CVE-2014-0499

2014-02-2105:07:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-0499

adobe flash player

aslr

security

vulnerability

nvd

6.4 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.003 Low

EPSS

Percentile

69.5%

JSON

Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt11.7.700.269
adobe:flash_playeradobe flash playerlt11.8.800.175
adobe:flash_playeradobe flash playerlt12.0.0.70
adobe:adobe_air_sdkadobe adobe air sdklt4.0.0.1628
adobe:flash_playeradobe flash playerlt11.2.202.341
adobe:adobe_airadobe adobe airlt4.0.0.1628

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	lt	11.7.700.269
adobe:flash_player	adobe flash player	lt	11.8.800.175
adobe:flash_player	adobe flash player	lt	12.0.0.70
adobe:adobe_air_sdk	adobe adobe air sdk	lt	4.0.0.1628
adobe:flash_player	adobe flash player	lt	11.2.202.341
adobe:adobe_air	adobe adobe air	lt	4.0.0.1628