CVE-2014-0492

2014-01-1516:13:00

CWE-264

[email protected]

web.nvd.nist.gov

adobe flash player

cve-2014-0492

aslr

security vulnerability

windows

mac os x

linux

adobe air

nvd

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.136 Low

EPSS

Percentile

95.6%

JSON

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an “address leak.”

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt11.7.700.260
adobe:flash_playeradobe flash playerlt11.8.800.175
adobe:flash_playeradobe flash playerlt12.0.0.38
adobe:adobe_air_sdkadobe adobe air sdklt4.0.0.1390
adobe:flash_playeradobe flash playerlt11.2.202.335
adobe:adobe_airadobe adobe airlt4.0.0.1390

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	lt	11.7.700.260
adobe:flash_player	adobe flash player	lt	11.8.800.175
adobe:flash_player	adobe flash player	lt	12.0.0.38
adobe:adobe_air_sdk	adobe adobe air sdk	lt	4.0.0.1390
adobe:flash_player	adobe flash player	lt	11.2.202.335
adobe:adobe_air	adobe adobe air	lt	4.0.0.1390