Strix
26.1K

CVE-2014-0533

UnknownEPSS 3.73%

Last modified

CVE-2014-0533 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532.. EPSS estimates a 3.73% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532.

Metrics

EPSS Probability
3.73%

88.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AdobeFlash Player<= 13.0.0.214
AdobeFlash Player13.0.0.182
AdobeFlash Player13.0.0.201
AdobeFlash Player13.0.0.206
AdobeAdobe Air Sdk<= 13.0.0.111
AdobeAdobe Air Sdk13.0.0.83
AdobeFlash Player<= 11.2.202.359
AdobeFlash Player11.2.202.223
AdobeFlash Player11.2.202.228
AdobeFlash Player11.2.202.233
AdobeFlash Player11.2.202.235
AdobeFlash Player11.2.202.236
AdobeFlash Player11.2.202.238
AdobeFlash Player11.2.202.243
AdobeFlash Player11.2.202.251
AdobeFlash Player11.2.202.258
AdobeFlash Player11.2.202.261
AdobeFlash Player11.2.202.262
AdobeFlash Player11.2.202.270
AdobeFlash Player11.2.202.273
AdobeFlash Player11.2.202.275
AdobeFlash Player11.2.202.280
AdobeFlash Player11.2.202.285
AdobeFlash Player11.2.202.291
AdobeFlash Player11.2.202.297
AdobeFlash Player11.2.202.310
AdobeFlash Player11.2.202.332
AdobeFlash Player11.2.202.335
AdobeFlash Player11.2.202.336
AdobeFlash Player11.2.202.341
AdobeFlash Player11.2.202.346
AdobeFlash Player11.2.202.350
AdobeFlash Player11.2.202.356
AdobeAdobe Air<= 13.0.0.111
AdobeAdobe Air13.0.0.83

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-0533?
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532.
How severe is CVE-2014-0533?
Severity scoring for CVE-2014-0533 is pending analysis. The EPSS model estimates a 3.73% probability of exploitation in the next 30 days.
How do I fix CVE-2014-0533?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0533?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST