CVE-2014-0497

Warning

EPSS 93.02%
Published 05.02.2014 05:15:29
Last modified 11.04.2025 00:51:21
Source psirt@adobe.com
Teams watchlist Login
Open Login

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

Affected products Warnungen 1 Metrics 4 CWE 1 References 19

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player Version < 11.2.202.336

Linux ≫ Linux Kernel

Adobe ≫ Flash Player Version < 11.7.700.261

Apple ≫ macOS X
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Version >= 11.8.800.94 < 12.0.0.44

Apple ≫ macOS X
Microsoft ≫ Windows Version-

Google ≫ Chrome Version < 32.0.1700.107

   Apple ≫ macOS Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version6.5

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Aus Version6.5

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.3

Opensuse ≫ Opensuse Version13.1

Suse ≫ Linux Enterprise Desktop Version11 Updatesp2

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

17.09.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Integer Underflow Vulnerablity

Vulnerability

Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.

Description

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.02%	0.998

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html

Release Notes

http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

Patch

Vendor Advisory

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html

Mailing List