Vulnerability CVE-2014-0585

Vulnerability Name:

CVE-2014-0585 (CCN-98623)

Assigned:

2013-12-20

Published:

2014-11-11

Updated:

2018-12-13

Summary:

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-94

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2014-0585

Source: CCN
Type: Adobe Security Bulletin APSB14-24
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2015:0725

Source: CCN
Type: RHSA-2014-1852
Critical: flash-plugin security update

Source: CCN
Type: BID-71044
Adobe Flash Player and AIR CVE-2014-0585 Type Confusion Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
adobe-flash-cve20140585-code-exec(98623)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-0585

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 13.0 and < 13.0.0.252)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 14.0 and <= 14.0.0.179)

OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 15.0 and < 15.0.0.223)

AND

cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.2.202.418)

AND

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:adobe:air_sdk:*:*:*:*:*:*:*:* (Version <= 15.0.0.356)

Configuration 4:

cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version <= 15.0.0.356)

Configuration 5:

cpe:/a:adobe:air_sdk_&_compiler:*:*:*:*:*:*:*:* (Version < 15.0.0.356)

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:52002	P	Security update for haproxy (Critical)	2023-02-14
oval:org.opensuse.security:def:5302	P	Security update for postgresql12 (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:5335	P	Security update for postgresql10 (Important)	2022-08-26
oval:org.opensuse.security:def:5277	P	Security update for the Linux Kernel (Important)	2022-06-20
oval:org.opensuse.security:def:20140585	V	CVE-2014-0585	2022-05-20
oval:org.opensuse.security:def:6026	P	Security update for xen (Moderate)	2022-05-03
oval:org.opensuse.security:def:5366	P	Security update for flac (Moderate)	2022-03-14
oval:org.opensuse.security:def:5353	P	Security update for php72 (Moderate)	2022-02-25
oval:org.opensuse.security:def:5344	P	Security update for xen (Important)	2022-02-17
oval:org.opensuse.security:def:6004	P	Security update for MozillaFirefox (Important)	2022-01-18
oval:org.opensuse.security:def:10711	P	Security update for MozillaThunderbird (Important)	2022-01-12
oval:org.opensuse.security:def:55993	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:55315	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:11164	P	Security update for postrsd (Moderate)	2021-12-30
oval:org.opensuse.security:def:5168	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:11142	P	Security update for chromium (Important)	2021-10-26
oval:org.opensuse.security:def:5121	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:11134	P	Security update for chromium (Important)	2021-09-21
oval:org.opensuse.security:def:10692	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:47159	P	sudo-1.8.10p3-6.16 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47128	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47064	P	libpoppler-glib8-0.43.0-15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47002	P	libXvMC1-1.0.8-3.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47922	P	xf86-video-intel-2.99.917+git781.c8990575-1.27 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46918	P	curl-7.37.0-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47868	P	python-pyOpenSSL-16.0.0-4.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47230	P	ctags-5.8-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:5075	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:11366	P	libgssglue1-0.4-3.83 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12093	P	dia-0.97.3-15.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46557	P	ppc64-diag-2.6.7-2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17049	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11291	P	elfutils-0.158-3.200 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11455	P	rsyslog-8.4.0-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48718	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46466	P	libXv1-1.0.10-3.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11272	P	clamav-0.98.4-1.46 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11442	P	ppp-2.4.7-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11433	P	patch-2.7.1-5.191 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76830	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11513	P	cups-pk-helper-0.2.5-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11391	P	libproxy1-0.4.11-11.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11534	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12115	P	gdk-pixbuf-lang-2.34.0-18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46704	P	libXinerama1-1.1.3-3.55 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55912	P	Security update for spice-gtk (Important)	2021-06-08
oval:org.opensuse.security:def:5053	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:10677	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:51896	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:5045	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:org.opensuse.security:def:11210	P	Security update for syncthing (Moderate)	2021-05-11
oval:org.opensuse.security:def:38103	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:5202	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:55874	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:5183	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:51723	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:51485	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:10584	P	Security update for MozillaThunderbird (Important)	2020-12-07
oval:org.opensuse.security:def:11257	P	python-pymongo-2.6.3-2.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:46009	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38142	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28680	P	Security update for flash-player	2020-12-01
oval:org.opensuse.security:def:37355	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24513	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:52168	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:52738	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:52846	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:27306	P	tar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24936	P	Security update for libtasn1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:55043	P	xorg-x11-libs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53706	P	Security update for rmt-server (Important)	2020-12-01
oval:org.opensuse.security:def:10862	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25754	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:51323	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:37587	P	libspice-server1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27808	P	Security update for pulseaudio	2020-12-01
oval:org.opensuse.security:def:55375	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54469	P	freerdp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28645	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:24387	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:38054	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52598	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:52765	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:38894	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27242	P	mozilla-nspr-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24883	P	Security update for python-cryptography, python-pyOpenSSL (Important)	2020-12-01
oval:org.opensuse.security:def:46008	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:54870	P	libgypsy0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53421	P	Security update for nodejs8 (Important)	2020-12-01
oval:org.opensuse.security:def:10853	P	systemtap-sdt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25719	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:10554	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37451	P	grub2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27657	P	Security update for qemu	2020-12-01
oval:org.opensuse.security:def:55800	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:54099	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55708	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28007	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24324	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:37995	P	libz1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57343	P	Security update for flash-player	2020-12-01
oval:org.opensuse.security:def:52576	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:46334	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:52727	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:38852	P	gnome-shell-calendar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51322	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:10630	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:24733	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:54632	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53255	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:25081	P	Security update for libarchive (Moderate)	2020-12-01
oval:org.opensuse.security:def:37367	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27573	P	texlive on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10811	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54018	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55600	P	Security update for util-linux (Moderate)	2020-12-01
oval:org.opensuse.security:def:27963	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27231	P	libzip1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37835	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57269	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:46142	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52653	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:38214	P	gv on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24650	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:52561	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:54492	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53149	P	Security update for ldb, samba (Important)	2020-12-01
oval:org.opensuse.security:def:25037	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:54196	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37356	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27516	P	mozilla-nspr-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10786	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53980	P	groff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52575	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27949	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:27230	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37745	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27910	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:46022	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:38170	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10562	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24594	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:52453	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:54470	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52976	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:25023	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:54122	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24314	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27434	P	libasm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53906	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:55149	P	imobiledevice-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53814	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:10875	P	aaa_base-malloccheck on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51345	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:37688	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27861	P	Security update for pwlib	2020-12-01
oval:org.opensuse.security:def:55449	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.mitre.oval:def:28250	P	SUSE-SU-2014:1465-1 -- Security update for flash-player (moderate)	2015-01-26
oval:org.mitre.oval:def:28194	P	SUSE-SU-2014:1442-1 -- Security update for flash-player (important)	2015-01-26
oval:org.opensuse.security:def:78083	P	Security update for flash-player (Moderate)	2014-11-19
oval:org.opensuse.security:def:79977	P	Security update for flash-player	2014-11-14
oval:com.redhat.rhsa:def:20141852	P	RHSA-2014:1852: flash-plugin security update (Critical)	2014-11-13
oval:com.ubuntu.precise:def:20140585000	V	CVE-2014-0585 on Ubuntu 12.04 LTS (precise) - medium.	2014-11-11
oval:com.ubuntu.trusty:def:20140585000	V	CVE-2014-0585 on Ubuntu 14.04 LTS (trusty) - medium.	2014-11-11

BACK