CVE-2014-0498 - OpenCVE

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Adobe	Adobe Air Flash Player Adobe Air Sdk
Microsoft	Windows
Apple	Mac Os X

Configuration 1 [-]

AND

OR	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player::::::::

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*

References

Link	Resource
http://helpx.adobe.com/security/products/flash-player/apsb14-07.html	Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0196.html	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201405-04.xml	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: adobe

Published: 2014-02-21T02:00:00

Updated: 2014-06-19T14:57:00

Reserved: 2013-12-20T00:00:00

Link: CVE-2014-0498

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-02-21T05:06:54.517

Modified: 2018-12-13T15:54:15.917

Link: CVE-2014-0498

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-02-20T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-19T14:57:00", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "openSUSE-SU-2014:0278", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"}, {"name": "GLSA-201405-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"}, {"name": "RHSA-2014:0196", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"}, {"name": "SUSE-SU-2014:0290", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"}, {"name": "openSUSE-SU-2014:0277", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2014-0498", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:0278", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"}, {"name": "GLSA-201405-04", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"}, {"name": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"}, {"name": "RHSA-2014:0196", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"}, {"name": "SUSE-SU-2014:0290", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"}, {"name": "openSUSE-SU-2014:0277", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"}]}}}}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2014-0498", "datePublished": "2014-02-21T02:00:00", "dateReserved": "2013-12-20T00:00:00", "dateUpdated": "2014-06-19T14:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C9AF7F7-0F10-49B7-B488-F0E12692FCD0", "versionEndExcluding": "11.7.700.269", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF750BDF-A76B-4967-8BD4-9B6F3336156D", "versionEndExcluding": "11.8.800.175", "versionStartIncluding": "11.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "2ECFF685-8C36-4804-9815-E5A9484D4253", "versionEndExcluding": "12.0.0.70", "versionStartIncluding": "11.9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CD86A5A-B01B-4624-BE59-08E41A8C40DE", "versionEndExcluding": "4.0.0.1628", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBCC4F71-82B0-41D9-B184-96652760AAE5", "versionEndExcluding": "11.2.202.341", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*", "matchCriteriaId": "6ED74F32-A4F4-424C-B9E7-C54F3DAFFDE6", "versionEndExcluding": "4.0.0.1628", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en Adobe Flash Player anterior a 11.7.700.269 y 11.8.x hasta 12.0.x anterior a 12.0.0.70 en Windows y Mac OS X y anterior a 11.2.202.341 en Linux, Adobe AIR anterior a 4.0.0.1628 en Android, Adobe AIR SDK anterior a 4.0.0.1628, y Adobe AIR SDK & Compiler anterior a 4.0.0.1628 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "id": "CVE-2014-0498", "lastModified": "2018-12-13T15:54:15.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-21T05:06:54.517", "references": [{"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0196.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201405-04.xml"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}