CVE-2014-0502

Scores

EPSS

0.890high89.0%

0%20%40%60%80%100%

Percentile: 89.0%

CVSS

8.8high3.x

0246810

CVSS Score: 8.8/10

All CVSS Scores

CVSS 3.x

8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

nvdredhat

CWEs

CWE-415

Exploits

Exploit ID: CVE-2014-0502

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Recommendations

Source: nvd

All Adobe Flash Player users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose
“>=www-plugins/adobe-flash-11.2.202.356”

URL: http://security.gentoo.org/glsa/glsa-201405-04.xml

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/site/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-0196.html

Vulnerable Software (13)

Type: Configuration

Product: flash-plugin

Operating System: rhel

Trait:

{  "fixed": "11.2.202.341-1.el5"}

Source: redhat

Type: Configuration

Product: flash-plugin

Operating System: rhel

Trait:

{  "fixed": "11.2.202.341-1.el6"}

Source: redhat

Type: Configuration

Vendor: *

Product: adobe_air

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",          "versionEndExcluding": "4.0.0.1628",          "vulnerable": true  ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*",          "versionEndExcluding": "4.0.0.1628",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: adobe_air_sdk

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*",      "versionEndExcluding": "4.0.0.1628",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_desktop

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_eus

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server_aus

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_workstation

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: flash_player

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",          "versionEndExcluding": "11.7.700.269",          "vulnerable": tr...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",          "versionEndExcluding": "11.7.700.269",          "vulnerable": true        },        {          "cpe23uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",          "versionEndExcluding": "12.0.0.70",          "versionStartIncluding": "11.8.800.94",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*"        },        {          "cpe23uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: flash_player

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",          "versionEndExcluding": "11.2.202.341",          "vulnerable": tr...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",          "versionEndExcluding": "11.2.202.341",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise_desktop

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", ...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: opensuse

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", ...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2014-0502

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Exploits

Recommendations

Vulnerable Software (13)