PT-2014-2026 · Adobe+3 · Flash Player+6
Kafeine
·
Published
2014-10-14
·
Updated
2025-02-14
·
CVE-2014-8439
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions prior to 13.0.0.258
Adobe Flash Player versions 14.x and 15.x prior to 15.0.0.239
Adobe Flash Player version prior to 11.2.202.424 on Linux
Adobe AIR version prior to 15.0.0.293
Adobe AIR SDK version prior to 15.0.0.302
Adobe AIR SDK & Compiler version prior to 15.0.0.302
Description
The issue is related to a buffer overflow operation that can be exploited by a remote attacker to execute arbitrary code or cause a denial of service through unspecified vectors. This can lead to the execution of arbitrary code or a denial of service due to an invalid pointer dereference.
Recommendations
For Adobe Flash Player versions prior to 13.0.0.258, update to version 13.0.0.258 or later.
For Adobe Flash Player versions 14.x and 15.x prior to 15.0.0.239, update to version 15.0.0.239 or later.
For Adobe Flash Player version prior to 11.2.202.424 on Linux, update to version 11.2.202.424 or later.
For Adobe AIR version prior to 15.0.0.293, update to version 15.0.0.293 or later.
For Adobe AIR SDK version prior to 15.0.0.302, update to version 15.0.0.302 or later.
For Adobe AIR SDK & Compiler version prior to 15.0.0.302, update to version 15.0.0.302 or later.
Fix
DoS
Buffer Overflow
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse