Tenable8603.PRMFlash Player < 16.0.0.235 Multiple Vulnerabilities (APSB14-27)
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.3%
Versions of Flash player earlier than 16.0.0.235 are unpatched for the following vulnerabilities:
-
A security bypass vulnerability that allows an attacker to bypass the same-origin policy. (CVE-2014-0580)
-
Multiple memory corruption vulnerabilities that allow an attacker to execute arbitrary code. (CVE-2014-0587, CVE-2014-9164)
-
A use-after-free vulnerability that can result in arbitrary code execution. (CVE-2014-8443)
-
An unspecified information disclosure vulnerability. (CVE-2014-9162)
-
A stack-based buffer overflow vulnerability that can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-9163)
Binary data 8603.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0580
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9164
helpx.adobe.com/security/products/flash-player/apsb14-27.html
support.microsoft.com/kb/3008925
technet.microsoft.com/library/security/2755801
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.3%