PT-2014-3664 · Adobe+3 · Air Sdk & Compiler+6

Published

2014-02-21

·

Updated

2018-12-13

·

CVE-2014-0499

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 Adobe Flash Player version prior to 11.2.202.341 on Linux Adobe AIR versions prior to 4.0.0.1628 on Android Adobe AIR SDK versions prior to 4.0.0.1628 Adobe AIR SDK & Compiler versions prior to 4.0.0.1628
Description The issue makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors, as the software does not prevent access to address information.
Recommendations For Adobe Flash Player versions prior to 11.7.700.269, update to version 11.7.700.269 or later. For Adobe Flash Player versions 11.8.x through 12.0.x, update to version 12.0.0.70 or later. For Adobe Flash Player on Linux, update to version 11.2.202.341 or later. For Adobe AIR on Android, update to version 4.0.0.1628 or later. For Adobe AIR SDK, update to version 4.0.0.1628 or later. For Adobe AIR SDK & Compiler, update to version 4.0.0.1628 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-1229
CVE-2014-0499
MGASA-2014-0091
OPENSUSE-SU-2014_0277-1
OPENSUSE-SU-2014_0278-1
RHSA-2014:0196
RHSA-2014_0196

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse