10
CVSSv2

CVE-2014-0491

Published: 15/01/2014 Updated: 13/12/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player prior to 11.7.700.260 and 11.8.x and 11.9.x prior to 12.0.0.38 on Windows and Mac OS X and prior to 11.2.202.335 on Linux, Adobe AIR prior to 4.0.0.1390, Adobe AIR SDK prior to 4.0.0.1390, and Adobe AIR SDK & Compiler prior to 4.0.0.1390 allow malicious users to bypass unspecified protection mechanisms via unknown vectors.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeAdobe Air-, 1.0, 1.0.1, 1.0.8.4990, 1.0.4990, 1.1, 1.1.0.5790, 1.5, 1.5.0.7220, 1.5.1, 1.5.1.8210, 1.5.2, 1.5.3, 1.5.3.9120, 1.5.3.9130, 2.0.2, 2.0.2.12610, 2.0.3, 2.0.3.13070, 2.0.4, 2.5.0.16600, 2.5.1.17730, 2.6, 2.6.0.19120, 2.6.0.19140, 2.7, 2.7.0.1948, 2.7.0.1953, 2.7.0.19480, 2.7.0.19530, 2.7.1, 2.7.1.19610, 3.0.0.408, 3.0.0.4080, 3.1.0.485, 3.1.0.488, 3.1.0.4880, 3.2.0.207, 3.2.0.2070, 3.3.0.3670, 3.4.0.2540, 3.4.0.2710, 3.5.0.600, 3.5.0.880, 3.5.0.890, 3.5.0.1060, 3.6.0.597, 3.6.0.6090, 3.7.0.1530, 3.7.0.1860, 3.7.0.2090, 3.8.0.870, 3.8.0.910, 3.9.0.1030, 3.9.0.1060, 3.9.0.1210, 3.9.0.1380
AdobeAdobe Air Sdk3.0.0.4080, 3.1.0.488, 3.2.0.2070, 3.3.0.3650, 3.3.0.3690, 3.4.0.2540, 3.4.0.2710, 3.5.0.600, 3.5.0.880, 3.5.0.890, 3.5.0.1060, 3.6.0.599, 3.6.0.6090, 3.7.0.1530, 3.7.0.1860, 3.7.0.2090, 3.8.0.870, 3.8.0.910, 3.8.0.1430, 3.9.0.1030, 3.9.0.1210, 3.9.0.1380
AdobeFlash Player11.0, 11.0.1.152, 11.0.1.153, 11.1, 11.1.102.55, 11.1.102.59, 11.1.102.62, 11.1.102.63, 11.1.111.8, 11.1.111.13, 11.1.111.44, 11.1.111.50, 11.1.111.54, 11.1.111.64, 11.1.111.73, 11.1.115.7, 11.1.115.34, 11.1.115.48, 11.1.115.54, 11.1.115.58, 11.1.115.59, 11.1.115.63, 11.1.115.69, 11.1.115.81, 11.2.202.223, 11.2.202.228, 11.2.202.233, 11.2.202.235, 11.2.202.236, 11.2.202.238, 11.2.202.243, 11.2.202.251, 11.2.202.258, 11.2.202.261, 11.2.202.262, 11.2.202.270, 11.2.202.273, 11.2.202.275, 11.2.202.280, 11.2.202.285, 11.2.202.291, 11.2.202.297, 11.2.202.310, 11.2.202.327, 11.2.202.332, 11.2.202.335, 11.2.202.336, 11.2.202.341, 11.2.202.346, 11.2.202.350, 11.2.202.356, 11.2.202.359, 11.2.202.378, 11.2.202.394, 11.2.202.400, 11.2.202.406, 11.2.202.411, 11.2.202.418, 11.2.202.424, 11.2.202.425, 11.2.202.429, 11.2.202.438, 11.2.202.440, 11.2.202.442, 11.2.202.451, 11.2.202.457, 11.2.202.460, 11.2.202.466, 11.2.202.468, 11.2.202.475, 11.2.202.481, 11.2.202.491, 11.2.202.508, 11.2.202.521, 11.2.202.535, 11.2.202.540, 11.2.202.548, 11.2.202.554, 11.2.202.559, 11.2.202.569, 11.2.202.577, 11.2.202.616, 11.2.202.621, 11.2.202.626, 11.2.202.632, 11.2.202.635, 11.2.202.637, 11.2.202.643, 11.2.202.644, 11.3.300.257, 11.3.300.262, 11.3.300.265, 11.3.300.268, 11.3.300.270, 11.3.300.271, 11.3.300.273, 11.4.402.265, 11.4.402.278, 11.4.402.287, 11.5.502.110, 11.5.502.135, 11.5.502.136, 11.5.502.146, 11.5.502.149, 11.6.602.167, 11.6.602.168, 11.6.602.171, 11.6.602.180, 11.7.700.169, 11.7.700.202, 11.7.700.203, 11.7.700.224, 11.7.700.225, 11.7.700.232, 11.7.700.242, 11.7.700.252, 11.7.700.257, 11.8.800.94, 11.8.800.97, 11.8.800.168, 11.8.800.174, 11.9.900.117, 11.9.900.152, 11.9.900.170, 11.9.900.700

Vendor Advisories

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes two security issues is nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticals ...
Adobe Flash Player before 117700260 and 118x and 119x before 120038 on Windows and Mac OS X and before 112202335 on Linux, Adobe AIR before 4001390, Adobe AIR SDK before 4001390, and Adobe AIR SDK & Compiler before 4001390 allow attackers to bypass unspecified protection mechanisms via unknown vectors ...

Recent Articles

Adobe’s First Patch Tuesday of 2014
Securelist • Roel Schouwenberg • 14 Jan 2014

This month’s Adobe Patch Tuesday release sees fixes for Flash Player, Acrobat and Reader. All vulnerabilities get the highest priority rating. This means future exploits are likely.

The Flash Player bulletin was only announced today. CVE-2014-0491 and CVE-2014-0492 both concern remote code execution vulnerabilities.
CVE-2014-0493, CVE-2014-0495 and CVE-2014-0496 affect Acrobat and Reader. These CVEs also concern remote code execution vulnerabilities. All of this month’s...

Adobe Updates Security for Flash, Reader, Acrobat
Threatpost • Brian Donohue • 14 Jan 2014

Adobe has issued security bulletins addressing five critical vulnerabilities in its Flash, Reader and Acrobat Players that could give attackers the ability to cause crashes and wrest control of affected machines.
Adobe claims it is not aware of any in-the-wild exploits targeting these bugs.
CVE-2014-0491 and CVE-2014-0492, reported by Masato Kinugawa and the Zero Day Initiative respectively, resolve problems in Adobe Flash and AIR. Users will need to update Flash Player 11.9.900.170 ...