CVE-2014-0497

Warnung

EPSS 93.02%
Veröffentlicht 05.02.2014 05:15:29
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@adobe.com
Teams Watchlist Login
Unerledigt Login

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Flash Player Version < 11.2.202.336

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version < 11.7.700.261

Apple ≫ macOS X
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Version >= 11.8.800.94 < 12.0.0.44

Apple ≫ macOS X
Microsoft ≫ Windows Version-

Google ≫ Chrome Version < 32.0.1700.107

   Apple ≫ macOS Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version6.5

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Aus Version6.5

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.3

Opensuse ≫ Opensuse Version13.1

Suse ≫ Linux Enterprise Desktop Version11 Updatesp2

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

17.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Integer Underflow Vulnerablity

Schwachstelle

Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.

Beschreibung

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.02%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html

Release Notes

http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

Patch

Vendor Advisory

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html

Mailing List