CVE-2014-0557

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
adobeflash_player
𝑥
≤ 11.2.202.400
adobeflash_player
11.2.202.223
adobeflash_player
11.2.202.228
adobeflash_player
11.2.202.233
adobeflash_player
11.2.202.235
adobeflash_player
11.2.202.236
adobeflash_player
11.2.202.238
adobeflash_player
11.2.202.243
adobeflash_player
11.2.202.251
adobeflash_player
11.2.202.258
adobeflash_player
11.2.202.261
adobeflash_player
11.2.202.262
adobeflash_player
11.2.202.270
adobeflash_player
11.2.202.273
adobeflash_player
11.2.202.275
adobeflash_player
11.2.202.280
adobeflash_player
11.2.202.285
adobeflash_player
11.2.202.291
adobeflash_player
11.2.202.297
adobeflash_player
11.2.202.310
adobeflash_player
11.2.202.332
adobeflash_player
11.2.202.335
adobeflash_player
11.2.202.336
adobeflash_player
11.2.202.341
adobeflash_player
11.2.202.346
adobeflash_player
11.2.202.350
adobeflash_player
11.2.202.356
adobeflash_player
11.2.202.359
adobeflash_player
11.2.202.378
adobeflash_player
11.2.202.394
adobeflash_player
𝑥
≤ 13.0.0.241
adobeflash_player
13.0.0.182
adobeflash_player
13.0.0.201
adobeflash_player
13.0.0.206
adobeflash_player
13.0.0.214
adobeflash_player
13.0.0.223
adobeflash_player
13.0.0.231
adobeflash_player
14.0.0.125
adobeflash_player
14.0.0.145
adobeflash_player
14.0.0.176
adobeflash_player
14.0.0.179
adobeflash_player
15.0.0.144
adobeadobe_air_sdk
𝑥
≤ 14.0.0.178
adobeadobe_air_sdk
13.0.0.83
adobeadobe_air_sdk
13.0.0.111
adobeadobe_air_sdk
14.0.0.110
adobeadobe_air_sdk
14.0.0.137
adobeadobe_air
𝑥
≤ 14.0.0.178
adobeadobe_air
13.0.0.83
adobeadobe_air
13.0.0.111
adobeadobe_air
14.0.0.110
adobeadobe_air
14.0.0.137
adobeadobe_air
𝑥
≤ 14.0.0.179
adobeadobe_air
13.0.0.83
adobeadobe_air
13.0.0.111
adobeadobe_air
14.0.0.110
adobeadobe_air
14.0.0.137
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
trusty
Fixed 11.2.202.406-0trusty1
released
precise
Fixed 11.2.202.406-0precise1
released
lucid
ignored
flashplugin-nonfree
trusty
Fixed 11.2.202.406ubuntu0.14.04.1
released
precise
Fixed 11.2.202.406ubuntu0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
http://secunia.com/advisories/61089
http://security.gentoo.org/glsa/glsa-201409-05.xml
http://www.securityfocus.com/bid/69701
http://www.securitytracker.com/id/1030822
https://exchange.xforce.ibmcloud.com/vulnerabilities/95827
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00021.html
http://secunia.com/advisories/61089
http://security.gentoo.org/glsa/glsa-201409-05.xml
http://www.securityfocus.com/bid/69701
http://www.securitytracker.com/id/1030822
https://exchange.xforce.ibmcloud.com/vulnerabilities/95827