Lucene search

K
zdiWen Guanxing from VenustechZDI-14-040
HistoryApr 03, 2014 - 12:00 a.m.

Adobe Flash Player RegExp Stack Buffer Overflow Remote Code Execution Vulnerability

2014-04-0300:00:00
Wen Guanxing from Venustech
www.zerodayinitiative.com
22

EPSS

0.213

Percentile

96.5%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process.