Adobe Flash Player Buffer Overflow

May 2, 2014

Adobe Flash is a multimedia platform that allows executing rich internet applications. Adobe Flash Player can also stream audio and video while functioning either from web browser or as a standalone application. It supports various data and multimedia formats like XML, JSON, SWF, MP3, FLV, GIF, etc. along with streaming protocols like HTTP, RTMP, etc.

SWF file format is a binary format that adheres to an Adobe Flash Specification. The SWF file starts with a distinguishable header followed by a number of tags and their respective tag related data.

A buffer overflow vulnerability exists in Adobe Flash Player. Specifically, the vulnerability is due to insufficient validation while handling a compiled Flash object. A remote attacker can exploit this vulnerability by enticing a user to open a crafted SWF file. Successful exploitation could lead to arbitrary code execution in the security context of the logged-in user.

Dell SonicWALL has researched the vulnerability and released the following signature(s) to detect and block specific exploitation attempts targeting this vulnerability:

  • GAV 23277 "Malformed.swf.MP.110"

The vulnerability has been assigned as CVE-2014-0515.