Lucene search

K
cveAdobeCVE-2014-0498
HistoryFeb 21, 2014 - 5:06 a.m.

CVE-2014-0498

2014-02-2105:06:54
CWE-119
adobe
web.nvd.nist.gov
45
4
cve-2014-0498
adobe flash player
buffer overflow
security vulnerability
nvd
arbitrary code execution
adobe air
adobe air sdk

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

Low

EPSS

0.213

Percentile

96.5%

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.

Affected configurations

Nvd
Node
adobeflash_playerRange11.0–11.7.700.269
OR
adobeflash_playerRange11.8–11.8.800.175
OR
adobeflash_playerRange11.9–12.0.0.70
AND
applemac_os_x
OR
microsoftwindowsMatch-
Node
adobeadobe_air_sdkRange<4.0.0.1628
Node
adobeflash_playerRange11.0–11.2.202.341
AND
linuxlinux_kernel
Node
adobeadobe_airRange<4.0.0.1628
VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
adobeadobe_air_sdk*cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
adobeadobe_air*cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

Social References

More

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

Low

EPSS

0.213

Percentile

96.5%