Lucene search

Tenable8567.PRM

HistoryNov 12, 2014 - 12:00 a.m.

Adobe AIR < 15.0.0.356 Multiple Vulnerabilities (APSB14-24)

2014-11-1200:00:00

Tenable

www.tenable.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Versions of Adobe AIR earlier than 15.0.0.356 are unpatched for the following vulnerabilities :

Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
Multiple use-after-free vulnerabilities could result in arbitrary code execution. (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438, CVE-2014-0574)
Multiple type confusion vulnerabilities could result in arbitrary code execution. (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
Multiple heap-based buffer overflow vulnerabilities can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-0583, CVE-2014-0582, CVE-2014-0589)
A permission issue that allows a remote attacker to gain elevated privileges. (CVE-2014-8442)
An information disclosure vulnerability can be exploited to disclose secret session tokens. (CVE-2014-8437)

Binary data 8567.prm

VendorProductVersionCPE
adobeaircpe:/a:adobe:air

Vendor	Product	Version	CPE
adobe	air		cpe:/a:adobe:air

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0573

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0576

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0577

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0581

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0582

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0583

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0584

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0585

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0586

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0588

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0589

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0590

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8437

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8438

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8441

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8442

helpx.adobe.com/security/products/flash-player/apsb14-24.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Adobe AIR < 15.0.0.356 Multiple Vulnerabilities (APSB14-24)

References

Related