Buffer overflow in Adobe Shockwave_player

CVE-2014-0500

Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.

Vulnerability class: Buffer Overflow

EPSS: 0.245 (96.2th percentile) — read the EPSS interpretation.

Affected products

Adobe Shockwave_player — versions 11.0.0.456, 11.0.3.471, 11.5.0.595
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

65490 (vdb-entry, x_refsource_BID)
adobe-cve20140500-code-exec(91007) (vdb-entry, x_refsource_XF)
103157 (x_refsource_OSVDB, vdb-entry)
56740 (x_refsource_SECUNIA, third-party-advisory)
1029740 (vdb-entry, x_refsource_SECTRACK)
psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)