10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Versions of Flash player earlier than 15.0.0.152 are unpatched for the following vulnerabilities:
Unspecified memory corruption issues exist that allow arbitrary code execution. (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555)
An unspecified error exists that allows cross-origin policy violations. (CVE-2014-0548)
A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0553)
An unspecified error exists that allows an unspecified security bypass. (CVE-2014-0554)
Unspecified errors exist that allow memory leaks leading to easier defeat of memory address randomization. (CVE-2014-0557)
Heap-based buffer overflow errors exist that allow arbitrary code execution. (CVE-2014-0556, CVE-2014-0559)
Binary data 8375.prm
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | flash_player | cpe:/a:adobe:flash_player |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0549
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0553
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0554
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0556
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0557
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0559
helpx.adobe.com/security/products/flash-player/apsb14-21.html
technet.microsoft.com/en-US/library/security/2755801