10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Versions of Flash player earlier than 15.0.0.223 are unpatched for the following vulnerabilities :
Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
Multiple use-after-free vulnerabilities could result in arbitrary code execution. (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438, CVE-2014-0574)
Multiple type confusion vulnerabilities could result in arbitrary code execution. (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
Multiple heap-based buffer overflow vulnerabilities can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-0583, CVE-2014-0582, CVE-2014-0589)
A permission issue that allows a remote attacker to gain elevated privileges. (CVE-2014-8442)
An information disclosure vulnerability can be exploited to disclose secret session tokens. (CVE-2014-8437)
Binary data 8566.prm
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | flash_player | cpe:/a:adobe:flash_player |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0577
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0581
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0582
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8437
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8442
helpx.adobe.com/security/products/flash-player/apsb14-24.html
support.microsoft.com/kb/3004150
technet.microsoft.com/library/security/2755801