Details of VAR-201409-0426

ID

VAR-201409-0426

CVE

CVE-2014-0557

TITLE

Adobe Flash Player and Adobe AIR In ASLR Vulnerabilities that circumvent protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2014-004128

DESCRIPTION

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. Adobe Flash Player and AIR are prone to multiple unspecified memory-corruption vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Attackers can exploit this vulnerability to bypass the ASLR protection mechanism and take control of the affected system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1173-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1173.html Issue date: 2014-09-10 CVE Names: CVE-2014-0547 CVE-2014-0548 CVE-2014-0549 CVE-2014-0550 CVE-2014-0551 CVE-2014-0552 CVE-2014-0553 CVE-2014-0554 CVE-2014-0555 CVE-2014-0556 CVE-2014-0557 CVE-2014-0559 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-21, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559) A flaw in flash-plugin could allow an attacker to bypass the same-origin policy. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1139847 - CVE-2014-0547 CVE-2014-0549 CVE-2014-0550 CVE-2014-0551 CVE-2014-0552 CVE-2014-0553 CVE-2014-0554 CVE-2014-0555 CVE-2014-0556 CVE-2014-0557 CVE-2014-0559 flash-plugin: multiple code execution or security bypass flaws (APSB14-21) 1139852 - CVE-2014-0548 flash-plugin: same origin policy bypass (APSB14-21) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.406-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.406-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.406-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.406-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.406-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.406-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.406-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.406-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.406-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.406-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0547.html https://www.redhat.com/security/data/cve/CVE-2014-0548.html https://www.redhat.com/security/data/cve/CVE-2014-0549.html https://www.redhat.com/security/data/cve/CVE-2014-0550.html https://www.redhat.com/security/data/cve/CVE-2014-0551.html https://www.redhat.com/security/data/cve/CVE-2014-0552.html https://www.redhat.com/security/data/cve/CVE-2014-0553.html https://www.redhat.com/security/data/cve/CVE-2014-0554.html https://www.redhat.com/security/data/cve/CVE-2014-0555.html https://www.redhat.com/security/data/cve/CVE-2014-0556.html https://www.redhat.com/security/data/cve/CVE-2014-0557.html https://www.redhat.com/security/data/cve/CVE-2014-0559.html https://access.redhat.com/security/updates/classification/#critical http://helpx.adobe.com/security/products/flash-player/apsb14-21.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUEFUvXlSAg2UNWIIRAldrAKC3dXXdfqa7MBvNVt/I8s999AHuiwCgs34U PAXT7xPKbEDLocPPmOJo7t8= =d7aB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.406" References ========== [ 1 ] CVE-2014-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0547 [ 2 ] CVE-2014-0548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0548 [ 3 ] CVE-2014-0549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0549 [ 4 ] CVE-2014-0550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0550 [ 5 ] CVE-2014-0551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0551 [ 6 ] CVE-2014-0552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0552 [ 7 ] CVE-2014-0553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0553 [ 8 ] CVE-2014-0554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0554 [ 9 ] CVE-2014-0555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0555 [ 10 ] CVE-2014-0556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0556 [ 11 ] CVE-2014-0557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0557 [ 12 ] CVE-2014-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0559 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201409-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.16

sources: NVD: CVE-2014-0557 // JVNDB: JVNDB-2014-004128 // BID: 69701 // VULHUB: VHN-68050 // PACKETSTORM: 128202 // PACKETSTORM: 128322

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.262	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.251	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.310	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.273	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.280	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.270	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.275	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.285	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.258	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.261	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 1.3
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.176	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.394	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.359	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.335	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.332	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	14.0.0.137	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	11.2.202.400	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.236	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.356	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.182	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.243	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.238	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.214	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	eq	version:	14.0.0.137	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.336	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	13.0.0.83	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.144	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.341	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	13.0.0.241	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.291	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.179	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	eq	version:	13.0.0.83	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.201	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	14.0.0.178	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	13.0.0.111	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.350	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.206	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.223	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.125	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.378	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.297	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.346	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	eq	version:	13.0.0.111	Trust: 1.0
vendor:	adobe	model:	air	scope:	eq	version:	14.0.0.110	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	14.0.0.178	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.231	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.145	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	14.0.0.179	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	eq	version:	14.0.0.110	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.406	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	& compiler 15.0.0.249	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.152	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (internet explorer 10/11)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1 : adobe flash player 15.0.0.152	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt : adobe flash player 15.0.0.152	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	15.0.0.252	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	desktop runtime 15.0.0.249	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	15.0.0.249	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (windows/machintosh/linux edition chrome)	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	37.0.2062.120	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	desktop runtime 15.0.0.152	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(android)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	extended support release 13.0.0.244	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	(windows/macintosh/android/ios)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.246.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.35	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.51.66	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.2460	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.79	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	red	model:	hat enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	11.4	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.260.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.32.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.36	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.3218	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.53.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.21.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.124.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.152.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.22.87	Trust: 0.3
vendor:	red	model:	hat enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.452	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.151.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.15.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.42.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player release candida	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3

sources: BID: 69701 // JVNDB: JVNDB-2014-004128 // CNNVD: CNNVD-201409-398 // NVD: CVE-2014-0557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0557
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0557
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201409-398
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68050
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0557
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68050
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68050 // JVNDB: JVNDB-2014-004128 // CNNVD: CNNVD-201409-398 // NVD: CVE-2014-0557

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-68050 // JVNDB: JVNDB-2014-004128 // NVD: CVE-2014-0557

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 128322 // CNNVD: CNNVD-201409-398

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201409-398

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004128

PATCH

title:	APSB14-21	url:	http://helpx.adobe.com/security/products/flash-player/apsb14-21.html	Trust: 0.8
title:	APSB14-21	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb14-21.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2014/09/stable-channel-update_9.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140911f.html	Trust: 0.8
title:	flashplayer_13_plugin_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51609	Trust: 0.6
title:	AdobeAIRInstaller-15.0.0.249	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51613	Trust: 0.6
title:	flashplayer_13_ax_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51608	Trust: 0.6
title:	flashplayer_11_plugin_debug.i386	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51612	Trust: 0.6
title:	AIRSDK_Compiler-15.0.0.249	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51616	Trust: 0.6
title:	flashplayer_15_plugin_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51611	Trust: 0.6
title:	AIRSDK_Compiler-15.0.0.249	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51615	Trust: 0.6
title:	flashplayer_15_ax_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51610	Trust: 0.6
title:	AdobeAIR-15.0.0.249	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51614	Trust: 0.6

sources: JVNDB: JVNDB-2014-004128 // CNNVD: CNNVD-201409-398

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0557	Trust: 3.0
db:	BID	id:	69701	Trust: 1.4
db:	SECTRACK	id:	1030822	Trust: 1.1
db:	SECUNIA	id:	61089	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-004128	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-398	Trust: 0.7
db:	VULHUB	id:	VHN-68050	Trust: 0.1
db:	PACKETSTORM	id:	128202	Trust: 0.1
db:	PACKETSTORM	id:	128322	Trust: 0.1

sources: VULHUB: VHN-68050 // BID: 69701 // JVNDB: JVNDB-2014-004128 // PACKETSTORM: 128202 // PACKETSTORM: 128322 // CNNVD: CNNVD-201409-398 // NVD: CVE-2014-0557

REFERENCES

url:	http://helpx.adobe.com/security/products/flash-player/apsb14-21.html	Trust: 1.8
url:	http://security.gentoo.org/glsa/glsa-201409-05.xml	Trust: 1.2
url:	http://www.securityfocus.com/bid/69701	Trust: 1.1
url:	http://www.securitytracker.com/id/1030822	Trust: 1.1
url:	http://secunia.com/advisories/61089	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/95827	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0557	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140910-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140035.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0557	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14547	Trust: 0.8
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0556	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0557	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0554	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0548	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0552	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0547	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0559	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0553	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0550	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0551	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0555	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0549	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2014-0547.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0553.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0551.html	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0554.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0552.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0549.html	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0557.html	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2014-1173.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0555.html	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0548.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0550.html	Trust: 0.1
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0559.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0556.html	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0550	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0557	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0552	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0554	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0556	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0551	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0548	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0549	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0555	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0547	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0559	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0553	Trust: 0.1

sources: VULHUB: VHN-68050 // BID: 69701 // JVNDB: JVNDB-2014-004128 // PACKETSTORM: 128202 // PACKETSTORM: 128322 // CNNVD: CNNVD-201409-398 // NVD: CVE-2014-0557

CREDITS

Chris Evans of Google Project Zero and Michal Zalewski of the Google Security Team

Trust: 0.3

sources: BID: 69701

SOURCES

db:	VULHUB	id:	VHN-68050
db:	BID	id:	69701
db:	JVNDB	id:	JVNDB-2014-004128
db:	PACKETSTORM	id:	128202
db:	PACKETSTORM	id:	128322
db:	CNNVD	id:	CNNVD-201409-398
db:	NVD	id:	CVE-2014-0557

LAST UPDATE DATE

2024-11-23T21:44:58.272000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68050	date:	2017-08-29T00:00:00
db:	BID	id:	69701	date:	2015-03-19T09:32:00
db:	JVNDB	id:	JVNDB-2014-004128	date:	2014-09-17T00:00:00
db:	CNNVD	id:	CNNVD-201409-398	date:	2014-09-15T00:00:00
db:	NVD	id:	CVE-2014-0557	date:	2024-11-21T02:02:23.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68050	date:	2014-09-10T00:00:00
db:	BID	id:	69701	date:	2014-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-004128	date:	2014-09-11T00:00:00
db:	PACKETSTORM	id:	128202	date:	2014-09-11T21:04:50
db:	PACKETSTORM	id:	128322	date:	2014-09-19T23:52:49
db:	CNNVD	id:	CNNVD-201409-398	date:	2014-09-15T00:00:00
db:	NVD	id:	CVE-2014-0557	date:	2014-09-10T01:55:08.933