KLA10003
Multiple vulnerabilities in Adobe Flash Player
Updated: 03/24/2015
CVSS
?
10.0
Detect date
?
06/27/2014
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in the following Adobe Flash Player versions:  13.0.0.206 and earlier for Windows, Mac OS; 11.2.202.356 and earlier for Linux and Adobe AIR SDK & Compiler version 13.0.0.83. Malicious users can exploit these vulnerabilities to bypass a sandbox protection mechanism, the same-origin policy and access restrictions, or execute arbitrary code

Below is a complete list of vulnerabilities 

  1. heap-based buffer overflow can be exploited to execute arbitrary code and bypass the sandbox.
  2. some unspecified attack vectors can be exploited to bypass the same-origin policy and access restrictions.
Affected products

Flash Player 13.0.0.206 and earlier versions for Windows and Mac OS,
Flash Player 11.2.202.356 and earlier for Linux,
AIR 13.0.0.83 SDK & Compiler.

Solution

Update to latest version
Flash Player

Original advisories

Adobe bulletin

Impacts
?
ACE 
[?]

SB 
[?]
Related products
Macromedia Flash Player
Adobe Flash Player NPAPI
Adobe Flash Player ActiveX
CVE-IDS
?

CVE-2014-0520
CVE-2014-0519
CVE-2014-0518
CVE-2014-0517
CVE-2014-0516
CVE-2014-0510