CVE-2014-8439

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.

References

http://helpx.adobe.com/security/products/flash-player/apsb14-26.html

http://helpx.adobe.com/security/products/flash-player/apsb14-22.html

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html

http://rhn.redhat.com/errata/RHSA-2014-1915.html

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html

https://www.f-secure.com/weblog/archives/00002768.html

http://secunia.com/advisories/60217

http://www.securitytracker.com/id/1031259

http://www.securityfocus.com/bid/71289

https://exchange.xforce.ibmcloud.com/vulnerabilities/98932

Details

Source: MITRE

Published: 2014-11-25

Updated: 2021-09-22

Type: CWE-119

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
8810Adobe AIR < 15.0.0.293 Multiple Vulnerabilities (APSB14-22)Nessus Network MonitorWeb Clients
high
8808Flash Player < 13.0.0.250 / 15.0.0.167 Multiple Vulnerabilities (APSB14-22)Nessus Network MonitorWeb Clients
high
8585Flash Player <= 15.0.0.223 Dereferenced Memory Pointer RCE (APSB14-26)Nessus Network MonitorWeb Clients
high
8604Flash Player < 15.0.0.243 (inferred) Multiple Vulnerabilities (APSB14-27)Nessus Network MonitorWeb Clients
high
8603Flash Player < 16.0.0.235 Multiple Vulnerabilities (APSB14-27)Nessus Network MonitorWeb Clients
high
79960GLSA-201412-07 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
79755openSUSE Security Update : flash-player (openSUSE-SU-2014:1562-1)NessusSuSE Local Security Checks
critical
79686SuSE 11.3 Security Update : flash-player (SAT Patch Number 10023)NessusSuSE Local Security Checks
critical
79597RHEL 5 / 6 : flash-plugin (RHSA-2014:1915)NessusRed Hat Local Security Checks
critical
79579Google Chrome < 39.0.2171.71 Flash Player Remote Code Execution (Mac OS X)NessusMacOS X Local Security Checks
critical
79578Google Chrome < 39.0.2171.71 Flash Player Remote Code ExecutionNessusWindows
critical
79444MS KB3018943: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
79443Flash Player For Mac <= 15.0.0.223 Dereferenced Memory Pointer RCE (APSB14-26)NessusMacOS X Local Security Checks
critical
79442Flash Player <= 15.0.0.223 Dereferenced Memory Pointer RCE (APSB14-26)NessusWindows
critical
78476Google Chrome < 38.0.2125.104 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
78475Google Chrome < 38.0.2125.104 Multiple VulnerabilitiesNessusWindows
critical
78444MS KB3001237: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
78443Flash Player for Mac <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)NessusMacOS X Local Security Checks
critical
78442Adobe AIR for Mac <= 15.0.0.249 Multiple Vulnerabilities (APSB14-21)NessusMacOS X Local Security Checks
critical
78441Flash Player <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)NessusWindows
critical
78440Adobe AIR <= AIR 15.0.0.249 Multiple Vulnerabilities (APSB14-22)NessusWindows
critical