Details of VAR-201411-0035

ID

VAR-201411-0035

CVE

CVE-2014-0583

TITLE

Adobe Flash Player and Adobe AIR Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-005432

DESCRIPTION

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to complete a transition from Low Integrity to Medium Integrity via unspecified vectors. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. An attacker could exploit this vulnerability to take control of an affected system and convert Low Integrity to Medium Integrity. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201411-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: November 21, 2014 Bugs: #525430, #529088 ID: 201411-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-plugins/adobe-flash < 11.2.202.418 >= 11.2.202.418 Description =========== Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2014-0583 // JVNDB: JVNDB-2014-005432 // BID: 71035 // VULHUB: VHN-68076 // PACKETSTORM: 129216

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	gte	version:	14.0	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	15.0.0.223	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	15.0.0.356	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	15.0	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	14.0.0.179	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	15.0.0.356	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	13.0.0.252	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.418	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	11.0	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	13.0	Trust: 1.0
vendor:	adobe	model:	air sdk \& compiler	scope:	lt	version:	15.0.0.356	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 0.9
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 0.9
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.223	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	desktop runtime 15.0.0.356	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt : adobe flash player 15.0.0.223	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	extended support release 13.0.0.252	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (internet explorer 10/11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.418	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1 : adobe flash player 15.0.0.223	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	15.0.0.356	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	15.0.0.356	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (windows/machintosh/linux edition chrome)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(android)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	(windows/macintosh/android/ios)	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	38.0.2125.122	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	desktop runtime 15.0.0.223	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	& compiler 15.0.0.356	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	adobe	model:	air sdk \& compiler	scope:	eq	version:	15.0.0.302	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	15.0.0.293	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.250	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.236	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.189	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.176	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.411	Trust: 0.6
vendor:	adobe	model:	air sdk	scope:	eq	version:	15.0.0.302	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.246.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.35	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.51.66	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.79	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.260.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.32.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.36	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.53.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.21.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.124.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.152.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.22.87	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.452	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.151.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.15.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.42.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3

sources: BID: 71035 // JVNDB: JVNDB-2014-005432 // CNNVD: CNNVD-201411-166 // NVD: CVE-2014-0583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0583
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0583
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201411-166
value:	HIGH
Trust: 0.6
VULHUB:	VHN-68076
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0583
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68076
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68076 // JVNDB: JVNDB-2014-005432 // CNNVD: CNNVD-201411-166 // NVD: CVE-2014-0583

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68076 // JVNDB: JVNDB-2014-005432 // NVD: CVE-2014-0583

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 129216 // CNNVD: CNNVD-201411-166

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201411-166

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005432

PATCH

title:	APSB14-24	url:	http://helpx.adobe.com/security/products/flash-player/apsb14-24.html	Trust: 0.8
title:	APSB14-24	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb14-24.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2014/11/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20141113f.html	Trust: 0.8
title:	flashplayer_13.0.0.252_ax_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52216	Trust: 0.6
title:	flashplayer_11.2.202.418_plugin_debug.i386	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52220	Trust: 0.6
title:	flashplayer_15.0.0.223_plugin_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52219	Trust: 0.6
title:	flashplayer_15.0.0.223_ax_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52218	Trust: 0.6
title:	flashplayer_13.0.0.252_plugin_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52217	Trust: 0.6
title:	AIRSDK_Compiler-15.0.0.356	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52223	Trust: 0.6
title:	AdobeAIR-15.0.0.356	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52222	Trust: 0.6
title:	AdobeAIRInstaller-15.0.0.356	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52221	Trust: 0.6
title:	AIRSDK_Compiler-15.0.0.356	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52224	Trust: 0.6

sources: JVNDB: JVNDB-2014-005432 // CNNVD: CNNVD-201411-166

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0583	Trust: 2.9
db:	BID	id:	71035	Trust: 1.4
db:	JVNDB	id:	JVNDB-2014-005432	Trust: 0.8
db:	CNNVD	id:	CNNVD-201411-166	Trust: 0.7
db:	VULHUB	id:	VHN-68076	Trust: 0.1
db:	PACKETSTORM	id:	129216	Trust: 0.1

sources: VULHUB: VHN-68076 // BID: 71035 // JVNDB: JVNDB-2014-005432 // PACKETSTORM: 129216 // CNNVD: CNNVD-201411-166 // NVD: CVE-2014-0583

REFERENCES

url:	http://helpx.adobe.com/security/products/flash-player/apsb14-24.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/71035	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0583	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20141112-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140046.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0583	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14928	Trust: 0.8
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0586	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0589	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0564	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0585	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0584	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0582	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0576	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8442	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8440	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0577	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0582	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0576	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0564	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8442	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0585	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0573	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8441	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8437	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8437	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0574	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0573	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0588	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8440	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0581	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0569	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0574	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0590	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0588	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0581	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8441	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0584	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0577	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0569	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201411-06.xml	Trust: 0.1

sources: VULHUB: VHN-68076 // BID: 71035 // JVNDB: JVNDB-2014-005432 // PACKETSTORM: 129216 // CNNVD: CNNVD-201411-166 // NVD: CVE-2014-0583

CREDITS

Haifei Li of McAfee Labs IPS Team

Trust: 0.3

sources: BID: 71035

SOURCES

db:	VULHUB	id:	VHN-68076
db:	BID	id:	71035
db:	JVNDB	id:	JVNDB-2014-005432
db:	PACKETSTORM	id:	129216
db:	CNNVD	id:	CNNVD-201411-166
db:	NVD	id:	CVE-2014-0583

LAST UPDATE DATE

2024-11-23T21:20:25.761000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68076	date:	2018-12-13T00:00:00
db:	BID	id:	71035	date:	2014-11-24T00:01:00
db:	JVNDB	id:	JVNDB-2014-005432	date:	2014-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201411-166	date:	2014-11-13T00:00:00
db:	NVD	id:	CVE-2014-0583	date:	2024-11-21T02:02:26.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68076	date:	2014-11-11T00:00:00
db:	BID	id:	71035	date:	2014-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-005432	date:	2014-11-13T00:00:00
db:	PACKETSTORM	id:	129216	date:	2014-11-21T18:55:38
db:	CNNVD	id:	CNNVD-201411-166	date:	2014-11-13T00:00:00
db:	NVD	id:	CVE-2014-0583	date:	2014-11-11T23:55:02.267