[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0556Date: (C)2014-09-10   (M)2023-12-22


Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1030822
OSVDB-111110
EXPLOIT-DB-36808
SECUNIA-61089
BID-69696
GLSA-201409-05
SUSE-SU-2014:1124
adobe-flash-cve20140556-bo(95826)
http://googleprojectzero.blogspot.com/2014/09/exploiting-cve-2014-0556-in-flash.html
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
http://packetstormsecurity.com/files/131516/Adobe-Flash-Player-copyPixelsToByteArray-Integer-Overflow.html
https://code.google.com/p/google-security-research/issues/detail?id=46
openSUSE-SU-2014:1110
openSUSE-SU-2014:1130

CPE    45
cpe:/a:adobe:flash_player:11.2.202.223
cpe:/a:adobe:adobe_air_sdk:13.0.0.83
cpe:/a:adobe:flash_player:11.2.202.346
cpe:/a:adobe:flash_player:11.2.202.228
...
CWE    1
CWE-119
OVAL    9
oval:org.secpod.oval:def:505587
oval:org.secpod.oval:def:21124
oval:org.secpod.oval:def:21112
oval:org.secpod.oval:def:21153
...

© SecPod Technologies