Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 11.7.700.279 / 13.0.0.206 Buffer Overflow (APSB14-13)

High

Synopsis

The remote host is running an outdated version of Adobe Flash Player for Internet Explorer that is affected by a buffer overflow vulnerability.

Description

Versions of Adobe Flash player prior to 11.7.700.279 / 13.0.0.206 are outdated and thus unpatched for an overflow condition in the pixel bender component. The issue is triggered as user-supplied input is not properly validated. With a specially crafted SWF file, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2014-0515)

Solution

Upgrade to Adobe Flash Player version 13.0.0.206 or later. If 13.x cannot be obtained, 11.7.700.279 has also been patched for this vulnerability.