Vulnerability CVE-2014-0569

Vulnerability Name:

CVE-2014-0569 (CCN-97017)

Assigned:

2013-12-20

Published:

2014-10-14

Updated:

2021-11-10

Summary:

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-0569

Source: CCN
Type: Adobe Security Bulletin APSB14-22
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SU-2014:1360

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2015:0725

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2014:1329

Source: CCN
Type: RHSA-2014-1648
Critical: flash-plugin security update

Source: REDHAT
Type: Broken Link
RHSA-2014:1648

Source: SECUNIA
Type: Third Party Advisory
61980

Source: BID
Type: Third Party Advisory, VDB Entry
70441

Source: CCN
Type: BID-70441
Adobe Flash Player and AIR CVE-2014-0569 Integer Overflow Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1031019

Source: MISC
Type: Third Party Advisory, VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-14-365/

Source: XF
Type: UNKNOWN
adobe-flash-cve20140569-overflow(97017)

Source: CCN
Type: Packet Storm Security [04-10-2015]
Adobe Flash Player casi32 Integer Overflow

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-13-2015]

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-0569

Source: CCN
Type: ZDI-14-365
Adobe Flash Player casi32 Integer Overflow Remote Code Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.2.202.406)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:extended_support:*:*:* (Version <= 13.0.0.244)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:adobe:flash_player:*:*:*:*:*:chrome:*:* (Version <= 15.0.0.152)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:adobe:flash_player:*:*:*:*:*:internet_explorer_10:*:* (Version <= 15.0.0.167)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:* (Version <= 15.0.0.167)

AND

cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* (Version <= 15.0.0.167)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:* (Version <= 15.0.0.249)

AND

cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/a:adobe:air_sdk:*:*:*:*:*:*:*:* (Version <= 15.0.0.249)

AND

cpe:/o:apple:iphone_os:-:*:*:*:*:*:*:*

OR cpe:/o:apple:macos:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/a:adobe:air_sdk:*:*:*:*:*:*:*:* (Version <= 15.0.0.252)

AND

cpe:/o:google:android:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/o:opensuse:evergreen:11.4:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:52002	P	Security update for haproxy (Critical)	2023-02-14
oval:org.opensuse.security:def:5302	P	Security update for postgresql12 (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:5335	P	Security update for postgresql10 (Important)	2022-08-26
oval:org.opensuse.security:def:5277	P	Security update for the Linux Kernel (Important)	2022-06-20
oval:org.opensuse.security:def:20140569	V	CVE-2014-0569	2022-05-20
oval:org.opensuse.security:def:6026	P	Security update for xen (Moderate)	2022-05-03
oval:org.opensuse.security:def:5366	P	Security update for flac (Moderate)	2022-03-14
oval:org.opensuse.security:def:5353	P	Security update for php72 (Moderate)	2022-02-25
oval:org.opensuse.security:def:5344	P	Security update for xen (Important)	2022-02-17
oval:org.opensuse.security:def:6004	P	Security update for MozillaFirefox (Important)	2022-01-18
oval:org.opensuse.security:def:10711	P	Security update for MozillaThunderbird (Important)	2022-01-12
oval:org.opensuse.security:def:11160	P	Security update for nextcloud (Important)	2021-12-20
oval:org.opensuse.security:def:46007	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:5168	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:11138	P	Security update for mupdf (Important)	2021-10-11
oval:org.opensuse.security:def:5121	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:11130	P	Security update for fail2ban (Important)	2021-09-16
oval:org.opensuse.security:def:10692	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:47158	P	stunnel-5.00-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47001	P	libXv1-1.0.10-3.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47229	P	cron-4.2-58.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47063	P	libpolkit0-0.113-5.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47867	P	python-libxml2-2.9.4-46.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47127	P	perl-XML-LibXML-2.0019-5.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47921	P	xen-4.11.0_08-1.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46917	P	cups-pk-helper-0.2.5-3.72 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:5075	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:11268	P	bind-libs-32bit-9.9.5P1-1.10 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11534	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46465	P	libXtst6-1.2.2-3.59 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12089	P	cyrus-sasl-2.1.26-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48718	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11287	P	dhcp-4.2.6-7.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17049	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46556	P	perl-YAML-LibYAML-0.38-7.53 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11429	P	pam-1.1.8-11.57 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12111	P	freerdp-2.0.0~git.1463131968.4e66df7-11.69 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11362	P	libgadu3-1.11.4-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46703	P	libXi6-1.7.4-9.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11438	P	perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76830	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11387	P	libpng12-0-1.2.50-8.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11513	P	cups-pk-helper-0.2.5-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11451	P	qemu-2.0.0-40.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:5053	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:10677	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:51896	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:5045	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:org.opensuse.security:def:11206	P	Security update for postsrsd (Moderate)	2021-05-05
oval:org.opensuse.security:def:38103	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:5202	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:5183	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:51723	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:51485	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:10584	P	Security update for MozillaThunderbird (Important)	2020-12-07
oval:org.opensuse.security:def:11253	P	openstack-neutron-2014.2.2.dev26-3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:53902	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:55371	P	radvd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24593	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:24935	P	Security update for screen (Moderate)	2020-12-01
oval:org.opensuse.security:def:38214	P	gv on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52453	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:52734	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53417	P	Security update for nodejs10 (Important)	2020-12-01
oval:org.opensuse.security:def:37367	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37745	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10853	P	systemtap-sdt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46008	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:51322	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:25080	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:10630	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:10786	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52765	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:53976	P	gnome-shell on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55445	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:24323	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:24649	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38852	P	gnome-shell-calendar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51323	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:52561	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10554	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52972	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:53702	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:37451	P	grub2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37835	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10862	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46021	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:25718	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:52571	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10811	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52846	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:54014	P	libblkid1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24386	P	Security update for ncurses (Important)	2020-12-01
oval:org.opensuse.security:def:24732	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:38142	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38894	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51345	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:52572	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53145	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:53810	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:37587	P	libspice-server1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37995	P	libz1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10875	P	aaa_base-malloccheck on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46141	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:25022	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:25753	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:10562	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52653	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54122	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37355	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54095	P	patch on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24512	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:24882	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:38170	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52168	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:52594	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:53251	P	Recommended update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:37356	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37688	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38054	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24313	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:46333	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:25036	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52727	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54196	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.cisecurity:def:1251	V	Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK and Compiler before 15.0.0.302 - CVE-2014-0569	2016-11-11
oval:org.mitre.oval:def:27526	P	SUSE-SU-2014:1360-1 -- Security update for flash-player (important)	2015-01-26
oval:org.mitre.oval:def:28461	P	SUSE-SU-2014:1423-1 -- Security update for flash-player (important)	2015-01-26
oval:org.mitre.oval:def:26175	P	RHSA-2014:1648: flash-plugin security update (Critical)	2014-11-24
oval:org.opensuse.security:def:78079	P	Security update for flash-player (Important)	2014-11-04
oval:com.ubuntu.precise:def:20140569000	V	CVE-2014-0569 on Ubuntu 12.04 LTS (precise) - medium.	2014-10-15
oval:com.ubuntu.trusty:def:20140569000	V	CVE-2014-0569 on Ubuntu 14.04 LTS (trusty) - medium.	2014-10-15

BACK