10

CVE-2014-0497

Warnung
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeFlash Player Version < 11.2.202.336
   LinuxLinux Kernel
AdobeFlash Player Version < 11.7.700.261
   ApplemacOS X
   MicrosoftWindows Version-
AdobeFlash Player Version >= 11.8.800.94 < 12.0.0.44
   ApplemacOS X
   MicrosoftWindows Version-
GoogleChrome Version < 32.0.1700.107
   ApplemacOS Version-
   GoogleChrome Os Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
RedhatEnterprise Linux Eus Version6.5
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
SuseLinux Enterprise Desktop Version11 Updatesp2
SuseLinux Enterprise Desktop Version11 Updatesp3

17.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Integer Underflow Vulnerablity

Schwachstelle

Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.

Beschreibung

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 99.88% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html
Release Notes
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
Patch
Vendor Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-0137.html
Third Party Advisory
http://secunia.com/advisories/56437
Third Party Advisory
Broken Link
http://secunia.com/advisories/56737
Third Party Advisory
Broken Link
http://secunia.com/advisories/56780
Third Party Advisory
Broken Link
http://secunia.com/advisories/56799
Third Party Advisory
Broken Link
http://secunia.com/advisories/56839
Third Party Advisory
Broken Link
http://www.exploit-db.com/exploits/33212
Third Party Advisory
VDB Entry
http://www.osvdb.org/102849
Broken Link
http://www.securityfocus.com/bid/65327
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1029715
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90884
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0497
US Government Resource