PT-2014-3671 · Adobe+4 · Air Sdk & Compiler+7

Published

2014-03-27

·

Updated

2017-12-16

·

CVE-2014-0506

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 11.7.700.275 Adobe Flash Player versions 11.8.x through 13.0.x prior to 13.0.0.182 Adobe Flash Player version prior to 11.2.202.350 on Linux Adobe AIR versions prior to 13.0.0.83 on Android Adobe AIR SDK versions prior to 13.0.0.83 Adobe AIR SDK & Compiler versions prior to 13.0.0.83
Description A use-after-free issue allows remote attackers to execute arbitrary code and possibly bypass an Internet Explorer sandbox protection mechanism via unspecified vectors. This was demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
Recommendations For Adobe Flash Player versions prior to 11.7.700.275, update to version 11.7.700.275 or later. For Adobe Flash Player versions 11.8.x through 13.0.x, update to version 13.0.0.182 or later. For Adobe Flash Player version prior to 11.2.202.350 on Linux, update to version 11.2.202.350 or later. For Adobe AIR versions prior to 13.0.0.83 on Android, update to version 13.0.0.83 or later. For Adobe AIR SDK versions prior to 13.0.0.83, update to version 13.0.0.83 or later. For Adobe AIR SDK & Compiler versions prior to 13.0.0.83, update to version 13.0.0.83 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2014-1482
CVE-2014-0506
MGASA-2014-0169
RHSA-2014:0380
RHSA-2014_0380
SUSE-SU-2014_0535-1
ZDI-14-092

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Internet Explorer
Red Hat
Suse