HTTP: Adobe Flash Player CVE-2014-0557 Memory Leak

This signature detects an attempt to exploit a known vulnerability against Adobe Flash Player while processing a malformed image file. Successful exploitation could allow an attacker to bypass memory protection and perform ASLR to defeat the code execution protection mechanisms.

Extended Description

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

Affected Products

Adobe adobe_air_sdk

References

CVE: CVE-2014-0557

Short Name
HTTP:STC:ADOBE:2014-0557-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2014-0557 Flash Leak Memory Player
Release Date
11/10/2014
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Adobe

CVSS Score

10.0

Found a potential security threat?