Vulnerability CVE-2014-0497
Published: 2014-02-05

Description:
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Flash Player Integer Underflow Remote Code Execution
Juan vazquez
05.05.2014

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Adobe -> Flash player 

 References:
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html
http://rhn.redhat.com/errata/RHSA-2014-0137.html
http://secunia.com/advisories/56437
http://secunia.com/advisories/56737
http://secunia.com/advisories/56780
http://secunia.com/advisories/56799
http://secunia.com/advisories/56839
http://www.exploit-db.com/exploits/33212
http://www.osvdb.org/102849
http://www.securityfocus.com/bid/65327
http://www.securitytracker.com/id/1029715
https://exchange.xforce.ibmcloud.com/vulnerabilities/90884
Copyright 2024, cxsecurity.com

 

Back to Top