Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0509

Опубликовано: 08 апр. 2014
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Уязвимость межсайтового скриптинга (XSS) в Adobe Flash Player и Adobe AIR через неопределенные векторы

Описание

Злоумышленник способен внедрить произвольный веб-скрипт или HTML-код через межсайтовый скриптинг (XSS) в Adobe Flash Player и Adobe AIR. Это позволяет ему выполнять скрипты в контексте другого веб-сайта, что может привести к краже данных или иным видам атак.

Затронутые версии ПО

  • Adobe Flash Player: версии до 11.7.700.275 и с 11.8.x по 13.0.x до 13.0.0.182 на Windows и OS X; версии до 11.2.202.350 на Linux.
  • Adobe AIR: версии до 13.0.0.83 на Android.
  • Adobe AIR SDK: версии до 13.0.0.83.
  • Adobe AIR SDK & Compiler: версии до 13.0.0.83.

Тип уязвимости

Межсайтовый скриптинг (XSS)

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.3.300.257:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.3.300.262:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.3.300.265:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.3.300.268:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.3.300.271:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.3.300.273:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.4.402.265:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.4.402.278:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.4.402.287:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.5.502.110:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.5.502.135:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.5.502.136:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.5.502.146:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.5.502.149:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.6.602.167:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.6.602.168:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.6.602.171:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.6.602.180:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.7.700.169:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.7.700.202:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.7.700.224:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.7.700.232:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.7.700.242:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.7.700.252:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.7.700.257:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.7.700.260:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.8.800.94:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.8.800.97:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.8.800.168:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.9.900.117:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.9.900.152:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.9.900.170:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:12.0.0.38:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:12.0.0.41:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:12.0.0.43:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
Версия до 4.0.0.1390 (включая)
cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:1.5.3.9130:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.0.2.12610:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.0.3.13070:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.5.0.16600:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.5.1.17730:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.6.0.19120:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.6.0.19140:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.7.0.1948:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.7.0.1953:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.7.0.19480:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.7.0.19530:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:2.7.1.19610:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.0.0.408:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.0.0.4080:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.1.0.485:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.1.0.488:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.1.0.4880:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.2.0.207:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.2.0.2070:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.3.0.3670:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.4.0.2540:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.4.0.2710:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.5.0.600:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.5.0.880:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.5.0.890:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.5.0.1060:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.6.0.597:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.6.0.6090:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.7.0.1530:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.7.0.1860:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.7.0.2090:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.8.0.870:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.8.0.910:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.9.0.1030:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.9.0.1060:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.9.0.1210:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air:3.9.0.1380:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Версия до 11.2.202.346 (включая)
cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*
Версия до 4.0.0.1628 (включая)
cpe:2.3:a:adobe:adobe_air_sdk:3.0.0.4080:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.1.0.488:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.2.0.2070:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3650:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3690:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2540:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2710:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.600:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.880:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.890:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.1060:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.599:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.6090:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1530:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1860:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.2090:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.870:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.910:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.1430:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1030:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1210:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1380:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1390:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00583
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2014-0509

ubuntu
почти 12 лет назад

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

redhat логотип

CVE-2014-0509

redhat
почти 12 лет назад

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

github логотип

GHSA-w988-3j4h-5xj8

github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

suse-cvrf логотип

SUSE-SU-2015:1137-1

suse-cvrf
около 11 лет назад

Security update for flash-player

suse-cvrf логотип

SUSE-SU-2015:1064-1

suse-cvrf
около 11 лет назад

Security update for flash-player

EPSS

Процентиль: 68%
0.00583
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79