CVE-2014-8442

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
adobeflash_player
13.0 ≤
𝑥
< 13.0.0.252
adobeflash_player
14.0 ≤
𝑥
≤ 14.0.0.179
adobeflash_player
15.0 ≤
𝑥
< 15.0.0.223
adobeflash_player
11.0 ≤
𝑥
< 11.2.202.418
adobeair_sdk
𝑥
≤ 15.0.0.356
adobeair
𝑥
≤ 15.0.0.356
adobeair_sdk_\&_compiler
𝑥
< 15.0.0.356
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
utopic
Fixed 11.2.202.418-0utopic1
released
trusty
Fixed 11.2.202.418-0trusty1
released
precise
Fixed 11.2.202.418-0precise1
released
lucid
ignored
flashplugin-nonfree
utopic
Fixed 11.2.202.418ubuntu0.14.10.1
released
trusty
Fixed 11.2.202.418ubuntu0.14.04.1
released
precise
Fixed 11.2.202.418ubuntu0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
http://www.securityfocus.com/bid/71040
https://exchange.xforce.ibmcloud.com/vulnerabilities/98630
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
http://www.securityfocus.com/bid/71040
https://exchange.xforce.ibmcloud.com/vulnerabilities/98630