Kaspersky LabKLA10036KLA10036 Multiple vulnerabilities in Adobe Flash and Adobe AIR
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
89.9%
Multiple serious vulnerabilities have been found in Adobe Flash Player and Adobe AIR SDK. Malicious users can exploit these vulnerabilities to bypass security restrictions and obtain sensitive information. Below is a complete list of vulnerabilities:
- Vectors related to unknown applications can be exploited to bypass security restrictions
- Improper SWFs can be exploited to obtain sensitive information via CSRF
Original advisories
Exploitation
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2014-0539 critical
CVE-2014-4671 warning
CVE-2014-0537 critical
Solution
Update to latest versionFlash Player
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Adobe Flash Player versions 14.0.0.145 and earlier for Windows and Mac OSAdobe Flash Player versions 11.2.202.394 and earlier for LinuxAdobe AIR versions 14.0.0.110 and earlier for AndroidAdobe AIR SDK versions 14.0.0.110 and earlier
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.024 Low
EPSS
Percentile
89.9%