10
CVSSv2

CVE-2014-0544

Published: 12/08/2014 Updated: 07/01/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player prior to 13.0.0.241 and 14.x prior to 14.0.0.176 on Windows and OS X and prior to 11.2.202.400 on Linux, Adobe AIR prior to 14.0.0.178 on Windows and OS X and prior to 14.0.0.179 on Android, Adobe AIR SDK prior to 14.0.0.178, and Adobe AIR SDK & Compiler prior to 14.0.0.178 do not properly restrict discovery of memory addresses, which allows malicious users to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545.

Affected Products

Vendor Product Versions
AdobeAdobe Air13.0.0.83, 13.0.0.111, 14.0.0.110, 14.0.0.137
AdobeAdobe Air Sdk13.0.0.83, 13.0.0.111, 14.0.0.110, 14.0.0.137
AdobeFlash Player11.2.202.223, 11.2.202.228, 11.2.202.233, 11.2.202.235, 11.2.202.236, 11.2.202.238, 11.2.202.243, 11.2.202.251, 11.2.202.258, 11.2.202.261, 11.2.202.262, 11.2.202.270, 11.2.202.273, 11.2.202.275, 11.2.202.280, 11.2.202.285, 11.2.202.291, 11.2.202.297, 11.2.202.310, 11.2.202.332, 11.2.202.335, 11.2.202.336, 11.2.202.341, 11.2.202.346, 11.2.202.350, 11.2.202.356, 11.2.202.359, 11.2.202.378, 11.2.202.394, 13.0.0.182, 13.0.0.201, 13.0.0.206, 13.0.0.214, 13.0.0.223, 13.0.0.231, 14.0.0.125, 14.0.0.145

Github Repositories

OVAL vulnerability scan The Red Hat Security Response Team provides OVAL definitions for all vulnerabilities (identified by CVE name) that affect RHEL This enables users to perform a vulnerability scan and diagnose whether the system is vulnerable This repo contains a script to download the latest OVAL definitions from Red Hat and perform a vulnerability scan against a system