Security Advisory - April 28, 2014

Zscaler Protects Against Vulnerabilities in Flash Player Remote Code Execution

 

 

Zscaler, working with Microsoft through the MAPPs program, has proactively deployed protections for the following vulnerability included in the April 28, 2014 Adobe Security Bulletin.  Zscaler will continue to monitor exploits associated with these vulnerabilities and release and deploy additional protections as necessary.

APSB14-13 - Buffer overflow when parsing a compiled shader in a Flash object

Severity: Critical
Affected Software

  • Adobe Flash Player 11-13

CVE-2014-0515Remote Code Execution in Flash Player

Description: Adobe Flash Player is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. The vulnerability exists in the Pixel Bender component for video and image processing in Adobe Flash Player. Execution of this vulnerability could allow an attacker to remotely execute arbitrary code.