CVE-2014-0497 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
adobe	flash_player	𝑥 < 11.2.202.336
adobe	flash_player	𝑥 < 11.7.700.261
adobe	flash_player	11.8.800.94 ≤ 𝑥 < 12.0.0.44
google	chrome	𝑥 < 32.0.1700.107
redhat	enterprise_linux_desktop	5.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	6.5
redhat	enterprise_linux_server	5.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_aus	6.5
redhat	enterprise_linux_workstation	5.0
redhat	enterprise_linux_workstation	6.0
opensuse	opensuse	11.4
opensuse	opensuse	12.3
opensuse	opensuse	13.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

adobe-flashplugin

lucid	ignored
precise	Fixed 11.2.202.336 released
quantal	Fixed 11.2.202.336 released
saucy	Fixed 11.2.202.336 released

flashplugin-nonfree

lucid	ignored
precise	Fixed 11.2.202.336 released
quantal	Fixed 11.2.202.336 released
saucy	Fixed 11.2.202.336 released

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html

http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html

http://rhn.redhat.com/errata/RHSA-2014-0137.html

http://secunia.com/advisories/56437

http://secunia.com/advisories/56737

http://secunia.com/advisories/56780

http://secunia.com/advisories/56799

http://secunia.com/advisories/56839

http://www.exploit-db.com/exploits/33212

http://www.osvdb.org/102849

http://www.securityfocus.com/bid/65327

http://www.securitytracker.com/id/1029715

https://exchange.xforce.ibmcloud.com/vulnerabilities/90884

http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html

http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html

http://rhn.redhat.com/errata/RHSA-2014-0137.html

http://secunia.com/advisories/56437

http://secunia.com/advisories/56737

http://secunia.com/advisories/56780

http://secunia.com/advisories/56799

http://secunia.com/advisories/56839

http://www.exploit-db.com/exploits/33212

http://www.osvdb.org/102849

http://www.securityfocus.com/bid/65327

http://www.securitytracker.com/id/1029715

https://exchange.xforce.ibmcloud.com/vulnerabilities/90884

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0497