CVE-2014-0578 - Vulnerability Details

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Air Air Sdk Air Sdk \& Compiler Flash Player
Apple	Mac Os X
Linux	Linux Kernel
Microsoft	Windows
Redhat	Rhel Extras

Configuration 1 [-]

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*
	cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*
	cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*
	cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*
	cpe:2.3:a:adobe:flash_player:15.0.0.152:::::::*
	cpe:2.3:a:adobe:flash_player:15.0.0.167:::::::*
	cpe:2.3:a:adobe:flash_player:15.0.0.189:::::::*
	cpe:2.3:a:adobe:flash_player:15.0.0.223:::::::*
	cpe:2.3:a:adobe:flash_player:15.0.0.239:::::::*
	cpe:2.3:a:adobe:flash_player:15.0.0.246:::::::*
	cpe:2.3:a:adobe:flash_player:16.0.0.235:::::::*
	cpe:2.3:a:adobe:flash_player:16.0.0.257:::::::*
	cpe:2.3:a:adobe:flash_player:16.0.0.287:::::::*
	cpe:2.3:a:adobe:flash_player:16.0.0.296:::::::*
	cpe:2.3:a:adobe:flash_player:17.0.0.134:::::::*
	cpe:2.3:a:adobe:flash_player:17.0.0.169:::::::*
	cpe:2.3:a:adobe:flash_player:17.0.0.188:::::::*
	cpe:2.3:a:adobe:flash_player:17.0.0.190:::::::*
	cpe:2.3:a:adobe:flash_player:18.0.0.160:::::::*
	cpe:2.3:a:adobe:flash_player:18.0.0.194:::::::*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:adobe:air::::::::
	cpe:2.3:a:adobe:air_sdk::::::::
	cpe:2.3:a:adobe:air_sdk_\&_compiler::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5 Supplementary
flash-plugin-0:11.2.202.481-1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1214	2015-07-08T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
flash-plugin-0:11.2.202.481-1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1214	2015-07-08T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
http://rhn.redhat.com/errata/RHSA-2015-1214.html
http://www.securityfocus.com/bid/75594
http://www.securitytracker.com/id/1032810
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://nvd.nist.gov/vuln/detail/CVE-2014-0578
https://security.gentoo.org/glsa/201507-13
https://www.cve.org/CVERecord?id=CVE-2014-0578

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2015-07-09T16:00:00

Updated: 2024-08-06T09:20:19.831Z

Reserved: 2013-12-20T00:00:00

Link: CVE-2014-0578

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-07-09T16:59:00.087

Modified: 2024-11-21T02:02:25.920

Link: CVE-2014-0578

Redhat

Severity : Moderate

Publid Date: 2015-07-08T00:00:00Z

Links: CVE-2014-0578 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object