製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性

Title	Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性
Summary	Adobe Flash Player および Adobe AIR には、整数オーバーフローの脆弱性が存在します。
Possible impacts	攻撃者により、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 14, 2014, midnight
Registration Date	Oct. 21, 2014, 12:29 p.m.
Last Update	Oct. 21, 2014, 12:29 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

マイクロソフト

Microsoft Internet Explorer 10 (Windows 8/Windows Server 2012/Windows RT：Adobe Flash Player 15.0.0.189 未満)

Microsoft Internet Explorer 11 (Windows 8.1/Windows Server 2012 R2/Windows RT 8.1：Adobe Flash Player 15.0.0.189 未満)

アドビシステムズ

Adobe AIR 15.0.0.293 未満 (Android)

Adobe AIR デスクトップランタイム 15.0.0.293 未満 (Windows/Macintosh)

Adobe AIR SDK & Compiler 15.0.0.302 未満 (Windows/Macintosh/Android/iOS)

Adobe AIR SDK 15.0.0.302 未満 (Windows/Macintosh/Android/iOS)

Adobe Flash Player 11.2.202.411 未満 (Linux)

Adobe Flash Player 14.x (Windows/Macintosh)

Adobe Flash Player 15.0.0.189 未満の 15.x (Windows 8.0/8.1 版の Internet Explorer 10/11)

Adobe Flash Player 15.0.0.189 未満の 15.x (Windows/Machintosh/Linux 版の Chrome)

Adobe Flash Player デスクトップランタイム 15.0.0.189 未満の 15.x (Windows/Macintosh)

Adobe Flash Player 継続サポートリリース 13.0.0.250 未満 (Windows/Macintosh)

Google

Google Chrome 38.0.2125.104 未満 (Windows/Machintosh/Linux：Adobe Flash Player 15.0.0.189 未満)

Google Chrome 38.0.2125.108 未満 (Chrome OS：プラットフォーム 6158.64.0)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0569	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0569
National Vulnerability Database (NVD)
2	CVE-2014-0569	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0569

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB14-22	http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
Adobe セキュリティ情報
2	APSB14-22	http://helpx.adobe.com/jp/security/products/flash-player/apsb14-22.html
Google
3	Google Chrome	https://www.google.com/intl/ja/chrome/browser/features.html
4	Stable Channel Update	http://googlechromereleases.blogspot.jp/2014/10/stable-channel-update_14.html
5	Stable Channel Update for Chrome OS	http://googlechromereleases.blogspot.jp/2014/10/stable-channel-update-for-chrome-os_16.html
Microsoft Security Advisory
6	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	https://technet.microsoft.com/en-us/library/security/2755801
マイクロソフトセキュリティアドバイザリ
7	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	https://technet.microsoft.com/ja-jp/library/security/2755801
富士通セキュリティ情報
8	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	http://www.fmworld.net/biz/common/adobe/20141016f.html

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	Adobe Flash Player の脆弱性対策について(APSB14-22)(CVE-2014-0558等)	http://www.ipa.go.jp/security/ciadr/vul/20141015-adobeflashplayer.html
JPCERT 注意喚起
2	JPCERT-AT-2014-0040	http://www.jpcert.or.jp/at/2014/at140040.html
警察庁 @police
3	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて(2014年10月15日)	http://www.npa.go.jp/cyberpolice/topics/?seq=14765

Change Log

No	Changed Details	Date of change
0	[2014年10月21日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-0569

Summary	Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.
Publication Date	Oct. 15, 2014, 7:55 p.m.
Registration Date	Jan. 26, 2021, 3:05 p.m.
Last Update	Nov. 21, 2024, 11:02 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			11.2.202.406
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player:::::extended_support:::*			13.0.0.244
execution environment
1	cpe:2.3:o:apple:macos:-:::::::*
2	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::chrome::*			15.0.0.152
execution environment
1	cpe:2.3:o:apple:macos:-:::::::*
2	cpe:2.3:o:linux:linux_kernel:-:::::::*
3	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::*			15.0.0.167
cpe:2.3:a:adobe:flash_player::::::internet_explorer_10::*			15.0.0.167
execution environment
1	cpe:2.3:o:microsoft:windows_8:-:::::::*
2	cpe:2.3:o:microsoft:windows_8.1:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player_desktop_runtime::::::::			15.0.0.167
execution environment
1	cpe:2.3:o:apple:macos:-:::::::*
2	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:a:adobe:air_desktop_runtime::::::::			15.0.0.249
execution environment
1	cpe:2.3:o:apple:macos:-:::::::*
2	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration7		or higher	or less	more than	less than
cpe:2.3:a:adobe:air_sdk::::::::			15.0.0.249
execution environment
1	cpe:2.3:o:apple:iphone_os:-:::::::*
2	cpe:2.3:o:apple:macos:-:::::::*
3	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration8		or higher	or less	more than	less than
cpe:2.3:a:adobe:air_sdk::::::::			15.0.0.252
execution environment
1	cpe:2.3:o:google:android:-:::::::*

Configuration9	or higher	or less	more than	less than
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
cpe:2.3:o:opensuse:evergreen:11.4:::::::*
cpe:2.3:o:opensuse:opensuse:12.3:::::::*
cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://helpx.adobe.com/security/products/flash-player/apsb14-22.html	Patch Vendor Advisory
2	http://helpx.adobe.com/security/products/flash-player/apsb14-22.html	Patch Vendor Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html	Third Party Advisory
8	http://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html	Third Party Advisory
9	http://rhn.redhat.com/errata/RHSA-2014-1648.html	Broken Link
10	http://rhn.redhat.com/errata/RHSA-2014-1648.html	Broken Link
11	http://secunia.com/advisories/61980	Third Party Advisory
12	http://secunia.com/advisories/61980	Third Party Advisory
13	http://www.securityfocus.com/bid/70441	Third Party Advisory VDB Entry
14	http://www.securityfocus.com/bid/70441	Third Party Advisory VDB Entry
15	http://www.securitytracker.com/id/1031019	Third Party Advisory VDB Entry
16	http://www.securitytracker.com/id/1031019	Third Party Advisory VDB Entry
17	http://www.zerodayinitiative.com/advisories/ZDI-14-365/	Third Party Advisory VDB Entry
18	http://www.zerodayinitiative.com/advisories/ZDI-14-365/	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-190	整数オーバーフローまたはラップアラウンド	https://cwe.mitre.org/data/definitions/190.html