7.8
CVSSv2

CVE-2014-0499

Published: 21/02/2014 Updated: 13/12/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Summary

Adobe Flash Player prior to 11.7.700.269 and 11.8.x through 12.0.x prior to 12.0.0.70 on Windows and Mac OS X and prior to 11.2.202.341 on Linux, Adobe AIR prior to 4.0.0.1628 on Android, Adobe AIR SDK prior to 4.0.0.1628, and Adobe AIR SDK & Compiler prior to 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeAdobe Air-, 1.0, 1.0.1, 1.0.8.4990, 1.0.4990, 1.1, 1.1.0.5790, 1.5, 1.5.0.7220, 1.5.1, 1.5.1.8210, 1.5.2, 1.5.3, 1.5.3.9120, 1.5.3.9130, 2.0.2, 2.0.2.12610, 2.0.3, 2.0.3.13070, 2.0.4, 2.5.0.16600, 2.5.1.17730, 2.6, 2.6.0.19120, 2.6.0.19140, 2.7, 2.7.0.1948, 2.7.0.1953, 2.7.0.19480, 2.7.0.19530, 2.7.1, 2.7.1.19610, 3.0.0.408, 3.0.0.4080, 3.1.0.485, 3.1.0.488, 3.1.0.4880, 3.2.0.207, 3.2.0.2070, 3.3.0.3670, 3.4.0.2540, 3.4.0.2710, 3.5.0.600, 3.5.0.880, 3.5.0.890, 3.5.0.1060, 3.6.0.597, 3.6.0.6090, 3.7.0.1530, 3.7.0.1860, 3.7.0.2090, 3.8.0.870, 3.8.0.910, 3.9.0.1030, 3.9.0.1060, 3.9.0.1210, 3.9.0.1380, 4.0.0.1390
AdobeAdobe Air Sdk3.0.0.4080, 3.1.0.488, 3.2.0.2070, 3.3.0.3650, 3.3.0.3690, 3.4.0.2540, 3.4.0.2710, 3.5.0.600, 3.5.0.880, 3.5.0.890, 3.5.0.1060, 3.6.0.599, 3.6.0.6090, 3.7.0.1530, 3.7.0.1860, 3.7.0.2090, 3.8.0.870, 3.8.0.910, 3.8.0.1430, 3.9.0.1030, 3.9.0.1210, 3.9.0.1380, 4.0.0.1390
AdobeFlash Player11.0, 11.0.1.152, 11.0.1.153, 11.1, 11.1.102.55, 11.1.102.59, 11.1.102.62, 11.1.102.63, 11.1.111.8, 11.1.111.44, 11.1.111.50, 11.1.111.54, 11.1.111.64, 11.1.111.73, 11.1.115.7, 11.1.115.34, 11.1.115.48, 11.1.115.54, 11.1.115.58, 11.1.115.59, 11.1.115.63, 11.1.115.69, 11.1.115.81, 11.2.202.223, 11.2.202.228, 11.2.202.233, 11.2.202.235, 11.2.202.236, 11.2.202.238, 11.2.202.243, 11.2.202.251, 11.2.202.258, 11.2.202.261, 11.2.202.262, 11.2.202.270, 11.2.202.273, 11.2.202.275, 11.2.202.280, 11.2.202.285, 11.2.202.291, 11.2.202.297, 11.2.202.310, 11.2.202.327, 11.2.202.332, 11.2.202.335, 11.2.202.336, 11.2.202.341, 11.2.202.346, 11.2.202.350, 11.2.202.356, 11.2.202.359, 11.2.202.378, 11.2.202.394, 11.2.202.411, 11.2.202.418, 11.2.202.424, 11.2.202.425, 11.2.202.429, 11.2.202.438, 11.2.202.440, 11.2.202.442, 11.2.202.451, 11.2.202.460, 11.2.202.466, 11.2.202.468, 11.2.202.475, 11.2.202.491, 11.2.202.535, 11.2.202.548, 11.2.202.554, 11.2.202.559, 11.2.202.569, 11.2.202.577, 11.2.202.626, 11.2.202.632, 11.2.202.637, 11.3.300.257, 11.3.300.262, 11.3.300.265, 11.3.300.268, 11.3.300.270, 11.3.300.271, 11.3.300.273, 11.4.402.265, 11.4.402.278, 11.4.402.287, 11.5.502.110, 11.5.502.135, 11.5.502.136, 11.5.502.146, 11.5.502.149, 11.6.602.167, 11.6.602.168, 11.6.602.171, 11.6.602.180, 11.7.700.169, 11.7.700.202, 11.7.700.203, 11.7.700.224, 11.7.700.225, 11.7.700.232, 11.7.700.242, 11.7.700.252, 11.7.700.257, 11.7.700.260, 11.7.700.261, 11.8.800.94, 11.8.800.97, 11.8.800.168, 11.9.900.117, 11.9.900.152, 11.9.900.170, 12.0.0.38, 12.0.0.41, 12.0.0.43, 12.0.0.44

Vendor Advisories

Adobe Flash Player before 117700269 and 118x through 120x before 120070 on Windows and Mac OS X and before 112202341 on Linux, Adobe AIR before 4001628 on Android, Adobe AIR SDK before 4001628, and Adobe AIR SDK & Compiler before 4001628 do not prevent access to address information, which makes it easier for attackers to b ...

Recent Articles

New Flash vuln exploited (again). Adobe posts emergency fix (again)
The Register • Shaun Nichols in San Francisco • 20 Feb 2014

Miscreants attack fresh hole ... Windows, Mac, Linux peeps at risk

Adobe has released an update to address critical flaws in its Flash Player software, one of which is being actively targeted in the wild.
The company said that the Windows and Mac OS X builds of Flash Player 12.0.0.44 and earlier, and Flash Player 11.2.202.336 and earlier for Linux, must be upgraded to fix a trio of bugs.
Adobe said today's update will "resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498)", fix "a memory leak vulnerabil...