Rapid7 Vulnerability & Exploit Database

APSB14-18: Security updates available for Adobe Flash Player (CVE-2014-0542)

Back to Search

APSB14-18: Security updates available for Adobe Flash Player (CVE-2014-0542)

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/12/2014
Created
07/25/2018
Added
08/12/2014
Modified
08/15/2014

Description

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545.

Solution(s)

  • adobe-flash-upgrade-11_2_202_400-linux
  • adobe-flash-upgrade-13_0_0_241-macos
  • adobe-flash-upgrade-13_0_0_241-windows
  • adobe-flash-upgrade-14_0_0_176-macos
  • adobe-flash-upgrade-14_0_0_176-windows

References

  • adobe-flash-upgrade-11_2_202_400-linux
  • adobe-flash-upgrade-13_0_0_241-macos
  • adobe-flash-upgrade-13_0_0_241-windows
  • adobe-flash-upgrade-14_0_0_176-macos
  • adobe-flash-upgrade-14_0_0_176-windows

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;