CVE-2014-0587 — Code Injection in Adobe Flash Player

CWE-94 — Code Injection9 documents5 sources

Severity

10.0CRITICALNVD

EPSS

10.8%

top 6.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedDec 10

Latest updateMay 14

Description

Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/flash_player13.0 — 13.0.0.259+4

🔴Vulnerability Details

GHSA

GHSA-jwcr-c5cc-5pc8: Adobe Flash Player before 13↗2022-05-14

▶

GHSA

GHSA-gp55-63jp-32x8: Adobe Flash Player before 13↗2022-05-14

▶

OSV

CVE-2014-9164: Adobe Flash Player before 13↗2014-12-10

▶

OSV

CVE-2014-0587: Adobe Flash Player before 13↗2014-12-10

▶

📋Vendor Advisories

Red Hat

flash-plugin: Multiple code-execution flaws (APSB14-27)↗2014-12-09

▶

Red Hat

flash-plugin: Multiple code-execution flaws (APSB14-27)↗2014-12-09

▶

💬Community

Bugzilla

CVE-2014-0587 CVE-2014-9164 CVE-2014-8443 CVE-2014-9163 flash-plugin: Multiple code-execution flaws (APSB14-27)↗2014-12-10

▶