Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiBilouZDI-14-417
HistoryDec 09, 2014 - 12:00 a.m.

Adobe Flash Player parseFloat Stack Buffer Overflow Remote Code Execution Vulnerability

2014-12-0900:00:00
bilou
www.zerodayinitiative.com
24

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.073 Low

EPSS

Percentile

94.0%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when calling parseFloat on a specific datatype. This can allow for an attacker to cause a fixed size stack buffer to overflow. An attacker can leverage this vulnerability to execute code within the context of the current process.

Related

cve 1
openvas 6
checkpoint_advisories 1
zdt 1
attackerkb 1
ubuntucve 1
symantec 1
cisa_kev 1
prion 1
threatpost 2
nessus 11
redhat 1
suse 3
archlinux 1
mageia 1
gentoo 1
cve
cve
CVE-2014-9163
2014-12-10 21:59:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (APSB14-27)- 02 (Dec 2014) - Windows
2014-12-15 00:00:00
Adobe Flash Player Multiple Vulnerabilities (APSB14-27)- 02 (Dec 2014) - Mac OS X
2014-12-15 00:00:00
Mageia: Security Advisory (MGASA-2014-0521)
2022-01-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Stack Buffer Overflow (CVE-2014-9163)
2014-12-14 00:00:00
zdt
zdt
Adobe Flash Player parseFloat Stack Buffer Overflow Remote Code Execution Vulnerability
2014-12-10 00:00:00
attackerkb
attackerkb
CVE-2014-9163
2014-12-10 00:00:00
ubuntucve
ubuntucve
CVE-2014-9163
2014-12-10 00:00:00
symantec
symantec
Adobe Flash Player CVE-2014-9163 Stack Based Buffer Overflow Vulnerability
2014-12-09 00:00:00
cisa_kev
cisa_kev
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
2022-04-13 00:00:00
prion
prion
Stack overflow
2014-12-10 21:59:00
threatpost
threatpost
Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days
2015-02-11 16:07:36
December 2014 Adobe Flash, Reader, Acrobat, ColdFusion Patch
2014-12-09 12:17:22
nessus
nessus
MS KB3008925: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
2014-12-09 00:00:00
Google Chrome < 39.0.2171.95 Multiple Vulnerabilities (Mac OS X)
2014-12-09 00:00:00
Flash Player < 16.0.0.235 Multiple Vulnerabilities (APSB14-27)
2014-12-22 00:00:00
redhat
redhat
(RHSA-2014:1981) Critical: flash-plugin security update
2014-12-10 00:00:00
suse
suse
Security update for flash-player (critical)
2014-12-12 00:05:07
Security update for flash-player (important)
2014-12-12 14:04:42
Security update for flash-player (important)
2014-12-16 01:04:46
archlinux
archlinux
flashplugin: multiple issues
2014-12-12 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix multiple security vulnerabilities
2014-12-09 23:12:41
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-12-11 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.073 Low

EPSS

Percentile

94.0%

JSON
Related for ZDI-14-417
cve1openvas6checkpoint_advisories1zdt1attackerkb1ubuntucve1symantec1cisa_kev1prion1threatpost2nessus11redhat1suse3archlinux1mageia1gentoo1