Vulnerability CVE-2014-0503

Vulnerability Name:

CVE-2014-0503 (CCN-91722)

Assigned:

2013-12-20

Published:

2014-03-11

Updated:

2018-12-13

Summary:

Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-0503

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update

Source: CCN
Type: Adobe Product Security Bulletin APSB14-08
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Vendor Advisory
http://helpx.adobe.com/security/products/flash-player/apsb14-08.html

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2014:0379

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SU-2014:0387

Source: CCN
Type: RHSA-2014-0289
Moderate: flash-plugin security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2014:0289

Source: CCN
Type: SA57341
Microsoft Windows Flash Player Information Disclosure and Security Bypass Vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-201405-04

Source: CCN
Type: BID-66122
Adobe Flash Player CVE-2014-0503 Same Origin Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
adobe-flash-cve20140504-info-disc(91722)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-0504

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.2.202.346)

AND

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.7.700.272)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.8 and < 12.0.0.77)

AND

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:11.01.152:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.01.153:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.6:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.9:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.115.8:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:52002	P	Security update for haproxy (Critical)	2023-02-14
oval:org.opensuse.security:def:51934	P	Security update for python3 (Important)	2022-10-06
oval:org.opensuse.security:def:5302	P	Security update for postgresql12 (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:5335	P	Security update for postgresql10 (Important)	2022-08-26
oval:org.opensuse.security:def:5277	P	Security update for the Linux Kernel (Important)	2022-06-20
oval:org.opensuse.security:def:20140503	V	CVE-2014-0503	2022-05-20
oval:org.opensuse.security:def:6026	P	Security update for xen (Moderate)	2022-05-03
oval:org.opensuse.security:def:5366	P	Security update for flac (Moderate)	2022-03-14
oval:org.opensuse.security:def:5353	P	Security update for php72 (Moderate)	2022-02-25
oval:org.opensuse.security:def:5344	P	Security update for xen (Important)	2022-02-17
oval:org.opensuse.security:def:6004	P	Security update for MozillaFirefox (Important)	2022-01-18
oval:org.opensuse.security:def:10711	P	Security update for MozillaThunderbird (Important)	2022-01-12
oval:org.opensuse.security:def:51768	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:5168	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:10663	P	Security update for ffmpeg (Moderate)	2021-10-26
oval:org.opensuse.security:def:5132	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:5121	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:51662	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:5119	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:5110	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:10692	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:5101	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:5792	P	Security update for apache-commons-compress (Important)	2021-08-05
oval:org.opensuse.security:def:5770	P	Security update for sqlite3 (Important)	2021-07-14
oval:org.opensuse.security:def:5075	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:5068	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:10644	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:48670	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17049	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48718	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11300	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11465	P	sysvinit-tools-2.88+-94.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76596	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11534	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11487	P	zoo-2.10-1020.62 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11513	P	cups-pk-helper-0.2.5-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76830	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17001	P	flash-player-11.2.202.406-1.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:5053	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:10677	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:51896	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:5045	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:org.opensuse.security:def:5043	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:38122	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:38103	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:5202	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:5183	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:51723	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:51485	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:4968	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:51088	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:51089	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:10584	P	Security update for MozillaThunderbird (Important)	2020-12-07
oval:org.opensuse.security:def:4811	P	Security update for apache2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:4934	P	Security update for libvirt (Important)	2020-12-02
oval:org.opensuse.security:def:4819	P	Security update for apache2 (Important)	2020-12-02
oval:org.opensuse.security:def:4949	P	Security update for spice-gtk (Moderate)	2020-12-02
oval:org.opensuse.security:def:4841	P	Security update for 389-ds (Important)	2020-12-02
oval:org.opensuse.security:def:4887	P	Security update for xen (Important)	2020-12-02
oval:org.opensuse.security:def:10514	P	libksba-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52419	P	Security update for libqt5-qtbase (Moderate)	2020-12-01
oval:org.opensuse.security:def:53888	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:37355	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10811	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52846	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:51489	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:52219	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:52168	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:38142	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38894	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37319	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37697	P	update-alternatives on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37356	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37688	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38054	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10827	P	ocaml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10862	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10536	P	libraptor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52493	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:53962	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10562	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52653	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54122	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52327	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38166	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52453	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:38170	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37403	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37787	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37367	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37745	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51322	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:10875	P	aaa_base-malloccheck on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10582	P	pam-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10738	P	libgnutls-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52531	P	Security update for munge (Moderate)	2020-12-01
oval:org.opensuse.security:def:52727	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54196	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51111	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:38055	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38804	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51323	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:52561	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:38214	P	gv on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10506	P	libidn-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37539	P	libjbig2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37947	P	libpulse-mainloop-glib0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37451	P	grub2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37835	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10805	P	libunrar-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37307	P	ppc64-diag on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10629	P	augeas-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10763	P	libneon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52612	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10630	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:10786	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52765	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:51251	P	Security update for djvulibre (Moderate)	2020-12-01
oval:org.opensuse.security:def:38094	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38846	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51345	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:38852	P	gnome-shell-calendar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37308	P	ppp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37640	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38006	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10554	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37587	P	libspice-server1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37995	P	libz1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10814	P	libxslt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10853	P	systemtap-sdt-devel on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:22099	V	Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows allows remote attackers to bypass the Same Origin Policy via unspecified vectors.	2015-08-03
oval:org.mitre.oval:def:23928	P	RHSA-2014:0289: flash-plugin security update (Moderate)	2015-08-03
oval:org.mitre.oval:def:25512	P	SUSE-SU-2014:0387-1 -- Security update for flash-player	2014-09-08
oval:org.mitre.oval:def:24315	P	ELSA-2014:0289: flash-plugin security update (Moderate)	2014-05-26
oval:com.redhat.rhsa:def:20140289	P	RHSA-2014:0289: flash-plugin security update (Moderate)	2014-03-12
oval:com.ubuntu.precise:def:20140503000	V	CVE-2014-0503 on Ubuntu 12.04 LTS (precise) - medium.	2014-03-12

BACK