PT-2014-3658 · Adobe+3 · Air Sdk & Compiler+6

Published

2014-01-15

·

Updated

2018-12-13

·

CVE-2014-0492

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 11.7.700.260 and 11.8.x and 11.9.x prior to 12.0.0.38 on Windows and Mac OS X and prior to 11.2.202.335 on Linux Adobe AIR versions prior to 4.0.0.1390 Adobe AIR SDK versions prior to 4.0.0.1390 Adobe AIR SDK & Compiler versions prior to 4.0.0.1390
Description The issue allows attackers to defeat the ASLR protection mechanism by leveraging an "address leak." This could potentially lead to exploitation.
Recommendations For Adobe Flash Player versions prior to 11.7.700.260, update to version 11.7.700.260 or later. For Adobe Flash Player versions 11.8.x and 11.9.x prior to 12.0.0.38, update to version 12.0.0.38 or later. For Adobe Flash Player prior to 11.2.202.335 on Linux, update to version 11.2.202.335 or later. For Adobe AIR versions prior to 4.0.0.1390, update to version 4.0.0.1390 or later. For Adobe AIR SDK versions prior to 4.0.0.1390, update to version 4.0.0.1390 or later. For Adobe AIR SDK & Compiler versions prior to 4.0.0.1390, update to version 4.0.0.1390 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-1089
CVE-2014-0492
MGASA-2014-0029
OPENSUSE-SU-2014_0128-1
RHSA-2014:0028
RHSA-2014_0028
ZDI-14-014

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse