CVE-2014-9163

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
adobeCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
adobeflash_player
13.0 ≤
𝑥
< 13.0.0.259
adobeflash_player
14.0 ≤
𝑥
≤ 14.0.0.179
adobeflash_player
15.0 ≤
𝑥
< 15.0.0.246
adobeflash_player
11.0 ≤
𝑥
< 11.2.202.425
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
utopic
Fixed 11.2.202.425-0utopic1
released
trusty
Fixed 11.2.202.425-0trusty1
released
precise
Fixed 11.2.202.425-0precise1
released
lucid
ignored
flashplugin-nonfree
utopic
Fixed 11.2.202.425ubuntu0.14.10.1
released
trusty
Fixed 11.2.202.425ubuntu0.14.04.1
released
precise
Fixed 11.2.202.425ubuntu0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://helpx.adobe.com/security/products/flash-player/apsb14-27.html
http://helpx.adobe.com/security/products/flash-player/apsb14-27.html