#VU5227 Security bypass in Adobe Flash Player for Linux and Adobe Flash Player - CVE-2014-0580
Published: January 23, 2017
Vulnerability identifier: #VU5227
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-0580
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Adobe Flash Player for Linux
Adobe Flash Player
Adobe Flash Player for Linux
Adobe Flash Player
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote attacker to circumvent the Same Origin Policy on the target system.
The weakness exists due to an error in the setClipboard() function. A remote attacker can create a specially crafted shockwave file, trick the victim into into viewing it and insert persistent data into the clipboard.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
The weakness exists due to an error in the setClipboard() function. A remote attacker can create a specially crafted shockwave file, trick the victim into into viewing it and insert persistent data into the clipboard.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
Remediation
Install update from vendor's website.