Lucene search

K
nessusTenable8807.PRM
HistoryJul 10, 2015 - 12:00 a.m.

Flash Player < 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-07)

2015-07-1000:00:00
Tenable
www.tenable.com
17
adobe flash player
vulnerabilities
stack overflow
arbitrary code execution
memory leak
buffer overflow
address space layout randomization
double free

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.41

Percentile

97.3%

Versions of Adobe Flash player prior to 11.7.700.275 / 13.0.0.182 are outdated and thus unpatched for the following vulnerabilities :

  • A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)
  • A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)
  • A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)
Binary data 8807.prm

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.41

Percentile

97.3%