Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30594
HistoryMay 04, 2014 - 12:00 a.m.

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)

2014-05-0400:00:00
vulners.com
31
JSON

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free
Code Execution (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND

Adobe Flash Player is a cross-platform browser-based application runtime
that delivers viewing of expressive applications, content, and videos
across screens and browsers. It is installed on 98% of computers.

II. DESCRIPTION

VUPEN Vulnerability Research Team discovered a critical vulnerability
in Adobe Flash.

The vulnerability is caused by a use-after-free error when interacting
with the "ExternalInterface" class from the browser, which could be
exploited to achieve code execution via a malicious web page.

III. AFFECTED PRODUCTS

Adobe Flash versions prior to 13.0.0.182

IV. SOLUTION

Upgrade to Adobe Flash v13.0.0.182.

V. CREDIT

This vulnerability was discovered by VUPEN Security.

VI. ABOUT VUPEN Security

VUPEN is the leading provider of defensive and offensive cyber security
intelligence and advanced zero-day research. All VUPEN's vulnerability
intelligence results exclusively from its internal and in-house R&D
efforts conducted by its team of world-class researchers.

VUPEN Solutions: http://www.vupen.com/english/services/

VII. REFERENCES

http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
http://zerodayinitiative.com/advisories/ZDI-14-092/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0506

VIII. DISCLOSURE TIMELINE

2014-01-28 - Vulnerability Discovered by VUPEN Security
2014-03-13 - Vulnerability Reported to Adobe During Pwn2Own 2014
2014-04-08 - Vulnerability Fixed by Adobe
2014-04-14 - Public disclosure

Related

cve 1
prion 1
checkpoint_advisories 1
seebug 1
zdi 1
openvas 4
altlinux 2
nessus 14
suse 1
redhat 1
mageia 1
gentoo 1
securityvulns 1
cve
cve
CVE-2014-0506
2014-03-27 10:55:00
prion
prion
Design/Logic Flaw
2014-03-27 10:55:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Use After Free Code Execution (APSB14-09; CVE-2014-0506)
2014-04-09 00:00:00
seebug
seebug
Adobe Flash Playerδ»»ζ„δ»£η ζ‰§θ‘ŒζΌζ΄ž
2014-03-28 00:00:00
zdi
zdi
(Pwn2Own) Adobe Flash ExternalInterface Use-After-Free Remote Code Execution Vulnerability
2014-04-11 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities - 01 (Apr 2014) - Windows
2014-04-01 00:00:00
Mageia: Security Advisory (MGASA-2014-0169)
2022-01-28 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2014:0535-1)
2015-10-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt28
2014-04-15 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt28
2014-04-15 00:00:00
nessus
nessus
Adobe AIR <= AIR 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)
2014-04-09 00:00:00
MS KB2942844: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
2014-04-08 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2014:0380)
2014-04-10 00:00:00
suse
suse
Security update for flash-player (important)
2014-04-16 19:04:49
redhat
redhat
(RHSA-2014:0380) Critical: flash-plugin security update
2014-04-09 00:00:00
mageia
mageia
Updated flash-player-plugin package fixes multiple vulnerabilities
2014-04-09 19:40:40
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-05-03 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2014-05-04 00:00:00
JSON
Related for SECURITYVULNS:DOC:30594
cve1prion1checkpoint_advisories1seebug1zdi1openvas4altlinux2nessus14suse1redhat1mageia1gentoo1securityvulns1