VIR Vulnerability Intelligence Relay

CVE-2014-0557

critical
Published 2014-09-10 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://helpx.adobe.com/security/products/flash-player/apsb14-21.html

OS impact
OSVersionStatusFixed in
linux linux-kernelnot-affected
macos macosnot-affected

Application impact
VendorProductVersionsFixed
adobeflash_player{"endIncluding":"11.2.202.400"}
adobeflash_player11.2.202.223
adobeflash_player11.2.202.228
adobeflash_player11.2.202.233
adobeflash_player11.2.202.235
adobeflash_player11.2.202.236
adobeflash_player11.2.202.238
adobeflash_player11.2.202.243
adobeflash_player11.2.202.251
adobeflash_player11.2.202.258
adobeflash_player11.2.202.261
adobeflash_player11.2.202.262
adobeflash_player11.2.202.270
adobeflash_player11.2.202.273
adobeflash_player11.2.202.275
adobeflash_player11.2.202.280
adobeflash_player11.2.202.285
adobeflash_player11.2.202.291
adobeflash_player11.2.202.297
adobeflash_player11.2.202.310
adobeflash_player11.2.202.332
adobeflash_player11.2.202.335
adobeflash_player11.2.202.336
adobeflash_player11.2.202.341
adobeflash_player11.2.202.346
adobeflash_player11.2.202.350
adobeflash_player11.2.202.356
adobeflash_player11.2.202.359
adobeflash_player11.2.202.378
adobeflash_player11.2.202.394
adobeflash_player13.0.0.182
adobeflash_player13.0.0.201
adobeflash_player13.0.0.206
adobeflash_player13.0.0.214
adobeflash_player13.0.0.223
adobeflash_player13.0.0.231
adobeflash_player14.0.0.125
adobeflash_player14.0.0.145
adobeflash_player14.0.0.176
adobeflash_player14.0.0.179
adobeflash_player15.0.0.144
adobeadobe_air_sdk{"endIncluding":"14.0.0.178"}
adobeadobe_air_sdk13.0.0.83
adobeadobe_air_sdk13.0.0.111
adobeadobe_air_sdk14.0.0.110
adobeadobe_air_sdk14.0.0.137
adobeadobe_air{"endIncluding":"14.0.0.178"}
adobeadobe_air13.0.0.83
adobeadobe_air13.0.0.111
adobeadobe_air14.0.0.110
adobeadobe_air14.0.0.137

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.