CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.8%
Versions of Adobe Flash player prior to 13.0.0.214 are outdated and thus unpatched for the following vulnerabilities :
An overflow condition exists that is triggered as user-supplied input is not properly validated when handling display objects. This may allow a context-dependent attacker to cause a heap-based buffer overflow, allowing the execution of arbitrary code. (CVE-2014-0510)
An unspecified vulnerability exists that could be used to bypass the same origin policy. (CVE-2014-0516)
Multiple, unspecified security bypass vulnerabilities exist. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520)
Binary data 8254.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0520
helpx.adobe.com/security/products/flash-player/apsb14-14.html