2.202.261
  • Adobe Flash Player 11.2.202.262
    cpe:2.3:a:adobe:flash_player:11.2.202.262
  • Adobe Flash Player 11.2.202.270
    cpe:2.3:a:adobe:flash_player:11.2.202.270
  • Adobe Flash Player 11.2.202.273
    cpe:2.3:a:adobe:flash_player:11.2.202.273
  • Adobe Flash Player 11.2.202.275
    cpe:2.3:a:adobe:flash_player:11.2.202.275
  • Adobe Flash Player 11.2.202.280
    cpe:2.3:a:adobe:flash_player:11.2.202.280
  • Adobe Flash Player 11.2.202.285
    cpe:2.3:a:adobe:flash_player:11.2.202.285
  • Adobe Flash Player 11.2.202.291
    cpe:2.3:a:adobe:flash_player:11.2.202.291
  • Adobe Flash Player 11.2.202.297
    cpe:2.3:a:adobe:flash_player:11.2.202.297
  • Adobe Flash Player 11.2.202.310
    cpe:2.3:a:adobe:flash_player:11.2.202.310
  • Adobe Flash Player 11.2.202.332
    cpe:2.3:a:adobe:flash_player:11.2.202.332
  • Adobe Flash Player 11.2.202.335
    cpe:2.3:a:adobe:flash_player:11.2.202.335
  • Adobe Flash Player 11.2.202.336
    cpe:2.3:a:adobe:flash_player:11.2.202.336
  • Adobe Flash Player 11.2.202.341
    cpe:2.3:a:adobe:flash_player:11.2.202.341
  • Adobe Flash Player 11.2.202.346
    cpe:2.3:a:adobe:flash_player:11.2.202.346
  • Adobe Flash Player 11.2.202.350
    cpe:2.3:a:adobe:flash_player:11.2.202.350
  • Adobe Flash Player 11.2.202.356
    cpe:2.3:a:adobe:flash_player:11.2.202.356
  • Adobe Flash Player 11.2.202.359
    cpe:2.3:a:adobe:flash_player:11.2.202.359
  • Adobe Flash Player 11.2.202.378
    cpe:2.3:a:adobe:flash_player:11.2.202.378
  • Adobe Flash Player 11.2.202.394
    cpe:2.3:a:adobe:flash_player:11.2.202.394
  • Adobe Flash Player 11.2.202.400
    cpe:2.3:a:adobe:flash_player:11.2.202.400
  • Adobe Flash Player 11.2.202.406
    cpe:2.3:a:adobe:flash_player:11.2.202.406
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Adobe Adobe Integrated Runtime (AIR) 13.0.0.83
    cpe:2.3:a:adobe:adobe_air:13.0.0.83
  • Adobe Adobe Integrated Runtime (AIR) 13.0.0.111
    cpe:2.3:a:adobe:adobe_air:13.0.0.111
  • Adobe Adobe Integrated Runtime (AIR) 14.0.0.110
    cpe:2.3:a:adobe:adobe_air:14.0.0.110
  • Adobe Adobe Integrated Runtime (AIR) 14.0.0.137
    cpe:2.3:a:adobe:adobe_air:14.0.0.137
  • cpe:2.3:a:adobe:adobe_air:14.0.0.179
    cpe:2.3:a:adobe:adobe_air:14.0.0.179
  • cpe:2.3:a:adobe:adobe_air:15.0.0.252
    cpe:2.3:a:adobe:adobe_air:15.0.0.252
  • Adobe Adobe Integrated Runtime (AIR) 13.0.0.83
    cpe:2.3:a:adobe:adobe_air:13.0.0.83
  • Adobe Adobe Integrated Runtime (AIR) 13.0.0.111
    cpe:2.3:a:adobe:adobe_air:13.0.0.111
  • Adobe Adobe Integrated Runtime (AIR) 14.0.0.110
    cpe:2.3:a:adobe:adobe_air:14.0.0.110
  • Adobe Adobe Integrated Runtime (AIR) 14.0.0.137
    cpe:2.3:a:adobe:adobe_air:14.0.0.137
  • cpe:2.3:a:adobe:adobe_air:14.0.0.178
    cpe:2.3:a:adobe:adobe_air:14.0.0.178
  • cpe:2.3:a:adobe:adobe_air:15.0.0.249
    cpe:2.3:a:adobe:adobe_air:15.0.0.249
  • Adobe Flash Player 13.0.0.182
    cpe:2.3:a:adobe:flash_player:13.0.0.182
  • Adobe Flash Player 13.0.0.201
    cpe:2.3:a:adobe:flash_player:13.0.0.201
  • Adobe Flash Player 13.0.0.206
    cpe:2.3:a:adobe:flash_player:13.0.0.206
  • Adobe Flash Player 13.0.0.214
    cpe:2.3:a:adobe:flash_player:13.0.0.214
  • Adobe Flash Player 13.0.0.223
    cpe:2.3:a:adobe:flash_player:13.0.0.223
  • Adobe Flash Player 13.0.0.231
    cpe:2.3:a:adobe:flash_player:13.0.0.231
  • Adobe Flash Player 13.0.0.241
    cpe:2.3:a:adobe:flash_player:13.0.0.241
  • Adobe Flash Player 13.0.0.244
    cpe:2.3:a:adobe:flash_player:13.0.0.244
  • Adobe Flash Player 14.0.0.125
    cpe:2.3:a:adobe:flash_player:14.0.0.125
  • Adobe Flash Player 14.0.0.145
    cpe:2.3:a:adobe:flash_player:14.0.0.145
  • Adobe Flash Player 14.0.0.176
    cpe:2.3:a:adobe:flash_player:14.0.0.176
  • Adobe Flash Player 14.0.0.179
    cpe:2.3:a:adobe:flash_player:14.0.0.179
  • cpe:2.3:a:adobe:flash_player:15.0.0.144
    cpe:2.3:a:adobe:flash_player:15.0.0.144
  • Adobe Flash Player 15.0.0.152
    cpe:2.3:a:adobe:flash_player:15.0.0.152
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Adobe Integrated Runtime (AIR) SDK 13.0.0.83
    cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83
  • Adobe Adobe Integrated Runtime (AIR) SDK 13.0.0.111
    cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111
  • Adobe Adobe Integrated Runtime (AIR) SDK 14.0.0.110
    cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110
  • Adobe Adobe Integrated Runtime (AIR) SDK 14.0.0.137
    cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137
  • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.178
    cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.178
  • cpe:2.3:a:adobe:adobe_air_sdk:15.0.0.249
    cpe:2.3:a:adobe:adobe_air_sdk:15.0.0.249
CVSS
Base: 10.0 (as of 20-10-2014 - 14:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Adobe Flash Player casi32 Integer Overflow. CVE-2014-0569. Remote exploit for windows platform
id EDB-ID:36744
last seen 2016-02-04
modified 2015-04-13
published 2015-04-13
reporter metasploit
source https://www.exploit-db.com/download/36744/
title Adobe Flash Player casi32 Integer Overflow
metasploit via4
description This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.
id MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_CASI32_INT_OVERFLOW
last seen 2019-03-02
modified 2017-07-24
published 2015-04-10
reliability Great
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_casi32_int_overflow.rb
title Adobe Flash Player casi32 Integer Overflow
nessus via4
  • NASL family Windows
    NASL id SMB_KB3001237.NASL
    description The remote host is missing KB3001237. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558) - An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569) - An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer. (CVE-2014-8439)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 78444
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78444
    title MS KB3001237: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-603.NASL
    description - Security update to 11.2.202.411 (bnc#901334) : - APSB14-22, CVE-2014-0569 (ZDI-14-365), CVE-2014-0564, CVE-2014-0558
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78719
    published 2014-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78719
    title openSUSE Security Update : flash-player (openSUSE-SU-2014:1329-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FLASH-PLAYER-141020.NASL
    description This update fixes multiple code execution vulnerabilities in flash-player (APSB14-22). CVE-2014-0564 / CVE-2014-0558 / CVE-2014-0569 have been assigned to this issue.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 78885
    published 2014-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78885
    title SuSE 11.3 Security Update : flash-player (SAT Patch Number 9898)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSB14-22.NASL
    description According to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 15.0.0.167. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558) - An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569) - An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer. (CVE-2014-8439)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 78441
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78441
    title Flash Player <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FLASH_PLAYER_15_0_0_189.NASL
    description According to its version, the installation of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 15.0.0.167. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558) - An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569) - An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer. (CVE-2014-8439)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 78443
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78443
    title Flash Player for Mac <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_AIR_15_0_0_293.NASL
    description According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 15.0.0.249. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558) - An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569) - An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer. (CVE-2014-8439)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 78442
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78442
    title Adobe AIR for Mac <= 15.0.0.249 Multiple Vulnerabilities (APSB14-21)
  • NASL family Windows
    NASL id GOOGLE_CHROME_38_0_2125_104.NASL
    description The version of Google Chrome installed on the remote host is a version prior to 38.0.2125.104. It is, therefore, affected by the following vulnerabilities due to the version of Adobe Flash bundled with the application : - Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558) - An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569) - An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer. (CVE-2014-8439)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 78475
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78475
    title Google Chrome < 38.0.2125.104 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201411-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201411-06 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 79404
    published 2014-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79404
    title GLSA-201411-06 : Adobe Flash Player: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1648.NASL
    description An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-22, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0558, CVE-2014-0564, CVE-2014-0569) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.411.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 78503
    published 2014-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78503
    title RHEL 5 / 6 : flash-plugin (RHSA-2014:1648)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_38_0_2125_104.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 38.0.2125.104. It is, therefore, affected by the following vulnerabilities due to the version of Adobe Flash bundled with the application : - Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558) - An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569) - An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer. (CVE-2014-8439)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 78476
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78476
    title Google Chrome < 38.0.2125.104 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id ADOBE_AIR_APSB14-22.NASL
    description According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 15.0.0.249. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558) - An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569) - An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer. (CVE-2014-8439)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 78440
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78440
    title Adobe AIR <= AIR 15.0.0.249 Multiple Vulnerabilities (APSB14-22)
packetstorm via4
data source https://packetstormsecurity.com/files/download/131382/adobe_flash_casi32_int_overflow.rb.txt
id PACKETSTORM:131382
last seen 2016-12-05
published 2015-04-10
reporter juan vazquez
source https://packetstormsecurity.com/files/131382/Adobe-Flash-Player-casi32-Integer-Overflow.html
title Adobe Flash Player casi32 Integer Overflow
redhat via4
advisories
rhsa
id RHSA-2014:1648
refmap via4
bid 70441
confirm http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
misc http://www.zerodayinitiative.com/advisories/ZDI-14-365/
sectrack 1031019
secunia 61980
suse
  • SUSE-SU-2014:1360
  • openSUSE-SU-2014:1329
  • openSUSE-SU-2015:0725
Last major update 02-01-2017 - 21:59
Published 15-10-2014 - 06:55
Last modified 06-10-2017 - 21:29
Back to Top