Published: 12/08/2014 Updated: 07/01/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player prior to and 14.x prior to on Windows and OS X and prior to on Linux, Adobe AIR prior to on Windows and OS X and prior to on Android, Adobe AIR SDK prior to, and Adobe AIR SDK & Compiler prior to do not properly restrict discovery of memory addresses, which allows malicious users to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545.

Affected Products

Vendor Product Versions
AdobeAdobe Air13.0.0.83,,,
AdobeAdobe Air Sdk13.0.0.83,,,
AdobeFlash Player11.2.202.223,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Github Repositories

OVAL vulnerability scan The Red Hat Security Response Team provides OVAL definitions for all vulnerabilities (identified by CVE name) that affect RHEL This enables users to perform a vulnerability scan and diagnose whether the system is vulnerable This repo contains a script to download the latest OVAL definitions from Red Hat and perform a vulnerability scan against a system