CVE-2014-0557
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
10/09/2014
Last modified:
12/04/2025
Description
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 11.2.202.400 (including) | |
| cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
- http://secunia.com/advisories/61089
- http://security.gentoo.org/glsa/glsa-201409-05.xml
- http://www.securityfocus.com/bid/69701
- http://www.securitytracker.com/id/1030822
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95827
- http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
- http://secunia.com/advisories/61089
- http://security.gentoo.org/glsa/glsa-201409-05.xml
- http://www.securityfocus.com/bid/69701
- http://www.securitytracker.com/id/1030822
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95827