CVE-2014-0557

CWE-2647 documents6 sources

Severity

10.0CRITICAL

EPSS

2.5%

top 14.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Adobe AIR Adobe Adobe AIR SDK Adobe Flash Player

Timeline

PublishedSep 10

Latest updateMay 17

Description

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDadobe/flash_player11.2.202.400+41

▶NVDadobe/adobe_air14.0.0.178+5

▶NVDadobe/adobe_air_sdk14.0.0.178+4

▶Ubuntuflashplugin-nonfree< 11.2.202.406ubuntu0.14.04.1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-jwr6-x473-7g7f: Adobe Flash Player before 13↗2022-05-17

▶

CVEList

CVE-2014-0557: Adobe Flash Player before 13↗2014-09-10

▶

OSV

CVE-2014-0557: Adobe Flash Player before 13↗2014-09-10

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution or security bypass flaws (APSB14-21)↗2014-09-09

▶

💬Community

Bugzilla

CVE-2014-0547 CVE-2014-0549 CVE-2014-0550 CVE-2014-0551 CVE-2014-0552 CVE-2014-0553 CVE-2014-0554 CVE-2014-0555 CVE-2014-0556 CVE-2014-0557 CVE-2014-0559 flash-plugin: multiple code execution or secur↗2014-09-09

▶

Bugzilla

CVE-2014-2672 kernel: ath9k: tid->sched race in ath_tx_aggr_sleep()↗2014-04-01

▶