Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2014-0509 First vendor Publication 2014-04-08
Vendor Cve Last vendor Modification 2017-12-16

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0509

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24368
 
Oval ID: oval:org.mitre.oval:def:24368
Title: Cross-site scripting vulnerability in Adobe Flash Player which less then 12.0.0.77 and less then 11.7.700.275 and Adobe AIR before 13.0.0.83
Description: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0509
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Adobe Flash Player
Adobe AIR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24439
 
Oval ID: oval:org.mitre.oval:def:24439
Title: RHSA-2014:0380: flash-plugin security update (Critical)
Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09, listed in the References section. Two flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0506, CVE-2014-0507) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0508) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0509) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.350.
Family: unix Class: patch
Reference(s): RHSA-2014:0380-00
CVE-2014-0506
CVE-2014-0507
CVE-2014-0508
CVE-2014-0509
Version: 5
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24647
 
Oval ID: oval:org.mitre.oval:def:24647
Title: ELSA-2014:0380: flash-plugin security update (Critical)
Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09, listed in the References section. Two flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0506, CVE-2014-0507) A flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0508) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0509) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.350.
Family: unix Class: patch
Reference(s): ELSA-2014:0380-00
CVE-2014-0506
CVE-2014-0507
CVE-2014-0508
CVE-2014-0509
Version: 5
Platform(s): Oracle Linux 6
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25532
 
Oval ID: oval:org.mitre.oval:def:25532
Title: SUSE-SU-2014:0535-1 -- Security update for flash-player
Description: Adobe flash-player has been updated to version 11.2.202.350 to resolve security issues and bugs. More information can be found at http://helpx.adobe.com/security/products/flash-player/apsb14 -09.html <http://helpx.adobe.com/security/products/flash-player/apsb1 4-09.html> The following security issues have been fixed: * a use-after-free vulnerability that could have resulted in arbitrary code execution (CVE-2014-0506). * a buffer overflow vulnerability that could have resulted in arbitrary code execution (CVE-2014-0507). * a security bypass vulnerability that could have lead to information disclosure (CVE-2014-0508). * a cross-site-scripting vulnerability (CVE-2014-0509).
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0535-1
CVE-2014-0506
CVE-2014-0507
CVE-2014-0508
CVE-2014-0509
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): flash-player
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 252

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-04-10 IAVM : 2014-A-0047 - Multiple Vulnerabilities in Adobe Flash Player and AIR
Severity : Category I - VMSKEY : V0048681

Snort® IPS/IDS

Date Description
2014-05-28 Adobe Acrobat Reader cross-site scripting attempt
RuleID : 30844 - Revision : 3 - Type : FILE-FLASH
2014-05-28 Adobe Acrobat Reader cross-site scripting attempt
RuleID : 30843 - Revision : 3 - Type : FILE-FLASH

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-307.nasl - Type : ACT_GATHER_INFO
2014-05-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-04.nasl - Type : ACT_GATHER_INFO
2014-04-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_flash-player-140411.nasl - Type : ACT_GATHER_INFO
2014-04-10 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0380.nasl - Type : ACT_GATHER_INFO
2014-04-09 Name : The remote Windows host contains a version of Adobe AIR that is affected by m...
File : adobe_air_apsb14-09.nasl - Type : ACT_GATHER_INFO
2014-04-09 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : flash_player_apsb14-09.nasl - Type : ACT_GATHER_INFO
2014-04-09 Name : The remote Mac OS X host contains a version of Adobe AIR that is affected by ...
File : macosx_adobe_air_13_0_0_83.nasl - Type : ACT_GATHER_INFO
2014-04-09 Name : The remote Mac OS X host has a browser plugin that is affected by multiple vu...
File : macosx_flash_player_13_0_0_182.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_34_0_1847_116.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_34_0_1847_116.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote host has an ActiveX control installed that is affected by multiple...
File : smb_kb2942844.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/66703
CONFIRM http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
GENTOO http://security.gentoo.org/glsa/glsa-201405-04.xml
REDHAT http://rhn.redhat.com/errata/RHSA-2014-0380.html
SECTRACK http://www.securitytracker.com/id/1030035
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00036.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Date Informations
2020-05-23 01:50:50
  • Multiple Updates
2020-05-23 00:39:31
  • Multiple Updates
2019-07-17 12:05:53
  • Multiple Updates
2019-06-15 12:05:46
  • Multiple Updates
2018-12-14 12:03:05
  • Multiple Updates
2018-10-30 12:06:35
  • Multiple Updates
2018-07-10 12:02:03
  • Multiple Updates
2018-03-02 01:00:50
  • Multiple Updates
2017-12-16 09:21:40
  • Multiple Updates
2016-06-28 22:31:42
  • Multiple Updates
2016-04-27 00:06:45
  • Multiple Updates
2015-08-07 21:26:30
  • Multiple Updates
2015-05-19 09:26:16
  • Multiple Updates
2015-04-30 09:26:47
  • Multiple Updates
2014-06-21 09:25:07
  • Multiple Updates
2014-06-14 13:36:58
  • Multiple Updates
2014-05-28 21:22:31
  • Multiple Updates
2014-05-06 13:25:46
  • Multiple Updates
2014-05-03 13:22:42
  • Multiple Updates
2014-04-26 13:21:58
  • Multiple Updates
2014-04-18 13:25:53
  • Multiple Updates
2014-04-11 21:21:42
  • Multiple Updates
2014-04-11 13:22:03
  • Multiple Updates
2014-04-10 13:23:40
  • Multiple Updates
2014-04-10 13:23:12
  • Multiple Updates
2014-04-09 13:23:10
  • First insertion