Vulnerability Details : CVE-2014-0504
Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2014-0504
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0504
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-0504
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0504
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html
[security-announce] openSUSE-SU-2014:0379-1: important: flash-player toMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html
[security-announce] SUSE-SU-2014:0387-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0289.html
RHSA-2014:0289 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-201405-04.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 201405-04) — Gentoo securityThird Party Advisory
-
http://helpx.adobe.com/security/products/flash-player/apsb14-08.html
Adobe Security BulletinVendor Advisory
Products affected by CVE-2014-0504
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*