CVE-2014-0569 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2014-0569?

CVE-2014-0569 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0569?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Apple Macos, Microsoft Windows, Microsoft Windows 8.

Vulnerability Description

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	<= 11.2.202.406
Linux	Linux Kernel	-
Apple	Macos	-
Microsoft	Windows	-
Microsoft	Windows 8	-
Microsoft	Windows 8.1	-
Adobe	Flash Player Desktop Runtime	<= 15.0.0.167
Adobe	Air Desktop Runtime	<= 15.0.0.249
Adobe	Air Sdk	<= 15.0.0.249
Apple	Iphone Os	-
Google	Android	-
Opensuse	Evergreen	11.4
Opensuse	Opensuse	12.3
Suse	Linux Enterprise Desktop	11

Related Weaknesses (CWE)

CWE-190

References

http://helpx.adobe.com/security/products/flash-player/apsb14-22.htmlPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1648.htmlBroken Link
http://secunia.com/advisories/61980Third Party Advisory
http://www.securityfocus.com/bid/70441Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1031019Third Party AdvisoryVDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-14-365/Third Party AdvisoryVDB Entry
http://helpx.adobe.com/security/products/flash-player/apsb14-22.htmlPatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1648.htmlBroken Link
http://secunia.com/advisories/61980Third Party Advisory

FAQ

What is CVE-2014-0569?

CVE-2014-0569 is a vulnerability with a CVSS score of 9.3 (HIGH). Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15....

How severe is CVE-2014-0569?

CVE-2014-0569 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0569?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Apple Macos, Microsoft Windows, Microsoft Windows 8.