製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player および Adobe AIR における同一生成元ポリシーを回避される脆弱性

Title	Adobe Flash Player および Adobe AIR における同一生成元ポリシーを回避される脆弱性
Summary	Adobe Flash Player および Adobe AIR には、同一生成元ポリシーを回避される脆弱性が存在します。
Possible impacts	第三者により、同一生成元ポリシーを回避される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 9, 2014, midnight
Registration Date	Sept. 11, 2014, 3:41 p.m.
Last Update	Sept. 17, 2014, 5:42 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

マイクロソフト

Microsoft Internet Explorer 10 (Windows 8/Windows Server 2012/Windows RT：Adobe Flash Player 15.0.0.152 未満)

Microsoft Internet Explorer 11 (Windows 8.1/Windows Server 2012 R2/Windows RT 8.1：Adobe Flash Player 15.0.0.152 未満)

アドビシステムズ

Adobe AIR 15.0.0.252 未満 (Android)

Adobe AIR デスクトップランタイム 15.0.0.249 未満 (Windows/Macintosh)

Adobe AIR SDK & Compiler 15.0.0.249 未満 (Windows/Macintosh/Android/iOS)

Adobe AIR SDK 15.0.0.249 未満 (Windows/Macintosh/Android/iOS)

Adobe Flash Player 延長サポートリリース 13.0.0.244 未満 (Windows/Macintosh)

Adobe Flash Player 11.2.202.406 未満 (Linux)

Adobe Flash Player 15.0.0.152 未満の 14.x および 15.x (Internet Explorer 10/11)

Adobe Flash Player 15.0.0.152 未満の 14.x および 15.x (Windows/Machintosh/Linux 版の Chrome)

Adobe Flash Player デスクトップランタイム 15.0.0.152 未満の 14.x および 15.x (Windows/Macintosh)

Google

Google Chrome 37.0.2062.120 未満 (Windows/Machintosh/Linux：Adobe Flash Player 15.0.0.152 未満)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0548	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0548
National Vulnerability Database (NVD)
2	CVE-2014-0548	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0548

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB14-21	http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
Adobe セキュリティ情報
2	APSB14-21	http://helpx.adobe.com/jp/security/products/flash-player/apsb14-21.html
Google
3	Google Chrome	https://www.google.com/intl/ja/chrome/browser/features.html
4	Stable Channel Update	http://googlechromereleases.blogspot.jp/2014/09/stable-channel-update_9.html
Microsoft Security Advisory
5	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	https://technet.microsoft.com/en-us/library/security/2755801
マイクロソフトセキュリティアドバイザリ
6	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	https://technet.microsoft.com/ja-jp/library/security/2755801
富士通
7	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	http://www.fmworld.net/biz/common/adobe/20140911f.html

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	Adobe Flash Player の脆弱性対策について(APSB14-21)(CVE-2014-0547等)	http://www.ipa.go.jp/security/ciadr/vul/20140910-adobeflashplayer.html
JPCERT 注意喚起
2	JPCERT-AT-2014-0035	http://www.jpcert.or.jp/at/2014/at140035.html
警察庁 @police
3	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて(2014年09月10日)	http://www.npa.go.jp/cyberpolice/topics/?seq=14547

Change Log

No	Changed Details	Date of change
0	[2014年09月11日] 掲載 [2014年09月17日] ベンダ情報：富士通 (アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-0548

Summary	Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
Publication Date	Sept. 10, 2014, 10:55 a.m.
Registration Date	Jan. 26, 2021, 3:05 p.m.
Last Update	Nov. 21, 2024, 11:02 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:adobe_air::::::::			14.0.0.179
cpe:2.3:a:adobe:adobe_air:13.0.0.83:::::::*
cpe:2.3:a:adobe:adobe_air:13.0.0.111:::::::*
cpe:2.3:a:adobe:adobe_air:14.0.0.110:::::::*
cpe:2.3:a:adobe:adobe_air:14.0.0.137:::::::*
execution environment
1	cpe:2.3:o:google:android::::::::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137:::::::*
cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:::::::*
cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:::::::*
cpe:2.3:a:adobe:adobe_air_sdk::::::::		14.0.0.178
cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			13.0.0.241
cpe:2.3:a:adobe:flash_player:13.0.0.182:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.201:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.206:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.214:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.223:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.231:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.144:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x::::::::
2	cpe:2.3:o:microsoft:windows::::::::

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			11.2.202.400
cpe:2.3:a:adobe:flash_player:11.2.202.223:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.228:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.233:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.235:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.236:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.238:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.243:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.251:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.258:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.261:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.262:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.270:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.273:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.275:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.280:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.285:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.291:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.297:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.310:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.332:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.335:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.336:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.341:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.346:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.350:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.356:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.359:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.378:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.394:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel::::::::

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:adobe:adobe_air::::::::			14.0.0.178
cpe:2.3:a:adobe:adobe_air:13.0.0.83:::::::*
cpe:2.3:a:adobe:adobe_air:13.0.0.111:::::::*
cpe:2.3:a:adobe:adobe_air:14.0.0.110:::::::*
cpe:2.3:a:adobe:adobe_air:14.0.0.137:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x::::::::
2	cpe:2.3:o:microsoft:windows::::::::

Related information, measures and tools

No	URL	タグ
1	http://helpx.adobe.com/security/products/flash-player/apsb14-21.html	Patch Vendor Advisory
2	http://helpx.adobe.com/security/products/flash-player/apsb14-21.html	Patch Vendor Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html
4	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html
5	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
6	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
7	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
8	http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
9	http://secunia.com/advisories/61089
10	http://secunia.com/advisories/61089
11	http://security.gentoo.org/glsa/glsa-201409-05.xml
12	http://security.gentoo.org/glsa/glsa-201409-05.xml
13	http://www.securityfocus.com/bid/69705
14	http://www.securityfocus.com/bid/69705
15	http://www.securitytracker.com/id/1030822
16	http://www.securitytracker.com/id/1030822
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/95818
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/95818

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			13.0.0.241
cpe:2.3:a:adobe:flash_player:13.0.0.182:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.201:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.206:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.214:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.223:::::::*
cpe:2.3:a:adobe:flash_player:13.0.0.231:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.144:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x::::::::
2	cpe:2.3:o:microsoft:windows::::::::

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			11.2.202.400
cpe:2.3:a:adobe:flash_player:11.2.202.223:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.228:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.233:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.235:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.236:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.238:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.243:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.251:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.258:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.261:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.262:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.270:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.273:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.275:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.280:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.285:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.291:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.297:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.310:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.332:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.335:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.336:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.341:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.346:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.350:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.356:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.359:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.378:::::::*
cpe:2.3:a:adobe:flash_player:11.2.202.394:::::::*
execution environment
1	cpe:2.3:o:linux:linux_kernel::::::::