PT-2014-3687 · Adobe+2 · Air Sdk & Compiler+5

Published

2014-11-11

·

Updated

2018-12-13

·

CVE-2014-0583

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.252 Adobe Flash Player versions 14.x Adobe Flash Player versions 15.x prior to 15.0.0.223 Adobe Flash Player version 11.2.202.418 and earlier on Linux Adobe AIR versions prior to 15.0.0.356 Adobe AIR SDK versions prior to 15.0.0.356 Adobe AIR SDK & Compiler versions prior to 15.0.0.356
Description A heap-based buffer overflow issue allows attackers to elevate integrity levels.
Recommendations For Adobe Flash Player versions prior to 13.0.0.252, update to version 13.0.0.252 or later. For Adobe Flash Player versions 14.x, update to version 15.0.0.223 or later. For Adobe Flash Player versions 15.x prior to 15.0.0.223, update to version 15.0.0.223 or later. For Adobe Flash Player version 11.2.202.418 and earlier on Linux, update to version 11.2.202.418 or later. For Adobe AIR versions prior to 15.0.0.356, update to version 15.0.0.356 or later. For Adobe AIR SDK versions prior to 15.0.0.356, update to version 15.0.0.356 or later. For Adobe AIR SDK & Compiler versions prior to 15.0.0.356, update to version 15.0.0.356 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-2342
CVE-2014-0583
MGASA-2014-0448
OPENSUSE-SU-2014_1444-1

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Suse