CVE-2014-9163

EUVD-2014-8988
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
adobeflash_player
13.0 ≤
𝑥
< 13.0.0.259
adobeflash_player
14.0 ≤
𝑥
≤ 14.0.0.179
adobeflash_player
15.0 ≤
𝑥
< 15.0.0.246
adobeflash_player
11.0 ≤
𝑥
< 11.2.202.425
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
lucid
ignored
precise
Fixed 11.2.202.425-0precise1
released
trusty
Fixed 11.2.202.425-0trusty1
released
utopic
Fixed 11.2.202.425-0utopic1
released
flashplugin-nonfree
lucid
ignored
precise
Fixed 11.2.202.425ubuntu0.12.04.1
released
trusty
Fixed 11.2.202.425ubuntu0.14.04.1
released
utopic
Fixed 11.2.202.425ubuntu0.14.10.1
released
Common Weakness Enumeration
References
http://helpx.adobe.com/security/products/flash-player/apsb14-27.html
http://helpx.adobe.com/security/products/flash-player/apsb14-27.html
https://github.com/cisagov/vulnrichment/issues/196
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-9163