HTTP: Adobe Flash Player Pointer Memory Leak

This signature detects an attempt to detect a memory leak vulnerability against Adobe Flash Player. The flaw is occurred while dereferencing a function pointer. Successful exploitation could allow an attacker to view arbitrary memory contents and launch further ASLR based attacks eventually.

Extended Description

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545.

Affected Products

Adobe adobe_air_sdk

References

CVE: CVE-2014-0540

Short Name
HTTP:STC:ADOBE:MEM-PTR-LEAK
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2014-0540 Flash Leak Memory Player Pointer
Release Date
08/19/2014
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Adobe

CVSS Score

10.0

Found a potential security threat?