CVE-2014-0559

2014-09-1001:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-0559

adobe flash player

buffer overflow

security vulnerability

adobe air

arbitrary code execution

8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.055 Low

EPSS

Percentile

93.2%

JSON

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0556.

CPENameOperatorVersion
adobe:adobe_airadobe adobe airle14.0.0.178
adobe:adobe_airadobe adobe aireq13.0.0.83
adobe:adobe_airadobe adobe aireq13.0.0.111
adobe:adobe_airadobe adobe aireq14.0.0.110
adobe:adobe_airadobe adobe aireq14.0.0.137
adobe:flash_playeradobe flash playerle13.0.0.241
adobe:flash_playeradobe flash playereq13.0.0.182
adobe:flash_playeradobe flash playereq13.0.0.201
adobe:flash_playeradobe flash playereq13.0.0.206
adobe:flash_playeradobe flash playereq13.0.0.214

CPE	Name	Operator	Version
adobe:adobe_air	adobe adobe air	le	14.0.0.178
adobe:adobe_air	adobe adobe air	eq	13.0.0.83
adobe:adobe_air	adobe adobe air	eq	13.0.0.111
adobe:adobe_air	adobe adobe air	eq	14.0.0.110
adobe:adobe_air	adobe adobe air	eq	14.0.0.137
adobe:flash_player	adobe flash player	le	13.0.0.241
adobe:flash_player	adobe flash player	eq	13.0.0.182
adobe:flash_player	adobe flash player	eq	13.0.0.201
adobe:flash_player	adobe flash player	eq	13.0.0.206
adobe:flash_player	adobe flash player	eq	13.0.0.214