Details of VAR-201411-0393

ID

VAR-201411-0393

CVE

CVE-2014-8442

TITLE

Adobe Flash Player and Adobe AIR Vulnerabilities whose integrity level is low to medium

Trust: 0.8

sources: JVNDB: JVNDB-2014-005421

DESCRIPTION

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. Remote attackers can exploit this issue to execute arbitrary code with elevated privileges. Security flaws exist in several Adobe products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201411-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: November 21, 2014 Bugs: #525430, #529088 ID: 201411-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-plugins/adobe-flash < 11.2.202.418 >= 11.2.202.418 Description =========== Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.418" References ========== [ 1 ] CVE-2014-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0558 [ 2 ] CVE-2014-0564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0564 [ 3 ] CVE-2014-0569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0569 [ 4 ] CVE-2014-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0573 [ 5 ] CVE-2014-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0574 [ 6 ] CVE-2014-0576 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0576 [ 7 ] CVE-2014-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0577 [ 8 ] CVE-2014-0581 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0581 [ 9 ] CVE-2014-0582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0582 [ 10 ] CVE-2014-0583 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0583 [ 11 ] CVE-2014-0584 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0584 [ 12 ] CVE-2014-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0585 [ 13 ] CVE-2014-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0586 [ 14 ] CVE-2014-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0588 [ 15 ] CVE-2014-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0589 [ 16 ] CVE-2014-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0590 [ 17 ] CVE-2014-8437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8437 [ 18 ] CVE-2014-8438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8438 [ 19 ] CVE-2014-8440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8440 [ 20 ] CVE-2014-8441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8441 [ 21 ] CVE-2014-8442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8442 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2014-8442 // JVNDB: JVNDB-2014-005421 // BID: 71040 // VULHUB: VHN-76387 // PACKETSTORM: 129216

AFFECTED PRODUCTS

vendor:	adobe	model:	air	scope:	eq	version:	15.0.0.356	Trust: 1.4
vendor:	adobe	model:	air sdk	scope:	eq	version:	15.0.0.356	Trust: 1.4
vendor:	adobe	model:	flash player	scope:	gte	version:	14.0	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	15.0.0.223	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	15.0.0.356	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	15.0	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	14.0.0.179	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	15.0.0.356	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	13.0.0.252	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.418	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	11.0	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	gte	version:	13.0	Trust: 1.0
vendor:	adobe	model:	air sdk \& compiler	scope:	lt	version:	15.0.0.356	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.223	Trust: 0.8
vendor:	adobe	model:	air	scope:	eq	version:	desktop runtime 15.0.0.356	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt : adobe flash player 15.0.0.223	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	extended support release 13.0.0.252	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (internet explorer 10/11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.418	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1 : adobe flash player 15.0.0.223	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	lt	version:	)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (windows/machintosh/linux edition chrome)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(android)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	(windows/macintosh/android/ios)	Trust: 0.8
vendor:	google	model:	chrome	scope:	lt	version:	38.0.2125.122	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	(windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	desktop runtime 15.0.0.223	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	& compiler 15.0.0.356	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	14.x 15.x (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	adobe	model:	air sdk \& compiler	scope:	eq	version:	15.0.0.302	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	15.0.0.293	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.250	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.394	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.189	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.176	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.411	Trust: 0.6
vendor:	adobe	model:	air sdk	scope:	eq	version:	15.0.0.302	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.246.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.35	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.51.66	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.2460	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.79	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.260.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.32.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.36	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.3218	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.53.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.21.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.124.0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.152.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.22.87	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.452	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.151.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.15.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.42.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player release candida	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3

sources: BID: 71040 // JVNDB: JVNDB-2014-005421 // CNNVD: CNNVD-201411-177 // NVD: CVE-2014-8442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8442
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8442
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201411-177
value:	HIGH
Trust: 0.6
VULHUB:	VHN-76387
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8442
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76387
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76387 // JVNDB: JVNDB-2014-005421 // CNNVD: CNNVD-201411-177 // NVD: CVE-2014-8442

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-76387 // JVNDB: JVNDB-2014-005421 // NVD: CVE-2014-8442

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 129216 // CNNVD: CNNVD-201411-177

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201411-177

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005421

PATCH

title:	APSB14-24	url:	http://helpx.adobe.com/security/products/flash-player/apsb14-24.html	Trust: 0.8
title:	APSB14-24	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb14-24.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2014/11/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20141113f.html	Trust: 0.8
title:	flashplayer_11.2.202.418_plugin_debug.i386	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52220	Trust: 0.6
title:	flashplayer_13.0.0.252_ax_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52216	Trust: 0.6
title:	flashplayer_15.0.0.223_plugin_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52219	Trust: 0.6
title:	flashplayer_15.0.0.223_ax_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52218	Trust: 0.6
title:	flashplayer_13.0.0.252_plugin_debug	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52217	Trust: 0.6
title:	AIRSDK_Compiler-15.0.0.356	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52224	Trust: 0.6
title:	AIRSDK_Compiler-15.0.0.356	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52223	Trust: 0.6
title:	AdobeAIR-15.0.0.356	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52222	Trust: 0.6
title:	AdobeAIRInstaller-15.0.0.356	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52221	Trust: 0.6

sources: JVNDB: JVNDB-2014-005421 // CNNVD: CNNVD-201411-177

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8442	Trust: 2.9
db:	BID	id:	71040	Trust: 1.4
db:	JVNDB	id:	JVNDB-2014-005421	Trust: 0.8
db:	CNNVD	id:	CNNVD-201411-177	Trust: 0.7
db:	VULHUB	id:	VHN-76387	Trust: 0.1
db:	PACKETSTORM	id:	129216	Trust: 0.1

sources: VULHUB: VHN-76387 // BID: 71040 // JVNDB: JVNDB-2014-005421 // PACKETSTORM: 129216 // CNNVD: CNNVD-201411-177 // NVD: CVE-2014-8442

REFERENCES

url:	http://helpx.adobe.com/security/products/flash-player/apsb14-24.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/71040	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98630	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8442	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20141112-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140046.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8442	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=14928	Trust: 0.8
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	http://www.adobe.com/products/flash/	Trust: 0.3
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0586	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0589	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0564	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0585	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0584	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0582	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0576	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8442	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0589	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8440	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0577	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0582	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0590	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0576	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0564	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8442	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0585	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0573	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8441	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8437	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0558	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8437	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0574	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0573	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0588	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8440	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0581	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0569	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0574	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0590	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0588	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8438	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0583	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0581	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8441	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0584	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0577	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0569	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201411-06.xml	Trust: 0.1

sources: VULHUB: VHN-76387 // BID: 71040 // JVNDB: JVNDB-2014-005421 // PACKETSTORM: 129216 // CNNVD: CNNVD-201411-177 // NVD: CVE-2014-8442

CREDITS

Behrang Fouladi and Axel Souchet of Microsoft Vulnerability Research

Trust: 0.3

sources: BID: 71040

SOURCES

db:	VULHUB	id:	VHN-76387
db:	BID	id:	71040
db:	JVNDB	id:	JVNDB-2014-005421
db:	PACKETSTORM	id:	129216
db:	CNNVD	id:	CNNVD-201411-177
db:	NVD	id:	CVE-2014-8442

LAST UPDATE DATE

2024-11-23T21:02:48.851000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76387	date:	2018-12-20T00:00:00
db:	BID	id:	71040	date:	2014-11-24T01:01:00
db:	JVNDB	id:	JVNDB-2014-005421	date:	2014-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201411-177	date:	2014-11-14T00:00:00
db:	NVD	id:	CVE-2014-8442	date:	2024-11-21T02:19:05.137

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76387	date:	2014-11-11T00:00:00
db:	BID	id:	71040	date:	2014-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-005421	date:	2014-11-13T00:00:00
db:	PACKETSTORM	id:	129216	date:	2014-11-21T18:55:38
db:	CNNVD	id:	CNNVD-201411-177	date:	2014-11-14T00:00:00
db:	NVD	id:	CVE-2014-8442	date:	2014-11-11T23:55:02.783