Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2014-0502 | First vendor Publication | 2014-02-21 |
Vendor | Cve | Last vendor Modification | 2018-12-13 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22201 | |||
Oval ID: | oval:org.mitre.oval:def:22201 | ||
Title: | Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK and Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors | ||
Description: | Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0502 | Version: | 12 |
Platform(s): | Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Adobe Flash Player Adobe AIR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23209 | |||
Oval ID: | oval:org.mitre.oval:def:23209 | ||
Title: | ELSA-2014:0196: flash-plugin security update (Critical) | ||
Description: | Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0196-00 CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | flash-plugin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24162 | |||
Oval ID: | oval:org.mitre.oval:def:24162 | ||
Title: | RHSA-2014:0196: flash-plugin security update (Critical) | ||
Description: | Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0196-00 CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 | Version: | 18 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 | Product(s): | flash-plugin |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25399 | |||
Oval ID: | oval:org.mitre.oval:def:25399 | ||
Title: | SUSE-SU-2014:0290-1 -- Security update for flash-player | ||
Description: | This update of Adobe Flash Player fixes the following issues: * A stack overflow vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0498) * A memory leak vulnerability that could have been used to defeat memory address layout randomization. (CVE-2014-0499) * A double free vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0502) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0290-1 CVE-2014-0498 CVE-2014-0499 CVE-2014-0502 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | flash-player |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-02-27 | IAVM : 2014-A-0029 - Multiple Vulnerabilities in Adobe Flash Player and AIR Severity : Category I - VMSKEY : V0044537 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-18 | Adobe Flash Player worker shared object user-after-free attempt RuleID : 37685 - Revision : 2 - Type : FILE-FLASH |
2016-03-18 | Adobe Flash Player worker shared object user-after-free attempt RuleID : 37684 - Revision : 2 - Type : FILE-FLASH |
2014-12-02 | Adobe Flash Player worker shared object use-after-free attempt RuleID : 32360 - Revision : 4 - Type : FILE-FLASH |
2014-12-02 | Adobe Flash Player worker shared object use-after-free attempt RuleID : 32359 - Revision : 8 - Type : FILE-FLASH |
2014-03-27 | Adobe Flash Player worker shared object use-after-free attempt RuleID : 29931 - Revision : 6 - Type : FILE-FLASH |
2014-03-27 | Adobe Flash Player worker shared object use-after-free attempt RuleID : 29930 - Revision : 6 - Type : FILE-FLASH |
2014-03-27 | Adobe Flash Player worker shared object use-after-free attempt RuleID : 29929 - Revision : 7 - Type : FILE-FLASH |
2014-03-27 | Adobe Flash Player worker shared object use-after-free attempt RuleID : 29928 - Revision : 6 - Type : FILE-FLASH |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-157.nasl - Type : ACT_GATHER_INFO |
2014-05-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-04.nasl - Type : ACT_GATHER_INFO |
2014-02-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_flash-player-140224.nasl - Type : ACT_GATHER_INFO |
2014-02-23 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0196.nasl - Type : ACT_GATHER_INFO |
2014-02-20 | Name : The remote Windows host has a browser plugin that is affected by multiple vul... File : flash_player_apsb14-07.nasl - Type : ACT_GATHER_INFO |
2014-02-20 | Name : The remote Mac OS X host has a browser plugin that is affected by multiple vu... File : macosx_flash_player_12_0_0_70.nasl - Type : ACT_GATHER_INFO |
2014-02-20 | Name : The remote host has an ActiveX control installed that is affected by multiple... File : smb_kb2934802.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2020-05-23 01:50:50 |
|
2020-05-23 00:39:31 |
|
2019-07-30 12:06:06 |
|
2019-06-15 12:05:46 |
|
2018-12-13 21:19:38 |
|
2018-10-30 12:06:35 |
|
2018-07-10 12:02:03 |
|
2018-03-02 01:00:49 |
|
2017-09-08 12:04:13 |
|
2017-01-20 09:23:39 |
|
2016-11-04 01:00:43 |
|
2016-10-18 12:03:37 |
|
2016-10-15 12:03:10 |
|
2016-09-17 12:01:39 |
|
2016-07-14 12:00:33 |
|
2016-06-28 22:31:39 |
|
2016-04-27 00:06:40 |
|
2014-12-02 21:25:50 |
|
2014-06-21 09:25:04 |
|
2014-06-14 13:36:57 |
|
2014-05-06 13:25:45 |
|
2014-03-27 21:20:55 |
|
2014-03-06 13:24:43 |
|
2014-02-28 17:19:17 |
|
2014-02-27 13:20:59 |
|
2014-02-23 13:21:08 |
|
2014-02-21 21:21:34 |
|
2014-02-21 13:23:26 |
|