CVE-2014-0491 — Adobe AIR vulnerability

CWE-2645 documents5 sources

Severity

10.0CRITICALNVD

EPSS

2.2%

top 15.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe AIR SDK Adobe Flash Player

Timeline

PublishedJan 15

Latest updateMay 14

Description

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDadobe/flash_player11.0 — 11.7.700.260+3

▶NVDadobe/adobe_air< 4.0.0.1390

▶NVDadobe/adobe_air_sdk< 4.0.0.1390

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-xr84-5jch-8gg9: Adobe Flash Player before 11↗2022-05-14

▶

CVEList

CVE-2014-0491: Adobe Flash Player before 11↗2014-01-15

▶

📋Vendor Advisories

Red Hat

flash-plugin: security protection bypass (APSB14-02)↗2014-01-14

▶

💬Community

Bugzilla

CVE-2014-0491 flash-plugin: security protection bypass (APSB14-02)↗2014-01-14

▶