Vulnerability Details : CVE-2014-0536
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2014-0536
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0536
8.65%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0536
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-0536
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0536
-
http://rhn.redhat.com/errata/RHSA-2014-0745.html
RHSA-2014:0745 - Security Advisory - Red Hat Customer Portal
-
http://helpx.adobe.com/security/products/flash-player/apsb14-16.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-201406-17.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 201406-17) — Gentoo security
-
http://lists.opensuse.org/opensuse-updates/2014-06/msg00030.html
openSUSE-SU-2014:0799-1: moderate: flash-player: Update to fix six secur
-
http://www.securityfocus.com/bid/67961
Adobe Flash Player and AIR CVE-2014-0536 Unspecified Memory Corruption Vulnerability
-
http://www.securitytracker.com/id/1030368
Adobe Flash Player Multiple Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Execute Arbitrary Code, and Bypass Security Controls - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2014-06/msg00029.html
openSUSE-SU-2014:0798-1: moderate: flash-player: Update to fix six secur
-
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.html
[security-announce] SUSE-SU-2014:0806-1: important: Security update for
Jump to