Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneClem1H1:2170
HistoryFeb 21, 2014 - 8:37 p.m.

Internet Bug Bounty: Flash double free vulnerability leads to code execution

2014-02-2120:37:47
clem1
hackerone.com
34

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.41 Medium

EPSS

Percentile

96.9%

JSON

This bug was reported directly to Adobe and got assigned CVE-2014-0502.

http://helpx.adobe.com/security/products/flash-player/apsb14-07.html

This one was actively (and it still is) exploited since February 12th in watering hole campaigns against nonprofit research institutions and human right activists websites.

If I can get a reward for this vulnerability, I’d be happy to give it to charity!

Related

seebug 1
checkpoint_advisories 2
cve 1
cvelist 1
prion 1
threatpost 1
ubuntucve 1
openvas 8
suse 3
nessus 8
mageia 1
thn 1
redhat 1
gentoo 1
securityvulns 1
seebug
seebug
Adobe Flash Player及AIRθΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2014-0502)
2014-02-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Double Free Remote Code Execution (APSB14-07; CVE-2014-0502)
2014-02-23 00:00:00
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
2014-06-10 00:00:00
cve
cve
CVE-2014-0502
2014-02-21 05:07:00
cvelist
cvelist
CVE-2014-0502
2014-02-21 02:00:00
prion
prion
Double free
2014-02-21 05:07:00
threatpost
threatpost
Emergency Adobe Flash Update Handles Zero Day Under Attack
2014-02-20 13:31:28
ubuntucve
ubuntucve
CVE-2014-0502
2014-02-21 00:00:00
openvas
openvas
SuSE Update for flash-player openSUSE-SU-2014:0278-1 (flash-player)
2014-02-25 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2014:0290-1)
2015-10-16 00:00:00
Mageia: Security Advisory (MGASA-2014-0091)
2022-01-28 00:00:00
suse
suse
Security update for flash-player (critical)
2014-02-25 20:04:15
flash-player: update to 11.2.202.341 security release (critical)
2014-02-24 08:04:11
flash-player: update to 11.2.202.341 security release (critical)
2014-02-24 11:04:11
nessus
nessus
Flash Player <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07)
2014-02-20 00:00:00
Flash Player < 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-07)
2015-07-10 00:00:00
SuSE 11.3 Security Update : flash-player (SAT Patch Number 8922)
2014-02-26 00:00:00
mageia
mageia
Updated flash-player-plugin package fixes security vulnerabilities
2014-02-21 22:20:39
thn
thn
Adobe releases another Emergency Security Patch for Flash Player
2014-02-21 19:36:00
redhat
redhat
(RHSA-2014:0196) Critical: flash-plugin security update
2014-02-21 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-05-03 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2014-05-04 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.41 Medium

EPSS

Percentile

96.9%

JSON
Related for H1:2170
seebug1checkpoint_advisories2cve1cvelist1prion1threatpost1ubuntucve1openvas8suse3nessus8mageia1thn1redhat1gentoo1securityvulns1