VIR Vulnerability Intelligence Relay

CVE-2014-0564

critical
Published 2014-10-15 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://helpx.adobe.com/security/products/flash-player/apsb14-22.html

OS impact
OSVersionStatusFixed in
macos macos-not-affected
linux linux-kernel-not-affected
windows windows-not-affected
suse suse12.3affected
suse suse13.1affected
suse suse11affected

Application impact
VendorProductVersionsFixed
adobeflash_player{"endIncluding":"11.2.202.406"}
adobeflash_player_desktop_runtime{"endIncluding":"15.0.0.167"}
adobeair_desktop_runtime{"endIncluding":"15.0.0.249"}
adobeair_sdk{"endIncluding":"15.0.0.249"}

References

Verify integrity in audit chain (admin only). AS-IS.