CVE-2014-0492 — HIGH (10.0)

Q: How severe is CVE-2014-0492?

CVE-2014-0492 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0492?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Microsoft Windows, Adobe Adobe Air Sdk, Linux Linux Kernel.

Vulnerability Description

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak."

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	>= 11.0, < 11.7.700.260
Apple	Mac Os X	All versions
Microsoft	Windows	-
Adobe	Adobe Air Sdk	< 4.0.0.1390
Linux	Linux Kernel	All versions
Adobe	Adobe Air	< 4.0.0.1390

Related Weaknesses (CWE)

CWE-264

References

http://helpx.adobe.com/security/products/flash-player/apsb14-02.htmlPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0028.htmlThird Party Advisory
http://secunia.com/advisories/56516Third Party Advisory
http://secunia.com/advisories/56636Third Party Advisory
http://www.securitytracker.com/id/1029602Third Party AdvisoryVDB Entry
http://helpx.adobe.com/security/products/flash-player/apsb14-02.htmlPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0028.htmlThird Party Advisory
http://secunia.com/advisories/56516Third Party Advisory
http://secunia.com/advisories/56636Third Party Advisory
http://www.securitytracker.com/id/1029602Third Party AdvisoryVDB Entry

FAQ

What is CVE-2014-0492?

CVE-2014-0492 is a vulnerability with a CVSS score of 10.0 (HIGH). Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, an...

How severe is CVE-2014-0492?

CVE-2014-0492 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0492?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Microsoft Windows, Adobe Adobe Air Sdk, Linux Linux Kernel.