CVE-2014-0578

Current Description

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

Referenced by CVEs:CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116

Basic Data

PublishedJuly 09, 2015
Last ModifiedSeptember 22, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-284
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationAdobeFlash Player********11.2.202.468
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSLinuxLinux Kernel-*******
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationAdobeFlash Player********13.0.0.289
      2.3ApplicationAdobeFlash Player14.0.0.125*******
      2.3ApplicationAdobeFlash Player14.0.0.145*******
      2.3ApplicationAdobeFlash Player14.0.0.176*******
      2.3ApplicationAdobeFlash Player14.0.0.179*******
      2.3ApplicationAdobeFlash Player15.0.0.152*******
      2.3ApplicationAdobeFlash Player15.0.0.167*******
      2.3ApplicationAdobeFlash Player15.0.0.189*******
      2.3ApplicationAdobeFlash Player15.0.0.223*******
      2.3ApplicationAdobeFlash Player15.0.0.239*******
      2.3ApplicationAdobeFlash Player15.0.0.246*******
      2.3ApplicationAdobeFlash Player16.0.0.235*******
      2.3ApplicationAdobeFlash Player16.0.0.257*******
      2.3ApplicationAdobeFlash Player16.0.0.287*******
      2.3ApplicationAdobeFlash Player16.0.0.296*******
      2.3ApplicationAdobeFlash Player17.0.0.134*******
      2.3ApplicationAdobeFlash Player17.0.0.169*******
      2.3ApplicationAdobeFlash Player17.0.0.188*******
      2.3ApplicationAdobeFlash Player17.0.0.190*******
      2.3ApplicationAdobeFlash Player18.0.0.160*******
      2.3ApplicationAdobeFlash Player18.0.0.194*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSAppleMac Os X-*******
      2.3OSMicrosoftWindows-*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAdobeAir********18.0.0.144
    2.3ApplicationAdobeAir Sdk********18.0.0.144
    2.3ApplicationAdobeAir Sdk & Compiler********18.0.0.144

Vulnerable Software List

VendorProductVersions
Adobe Air Sdk & Compiler *
Adobe Flash Player *, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296, 17.0.0.134, 17.0.0.169, 17.0.0.188, 17.0.0.190, 18.0.0.160, 18.0.0.194
Adobe Air Sdk *
Adobe Air *

References

NameSourceURLTags
SUSE-SU-2015:1211http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.htmlSUSE
SUSE-SU-2015:1214http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.htmlSUSE
RHSA-2015:1214http://rhn.redhat.com/errata/RHSA-2015-1214.htmlREDHAT
75594http://www.securityfocus.com/bid/75594BID
1032810http://www.securitytracker.com/id/1032810SECTRACK
https://helpx.adobe.com/security/products/flash-player/apsb15-16.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb15-16.htmlCONFIRMPATCH Vendor Advisory
GLSA-201507-13https://security.gentoo.org/glsa/201507-13GENTOO