CVE-2014-0558

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html
http://rhn.redhat.com/errata/RHSA-2014-1648.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html
http://www.securitytracker.com/id/1031019
http://secunia.com/advisories/61980
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player:13.0.0.182:::::::*
	cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*
	cpe:2.3:a:adobe:flash_player:13.0.0.214:::::::*
	cpe:2.3:a:adobe:flash_player:13.0.0.206:::::::*
	cpe:2.3:a:adobe:flash_player:13.0.0.201:::::::*
	cpe:2.3:a:adobe:flash_player:15.0.0.152:::::::*
	cpe:2.3:a:adobe:flash_player:13.0.0.231:::::::*
	cpe:2.3:a:adobe:flash_player:13.0.0.223:::::::*
	cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*
	cpe:2.3:a:adobe:flash_player:15.0.0.144:::::::*
	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player:13.0.0.241:::::::*
	cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*
	cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*

OR	cpe:2.3:o:microsoft:windows::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:adobe:adobe_air:13.0.0.111:::::::*
	cpe:2.3:a:adobe:adobe_air:13.0.0.83:::::::*
	cpe:2.3:a:adobe:adobe_air:14.0.0.137:::::::*
	cpe:2.3:a:adobe:adobe_air:14.0.0.110:::::::*
	cpe:2.3:a:adobe:adobe_air::::::::
	cpe:2.3:a:adobe:adobe_air:14.0.0.179:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:adobe:adobe_air:13.0.0.83:::::::*
	cpe:2.3:a:adobe:adobe_air:14.0.0.110:::::::*
	cpe:2.3:a:adobe:adobe_air:13.0.0.111:::::::*
	cpe:2.3:a:adobe:adobe_air::::::::
	cpe:2.3:a:adobe:adobe_air:14.0.0.178:::::::*
	cpe:2.3:a:adobe:adobe_air:14.0.0.137:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player:11.2.202.350:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.346:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.291:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.285:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.251:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.243:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.359:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.378:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.356:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.310:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.297:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.275:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.262:::::::*
	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player:11.2.202.258:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.228:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.270:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.341:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.335:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.223:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.400:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.336:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.273:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.332:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.235:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.394:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.236:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.261:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.238:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.280:::::::*
	cpe:2.3:a:adobe:flash_player:11.2.202.233:::::::*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:::::::*
	cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:::::::*
	cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137:::::::*
	cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:::::::*
	cpe:2.3:a:adobe:adobe_air_sdk::::::::
	cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.178:::::::*

Information

Published : 2014-10-15 03:55

Updated : 2017-01-02 18:59

NVD link : CVE-2014-0558

Mitre link : CVE-2014-0558

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

adobe

adobe_air_sdk
adobe_air
flash_player

microsoft

windows

linux

linux_kernel

apple

mac_os_x

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html", "name": "http://helpx.adobe.com/security/products/flash-player/apsb14-22.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html", "name": "openSUSE-SU-2014:1329", "tags": [], "refsource": "SUSE"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1648.html", "name": "RHSA-2014:1648", "tags": [], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html", "name": "SUSE-SU-2014:1360", "tags": [], "refsource": "SUSE"}, {"url": "http://www.securitytracker.com/id/1031019", "name": "1031019", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/61980", "name": "61980", "tags": [], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html", "name": "openSUSE-SU-2015:0725", "tags": [], "refsource": "SUSE"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0558", "ASSIGNER": "psirt@adobe.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-10-15T10:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:15.0.0.144:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "13.0.0.244"}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:13.0.0.241:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:14.0.0.137:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "15.0.0.252"}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:14.0.0.179:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "15.0.0.249"}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:14.0.0.178:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air:14.0.0.137:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.2.202.406"}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "15.0.0.249"}, {"cpe23Uri": "cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.178:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-01-03T02:59Z"}

10.0 /10