CVE-2014-0557

2014-09-1001:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-0557

adobe flash player

memory address restriction

bypass

aslr

security vulnerability

nvd

6.2 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.369 Low

EPSS

Percentile

97.2%

JSON

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle11.2.202.400
adobe:flash_playeradobe flash playereq11.2.202.223
adobe:flash_playeradobe flash playereq11.2.202.228
adobe:flash_playeradobe flash playereq11.2.202.233
adobe:flash_playeradobe flash playereq11.2.202.235
adobe:flash_playeradobe flash playereq11.2.202.236
adobe:flash_playeradobe flash playereq11.2.202.238
adobe:flash_playeradobe flash playereq11.2.202.243
adobe:flash_playeradobe flash playereq11.2.202.251
adobe:flash_playeradobe flash playereq11.2.202.258

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	11.2.202.400
adobe:flash_player	adobe flash player	eq	11.2.202.223
adobe:flash_player	adobe flash player	eq	11.2.202.228
adobe:flash_player	adobe flash player	eq	11.2.202.233
adobe:flash_player	adobe flash player	eq	11.2.202.235
adobe:flash_player	adobe flash player	eq	11.2.202.236
adobe:flash_player	adobe flash player	eq	11.2.202.238
adobe:flash_player	adobe flash player	eq	11.2.202.243
adobe:flash_player	adobe flash player	eq	11.2.202.251
adobe:flash_player	adobe flash player	eq	11.2.202.258