PT-2014-1362 · Adobe+3 · Air Sdk & Compiler+6

Published

2014-07-08

·

Updated

2014-08-05

·

CVE-2014-0539

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.231 Adobe Flash Player versions 14.x prior to 14.0.0.145 Adobe Flash Player version prior to 11.2.202.394 on Linux Adobe AIR versions prior to 14.0.0.137 on Android Adobe AIR SDK version prior to 14.0.0.137 Adobe AIR SDK & Compiler version prior to 14.0.0.137
Description The issue allows attackers to bypass intended access restrictions via unspecified vectors. This is a different issue than previously reported. The vulnerability in Adobe Flash Player, Adobe AIR, Adobe AIR SDK, and Adobe AIR SDK & Compiler enables attackers to bypass access restrictions.
Recommendations For Adobe Flash Player versions prior to 13.0.0.231, update to version 13.0.0.231 or later. For Adobe Flash Player versions 14.x prior to 14.0.0.145, update to version 14.0.0.145 or later. For Adobe Flash Player version prior to 11.2.202.394 on Linux, update to version 11.2.202.394 or later. For Adobe AIR versions prior to 14.0.0.137 on Android, update to version 14.0.0.137 or later. For Adobe AIR SDK version prior to 14.0.0.137, update to version 14.0.0.137 or later. For Adobe AIR SDK & Compiler version prior to 14.0.0.137, update to version 14.0.0.137 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-1934
BDU:2015-00222
BDU:2015-00301
CVE-2014-0539
MGASA-2014-0291
OPENSUSE-SU-2014_0903-1
OPENSUSE-SU-2014_0913-1
RHSA-2014:0860
RHSA-2014_0860

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse