CVE-2014-0515 — HIGH (10.0)

Q: How severe is CVE-2014-0515?

CVE-2014-0515 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0515?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Apple Mac Os X, Microsoft Windows.

Vulnerability Description

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	>= 11.0, < 11.2.202.346
Linux	Linux Kernel	All versions
Apple	Mac Os X	All versions
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-119

References

http://helpx.adobe.com/security/products/flash-player/apsb14-13.htmlPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0447.htmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-201405-04.xmlThird Party Advisory
http://www.securityfocus.com/bid/67092Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030155Third Party AdvisoryVDB Entry
http://helpx.adobe.com/security/products/flash-player/apsb14-13.htmlPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0447.htmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-201405-04.xmlThird Party Advisory
http://www.securityfocus.com/bid/67092Third Party AdvisoryVDB Entry

FAQ

What is CVE-2014-0515?

CVE-2014-0515 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrar...

How severe is CVE-2014-0515?

CVE-2014-0515 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0515?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Apple Mac Os X, Microsoft Windows.