Vigil@nce - Adobe Flash Player: multiple vulnerabilities
July 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux
Enterprise Desktop, SLES
Severity: 2/4
Creation date: 08/07/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Adobe Flash Player.
An attacker can use JSONP, in order to execute JavaScript code in
the context of the web site. [severity:2/4; CVE-2014-4671]
An attacker can bypass a security feature, in order to escalate
his privileges. [severity:2/4; CVE-2014-0537]
An attacker can bypass a security feature, in order to escalate
his privileges. [severity:2/4; CVE-2014-0539]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Adobe-Flash-Player-multiple-vulnerabilities-15005