CVE-2014-0518 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2014-0518?

CVE-2014-0518 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0518?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Microsoft Windows, Linux Linux Kernel, Adobe Adobe Air.

Vulnerability Description

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	>= 13.0, < 13.0.0.214
Apple	Mac Os X	All versions
Microsoft	Windows	-
Linux	Linux Kernel	All versions
Adobe	Adobe Air	< 13.0.0.111

Related Weaknesses (CWE)

CWE-264

References

http://helpx.adobe.com/security/products/flash-player/apsb14-14.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00051.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0496.htmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-201406-08.xmlThird Party Advisory
http://helpx.adobe.com/security/products/flash-player/apsb14-14.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00051.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0496.htmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-201406-08.xmlThird Party Advisory

FAQ

What is CVE-2014-0518?

CVE-2014-0518 is a vulnerability with a CVSS score of 7.5 (HIGH). Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass int...

How severe is CVE-2014-0518?

CVE-2014-0518 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0518?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Microsoft Windows, Linux Linux Kernel, Adobe Adobe Air.