CVE-2014-0574

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors.

References

http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html

http://helpx.adobe.com/security/products/flash-player/apsb14-24.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html

https://code.google.com/p/chromium/issues/detail?id=423703

Details

Source: MITRE

Published: 2014-11-11

Updated: 2018-12-13

Type: CWE-94

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
8580Google Chrome < 39.0.2171.65 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
79997openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)NessusSuSE Local Security Checks
critical
79404GLSA-201411-06 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
79337Google Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
79336Google Chrome < 39.0.2171.65 Multiple VulnerabilitiesNessusWindows
critical
79324openSUSE Security Update : flash-player (openSUSE-SU-2014:1444-1)NessusSuSE Local Security Checks
critical
79320FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)NessusFreeBSD Local Security Checks
critical
79308SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)NessusSuSE Local Security Checks
critical
79228RHEL 5 / 6 : flash-plugin (RHSA-2014:1852)NessusRed Hat Local Security Checks
critical
8568Google Chrome < 38.0.2125.122 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
8567Adobe AIR < 15.0.0.356 Multiple Vulnerabilities (APSB14-24)Nessus Network MonitorWeb Clients
high
8566Flash Player < 15.0.0.223 Multiple Vulnerabilities (APSB14-24)Nessus Network MonitorWeb Clients
high
79145MS KB3004150: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
79144Google Chrome < 38.0.2125.122 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
79143Flash Player For Mac <= 15.0.0.189 Multiple Vulnerabilities (APSB14-24)NessusMacOS X Local Security Checks
critical
79142Adobe AIR for Mac <= 15.0.0.293 Multiple Vulnerabilities (APSB14-24)NessusMacOS X Local Security Checks
critical
79141Google Chrome < 38.0.2125.122 Multiple VulnerabilitiesNessusWindows
critical
79140Flash Player <= 15.0.0.189 Multiple Vulnerabilities (APSB14-24)NessusWindows
critical
79139Adobe AIR <= 15.0.0.293 Multiple Vulnerabilities (APSB14-24)NessusWindows
critical