CVE-2014-0492 — Adobe AIR vulnerability

CWE-2645 documents5 sources

Severity

10.0CRITICALNVD

EPSS

3.2%

top 12.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe AIR SDK Adobe Flash Player

Timeline

PublishedJan 15

Latest updateMay 14

Description

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDadobe/flash_player11.0 — 11.7.700.260+3

▶NVDadobe/adobe_air< 4.0.0.1390

▶NVDadobe/adobe_air_sdk< 4.0.0.1390

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-v6f9-7489-xwrq: Adobe Flash Player before 11↗2022-05-14

▶

CVEList

CVE-2014-0492: Adobe Flash Player before 11↗2014-01-15

▶

📋Vendor Advisories

Red Hat

flash-plugin: memory address layout randomization defeat (APSB14-02)↗2014-01-14

▶

💬Community

Bugzilla

CVE-2014-0492 flash-plugin: memory address layout randomization defeat (APSB14-02)↗2014-01-14

▶