Adobe Flash Player CVE-2014-9163 Stack Based Buffer Overflow Vulnerability

2014-12-0900:00:00

Symantec Security Response

www.symantec.com

EPSS

0.072

Percentile

94.1%

JSON

Description

Adobe Flash Player is prone to a stack-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions.

Technologies Affected

Adobe Flash Player 10
Adobe Flash Player 10.0.0.584
Adobe Flash Player 10.0.12 .35
Adobe Flash Player 10.0.12 .36
Adobe Flash Player 10.0.12.10
Adobe Flash Player 10.0.15 .3
Adobe Flash Player 10.0.2.54
Adobe Flash Player 10.0.22.87
Adobe Flash Player 10.0.32 18
Adobe Flash Player 10.0.32.18
Adobe Flash Player 10.0.42.34
Adobe Flash Player 10.0.45 2
Adobe Flash Player 10.1
Adobe Flash Player 10.1.102.64
Adobe Flash Player 10.1.102.65
Adobe Flash Player 10.1.105.6
Adobe Flash Player 10.1.106.16
Adobe Flash Player 10.1.106.17
Adobe Flash Player 10.1.51.66
Adobe Flash Player 10.1.52.14
Adobe Flash Player 10.1.52.14.1
Adobe Flash Player 10.1.52.15
Adobe Flash Player 10.1.53.64
Adobe Flash Player 10.1.82.76
Adobe Flash Player 10.1.85.3
Adobe Flash Player 10.1.92.10
Adobe Flash Player 10.1.92.8
Adobe Flash Player 10.1.95.1
Adobe Flash Player 10.1.95.2
Adobe Flash Player 10.2.152
Adobe Flash Player 10.2.152.21
Adobe Flash Player 10.2.152.26
Adobe Flash Player 10.2.152.32
Adobe Flash Player 10.2.152.33
Adobe Flash Player 10.2.153.1
Adobe Flash Player 10.2.154.13
Adobe Flash Player 10.2.154.18
Adobe Flash Player 10.2.154.24
Adobe Flash Player 10.2.154.25
Adobe Flash Player 10.2.154.27
Adobe Flash Player 10.2.154.28
Adobe Flash Player 10.2.156.12
Adobe Flash Player 10.2.157.51
Adobe Flash Player 10.2.159.1
Adobe Flash Player 10.3.181.14
Adobe Flash Player 10.3.181.16
Adobe Flash Player 10.3.181.22
Adobe Flash Player 10.3.181.23
Adobe Flash Player 10.3.181.26
Adobe Flash Player 10.3.181.34
Adobe Flash Player 10.3.183.10
Adobe Flash Player 10.3.183.11
Adobe Flash Player 10.3.183.15
Adobe Flash Player 10.3.183.16
Adobe Flash Player 10.3.183.18
Adobe Flash Player 10.3.183.19
Adobe Flash Player 10.3.183.20
Adobe Flash Player 10.3.183.23
Adobe Flash Player 10.3.183.25
Adobe Flash Player 10.3.183.29
Adobe Flash Player 10.3.183.4
Adobe Flash Player 10.3.183.43
Adobe Flash Player 10.3.183.48
Adobe Flash Player 10.3.183.5
Adobe Flash Player 10.3.183.50
Adobe Flash Player 10.3.183.51
Adobe Flash Player 10.3.183.61
Adobe Flash Player 10.3.183.63
Adobe Flash Player 10.3.183.67
Adobe Flash Player 10.3.183.68
Adobe Flash Player 10.3.183.7
Adobe Flash Player 10.3.183.75
Adobe Flash Player 10.3.183.86
Adobe Flash Player 10.3.185.21
Adobe Flash Player 10.3.185.22
Adobe Flash Player 10.3.185.23
Adobe Flash Player 10.3.185.24
Adobe Flash Player 10.3.185.25
Adobe Flash Player 10.3.186.2
Adobe Flash Player 10.3.186.3
Adobe Flash Player 10.3.186.6
Adobe Flash Player 10.3.186.7
Adobe Flash Player 11
Adobe Flash Player 11.0
Adobe Flash Player 11.0.1.129
Adobe Flash Player 11.0.1.152
Adobe Flash Player 11.0.1.153
Adobe Flash Player 11.0.1.60
Adobe Flash Player 11.0.1.98
Adobe Flash Player 11.1
Adobe Flash Player 11.1.102.228
Adobe Flash Player 11.1.102.55
Adobe Flash Player 11.1.102.59
Adobe Flash Player 11.1.102.62
Adobe Flash Player 11.1.102.63
Adobe Flash Player 11.1.111.10
Adobe Flash Player 11.1.111.44
Adobe Flash Player 11.1.111.5
Adobe Flash Player 11.1.111.50
Adobe Flash Player 11.1.111.54
Adobe Flash Player 11.1.111.6
Adobe Flash Player 11.1.111.64
Adobe Flash Player 11.1.111.7
Adobe Flash Player 11.1.111.73
Adobe Flash Player 11.1.111.8
Adobe Flash Player 11.1.111.9
Adobe Flash Player 11.1.112.61
Adobe Flash Player 11.1.115.11
Adobe Flash Player 11.1.115.34
Adobe Flash Player 11.1.115.48
Adobe Flash Player 11.1.115.54
Adobe Flash Player 11.1.115.58
Adobe Flash Player 11.1.115.59
Adobe Flash Player 11.1.115.6
Adobe Flash Player 11.1.115.63
Adobe Flash Player 11.1.115.69
Adobe Flash Player 11.1.115.7
Adobe Flash Player 11.1.115.8
Adobe Flash Player 11.1.115.81
Adobe Flash Player 11.2.202 238
Adobe Flash Player 11.2.202.160
Adobe Flash Player 11.2.202.197
Adobe Flash Player 11.2.202.221
Adobe Flash Player 11.2.202.236
Adobe Flash Player 11.2.202.280
Adobe Flash Player 11.2.202.297
Adobe Flash Player 11.2.202.341
Adobe Flash Player 11.2.202.346
Adobe Flash Player 11.2.202.350
Adobe Flash Player 11.2.202.359
Adobe Flash Player 11.2.202.400
Adobe Flash Player 11.2.202.418
Adobe Flash Player 11.2.202.424
Adobe Flash Player 13.0.0.182
Adobe Flash Player 13.0.0.201
Adobe Flash Player 13.0.0.206
Adobe Flash Player 13.0.0.214
Adobe Flash Player 13.0.0.223
Adobe Flash Player 13.0.0.231
Adobe Flash Player 13.0.0.241
Adobe Flash Player 13.0.0.244
Adobe Flash Player 13.0.0.250
Adobe Flash Player 13.0.0.252
Adobe Flash Player 13.0.0.258
Adobe Flash Player 14.0.0.125
Adobe Flash Player 14.0.0.145
Adobe Flash Player 14.0.0.176
Adobe Flash Player 14.0.0.177
Adobe Flash Player 14.0.0.179
Adobe Flash Player 15.0.0.152
Adobe Flash Player 15.0.0.189
Adobe Flash Player 15.0.0.223
Adobe Flash Player 15.0.0.239
Adobe Flash Player 15.0.0.242
Adobe Flash Player 2
Adobe Flash Player 3
Adobe Flash Player 4
Adobe Flash Player 6
Adobe Flash Player 6.0.21.0
Adobe Flash Player 6.0.79
Adobe Flash Player 7
Adobe Flash Player 7.0.1
Adobe Flash Player 7.0.14.0
Adobe Flash Player 7.0.19.0
Adobe Flash Player 7.0.24.0
Adobe Flash Player 7.0.25
Adobe Flash Player 7.0.53.0
Adobe Flash Player 7.0.60.0
Adobe Flash Player 7.0.61.0
Adobe Flash Player 7.0.63
Adobe Flash Player 7.0.66.0
Adobe Flash Player 7.0.67.0
Adobe Flash Player 7.0.68.0
Adobe Flash Player 7.0.69.0
Adobe Flash Player 7.0.70.0
Adobe Flash Player 7.0.73.0
Adobe Flash Player 7.1
Adobe Flash Player 7.1.1
Adobe Flash Player 7.2
Adobe Flash Player 8
Adobe Flash Player 8.0.22.0
Adobe Flash Player 8.0.24.0
Adobe Flash Player 8.0.33.0
Adobe Flash Player 8.0.34.0
Adobe Flash Player 8.0.35.0
Adobe Flash Player 8.0.39.0
Adobe Flash Player 8.0.42.0
Adobe Flash Player 9
Adobe Flash Player 9.0.112.0
Adobe Flash Player 9.0.114.0
Adobe Flash Player 9.0.115.0
Adobe Flash Player 9.0.124.0
Adobe Flash Player 9.0.125.0
Adobe Flash Player 9.0.151 .0
Adobe Flash Player 9.0.152 .0
Adobe Flash Player 9.0.155.0
Adobe Flash Player 9.0.159.0
Adobe Flash Player 9.0.16
Adobe Flash Player 9.0.18D60
Adobe Flash Player 9.0.20
Adobe Flash Player 9.0.20.0
Adobe Flash Player 9.0.246 0
Adobe Flash Player 9.0.246.0
Adobe Flash Player 9.0.260.0
Adobe Flash Player 9.0.262
Adobe Flash Player 9.0.262.0
Adobe Flash Player 9.0.277.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.280
Adobe Flash Player 9.0.283.0
Adobe Flash Player 9.0.289.0
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.45.0
Adobe Flash Player 9.0.47.0
Adobe Flash Player 9.0.48.0
Adobe Flash Player 9.0.8.0
Adobe Flash Player 9.0.9.0
Adobe Flash Player 9.125.0
Gentoo Linux
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Red Hat Enterprise Linux Desktop Supplementary 5 Client
Red Hat Enterprise Linux Desktop Supplementary 6
Red Hat Enterprise Linux Server Supplementary 6
Red Hat Enterprise Linux Supplementary 5 Server
Red Hat Enterprise Linux Workstation Supplementary 6

Recommendations

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Do not accept or execute files from untrusted or unknown sources.
To limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.

Do not follow links provided by unknown or untrusted sources.
To reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.

Implement multiple redundant layers of security.
As an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality.

Updates are available. Please see the references or vendor advisory for more information.