CVE-2014-0564

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558.

References

http://helpx.adobe.com/security/products/flash-player/apsb14-22.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html

http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html

http://rhn.redhat.com/errata/RHSA-2014-1648.html

http://secunia.com/advisories/61980

http://www.securitytracker.com/id/1031019

Details

Source: MITRE

Published: 2014-10-15

Updated: 2017-01-03

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:11.2.202.400:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:14.0.0.137:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:14.0.0.179:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:14.0.0.137:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:14.0.0.178:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:13.0.0.241:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.144:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.178:*:*:*:*:*:*:*

cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:* versions up to 15.0.0.249 (inclusive)

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
8810Adobe AIR < 15.0.0.293 Multiple Vulnerabilities (APSB14-22)Nessus Network MonitorWeb Clients
high
8808Flash Player < 13.0.0.250 / 15.0.0.167 Multiple Vulnerabilities (APSB14-22)Nessus Network MonitorWeb Clients
high
79404GLSA-201411-06 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
78885SuSE 11.3 Security Update : flash-player (SAT Patch Number 9898)NessusSuSE Local Security Checks
critical
78719openSUSE Security Update : flash-player (openSUSE-SU-2014:1329-1)NessusSuSE Local Security Checks
critical
78503RHEL 5 / 6 : flash-plugin (RHSA-2014:1648)NessusRed Hat Local Security Checks
critical
78476Google Chrome < 38.0.2125.104 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
78475Google Chrome < 38.0.2125.104 Multiple VulnerabilitiesNessusWindows
critical
78444MS KB3001237: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
78443Flash Player for Mac <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)NessusMacOS X Local Security Checks
critical
78442Adobe AIR for Mac <= 15.0.0.249 Multiple Vulnerabilities (APSB14-21)NessusMacOS X Local Security Checks
critical
78441Flash Player <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)NessusWindows
critical
78440Adobe AIR <= AIR 15.0.0.249 Multiple Vulnerabilities (APSB14-22)NessusWindows
critical