Lucene search

[email protected]CVE-2014-0589

HistoryNov 11, 2014 - 11:55 p.m.

CVE-2014-0589

2014-11-1123:55:02

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-0589

heap-based buffer overflow

adobe flash player

arbitrary code execution

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.6%

JSON

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0582.

Affected configurations

NVD

Node

adobeflash_playerRange13.0–13.0.0.252

adobeflash_playerRange14.0–14.0.0.179

adobeflash_playerRange15.0–15.0.0.223

AND

applemac_os_x

microsoftwindows

Node

adobeflash_playerRange11.0–11.2.202.418

AND

linuxlinux_kernel

Node

adobeair_sdkRange≤15.0.0.356

Node

adobeairRange≤15.0.0.356

Node

adobeair_sdk_\&_compilerRange<15.0.0.356

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt13.0.0.252
adobe:flash_playeradobe flash playerle14.0.0.179
adobe:flash_playeradobe flash playerlt15.0.0.223