Heap overflow

2015-06-1001:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.6%

JSON

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.

CPENameOperatorVersion
airle17.0.0.172
air_sdkle17.0.0.172
air_sdk_\\&_compilerle17.0.0.172
flash_playerle13.0.0.289
flash_playereq14.0.0.125
flash_playereq14.0.0.145
flash_playereq14.0.0.176
flash_playereq14.0.0.179
flash_playereq15.0.0.152
flash_playereq15.0.0.167

Name	Operator	Version
air	le	17.0.0.172
air_sdk	le	17.0.0.172
air_sdk_\\&_compiler	le	17.0.0.172
flash_player	le	13.0.0.289
flash_player	eq	14.0.0.125
flash_player	eq	14.0.0.145
flash_player	eq	14.0.0.176
flash_player	eq	14.0.0.179
flash_player	eq	15.0.0.152
flash_player	eq	15.0.0.167