Strix
26.1K

CVE-2014-0553

UnknownEPSS 9.32%

Last modified

CVE-2014-0553 is a vulnerability of currently unknown severity. Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors.. EPSS estimates a 9.32% chance of exploitation in the next 30 days.

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors.

Metrics

EPSS Probability
9.32%

94.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
AdobeAdobe Air Sdk<= 14.0.0.178
AdobeAdobe Air Sdk13.0.0.83
AdobeAdobe Air Sdk13.0.0.111
AdobeAdobe Air Sdk14.0.0.110
AdobeAdobe Air Sdk14.0.0.137
OpensuseOpensuse11.4
OpensuseOpensuse12.3
OpensuseOpensuse13.1
SuseSuse Linux Enterprise Desktop11.0Sp3
AdobeFlash Player<= 13.0.0.241
AdobeFlash Player13.0.0.182
AdobeFlash Player13.0.0.201
AdobeFlash Player13.0.0.206
AdobeFlash Player13.0.0.214
AdobeFlash Player13.0.0.223
AdobeFlash Player13.0.0.231
AdobeFlash Player14.0.0.125
AdobeFlash Player14.0.0.145
AdobeFlash Player14.0.0.176
AdobeFlash Player14.0.0.179
AdobeFlash Player15.0.0.144
AdobeAdobe Air<= 14.0.0.179
AdobeAdobe Air13.0.0.83
AdobeAdobe Air13.0.0.111
AdobeAdobe Air14.0.0.110
AdobeAdobe Air14.0.0.137
AdobeFlash Player<= 11.2.202.400
AdobeFlash Player11.2.202.223
AdobeFlash Player11.2.202.228
AdobeFlash Player11.2.202.233
AdobeFlash Player11.2.202.235
AdobeFlash Player11.2.202.236
AdobeFlash Player11.2.202.238
AdobeFlash Player11.2.202.243
AdobeFlash Player11.2.202.251
AdobeFlash Player11.2.202.258
AdobeFlash Player11.2.202.261
AdobeFlash Player11.2.202.262
AdobeFlash Player11.2.202.270
AdobeFlash Player11.2.202.273
AdobeFlash Player11.2.202.275
AdobeFlash Player11.2.202.280
AdobeFlash Player11.2.202.285
AdobeFlash Player11.2.202.291
AdobeFlash Player11.2.202.297
AdobeFlash Player11.2.202.310
AdobeFlash Player11.2.202.332
AdobeFlash Player11.2.202.335
AdobeFlash Player11.2.202.336
AdobeFlash Player11.2.202.341

Showing 50 of 57 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-0553?
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors.
How severe is CVE-2014-0553?
Severity scoring for CVE-2014-0553 is pending analysis. The EPSS model estimates a 9.32% probability of exploitation in the next 30 days.
How do I fix CVE-2014-0553?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0553?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST