KLA10002 Multiple vulnerabilities in Adobe Flash Player

2014-06-1000:00:00

Kaspersky Lab

threats.kaspersky.com

599

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.071

Percentile

94.0%

JSON

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to inject arbitrary script or HTML, access restrictions, execute arbitrary code or cause denial of service

Vectors related to unknown applications can be exploited to inject arbitrary script or HTML, access restrictions, execute arbitrary code, or cause denial of service via cross-site scripting (XSS) or other unknown methods.

Original advisories

Adobe Bulletin

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Flash-Player-ActiveX

Adobe-Flash-Player-NPAPI

Macromedia-Flash-Player

CVE list

CVE-2014-0533 warning

CVE-2014-0534 critical

CVE-2014-0531 warning

CVE-2014-0532 warning

CVE-2014-0535 critical

CVE-2014-0536 critical

Solution

Update to latest version

Flash Player

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

Affected Products

Flash Player 13.0.0.214 and earlier versions for Windows and MacintoshFlash Player 11.2.202.359 and earlier for LinuxAIR 13.0.0.111 and earlier versions