CVE-2014-0499

Name: CVE-2014-0499
Creator: NVD / NIST
Published: 2014-02-21T05:07:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.71%

Last modified Jun 17, 2026

CVE-2014-0499 is a vulnerability of currently unknown severity. Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.. EPSS estimates a 3.71% chance of exploitation in the next 30 days.

Description

Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.

Metrics

EPSS Probability

3.71%

88.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Adobe	Flash Player	>= 11.0, < 11.7.700.269
Adobe	Flash Player	>= 11.8, < 11.8.800.175
Adobe	Flash Player	>= 11.9, < 12.0.0.70
Adobe	Adobe Air Sdk	< 4.0.0.1628
Adobe	Flash Player	>= 11.0, < 11.2.202.341
Adobe	Adobe Air	< 4.0.0.1628

References

http://helpx.adobe.com/security/products/flash-player/apsb14-07.htmlPatch, Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0196.htmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-201405-04.xmlThird Party Advisory
http://helpx.adobe.com/security/products/flash-player/apsb14-07.htmlPatch, Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0196.htmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-201405-04.xmlThird Party Advisory

Timeline

Published: Feb 21, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-0499?

How severe is CVE-2014-0499?

Severity scoring for CVE-2014-0499 is pending analysis. The EPSS model estimates a 3.71% probability of exploitation in the next 30 days.

How do I fix CVE-2014-0499?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0499?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST