Security bypass in Adobe Flash Player for Linux and Adobe Flash Player - CVE-2014-0580
Published: January 23, 2017
Vulnerability identifier: #VU5227
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-0580
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Flash Player for Linux
Adobe Flash Player
Adobe Flash Player for Linux
Adobe Flash Player
Detailed vulnerability description
The vulnerability allows a remote attacker to circumvent the Same Origin Policy on the target system.
The weakness exists due to an error in the setClipboard() function. A remote attacker can create a specially crafted shockwave file, trick the victim into into viewing it and insert persistent data into the clipboard.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
The weakness exists due to an error in the setClipboard() function. A remote attacker can create a specially crafted shockwave file, trick the victim into into viewing it and insert persistent data into the clipboard.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
How to mitigate CVE-2014-0580
Install update from vendor's website.