CVE-2014-0553 — Adobe AIR vulnerability

6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.6%

top 18.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe AIR SDK Adobe Flash Player +2 more

Timeline

PublishedSep 10

Latest updateMay 14

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDadobe/flash_player13.0.0.241+41

▶NVDadobe/adobe_air14.0.0.179+5

▶NVDadobe/adobe_air_sdk14.0.0.178+4

▶NVDsuse/suse_linux_enterprise_desktop11.0

▶NVDopensuse/opensuse11.4, 12.3, 13.1+2

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-6fxv-8xp9-724h: Use-after-free vulnerability in Adobe Flash Player before 13↗2022-05-14

▶

CVEList

CVE-2014-0553: Use-after-free vulnerability in Adobe Flash Player before 13↗2014-09-10

▶

OSV

CVE-2014-0553: Use-after-free vulnerability in Adobe Flash Player before 13↗2014-09-10

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution or security bypass flaws (APSB14-21)↗2014-09-09

▶

💬Community

Bugzilla

CVE-2014-0547 CVE-2014-0549 CVE-2014-0550 CVE-2014-0551 CVE-2014-0552 CVE-2014-0553 CVE-2014-0554 CVE-2014-0555 CVE-2014-0556 CVE-2014-0557 CVE-2014-0559 flash-plugin: multiple code execution or secur↗2014-09-09

▶