CVE-2014-0498

2014-02-2105:06:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-0498

adobe flash player

buffer overflow

security vulnerability

nvd

arbitrary code execution

adobe air

adobe air sdk

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.163 Low

EPSS

Percentile

96.0%

JSON

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt11.7.700.269
adobe:flash_playeradobe flash playerlt11.8.800.175
adobe:flash_playeradobe flash playerlt12.0.0.70
adobe:adobe_air_sdkadobe adobe air sdklt4.0.0.1628
adobe:flash_playeradobe flash playerlt11.2.202.341
adobe:adobe_airadobe adobe airlt4.0.0.1628

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	lt	11.7.700.269
adobe:flash_player	adobe flash player	lt	11.8.800.175
adobe:flash_player	adobe flash player	lt	12.0.0.70
adobe:adobe_air_sdk	adobe adobe air sdk	lt	4.0.0.1628
adobe:flash_player	adobe flash player	lt	11.2.202.341
adobe:adobe_air	adobe adobe air	lt	4.0.0.1628