Kaspersky LabKLA10003KLA10003 Multiple vulnerabilities in Adobe Flash Player
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.3 High
AI Score
Confidence
Low
0.595 Medium
EPSS
Percentile
97.8%
Multiple serious vulnerabilities have been found in the following Adobe Flash Player versions: 13.0.0.206 and earlier for Windows, Mac OS; 11.2.202.356 and earlier for Linux and Adobe AIR SDK & Compiler version 13.0.0.83. Malicious users can exploit these vulnerabilities to bypass a sandbox protection mechanism, the same-origin policy and access restrictions, or execute arbitrary code
Below is a complete list of vulnerabilities
- heap-based buffer overflow can be exploited to execute arbitrary code and bypass the sandbox.
- some unspecified attack vectors can be exploited to bypass the same-origin policy and access restrictions.
Original advisories
Related products
CVE list
CVE-2014-0517 critical
CVE-2014-0518 critical
CVE-2014-0520 critical
CVE-2014-0519 critical
CVE-2014-0510 critical
CVE-2014-0516 critical
Solution
Update to latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Flash Player 13.0.0.206 and earlier versions for Windows and MacΒ OS,Flash Player 11.2.202.356 and earlier for Linux,AIR 13.0.0.83 SDK & Compiler.
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.3 High
AI Score
Confidence
Low
0.595 Medium
EPSS
Percentile
97.8%