CVE-2014-8439
CVE-2014-8439
In short
Adobe Flash Player and Adobe AIR contain a memory flaw that allows attackers to run arbitrary code or crash the application by sending specially crafted data. This is a critical vulnerability affecting millions of users.
Technical detail
Use-after-free vulnerability (CWE-416) in Adobe Flash Player, AIR, and related SDKs across Windows, OS X, and Linux platforms. Attack vector involves sending malicious input that triggers invalid pointer dereference; no authentication required. Successful exploitation enables remote code execution or denial of service.
Summary generated and translated by AI from the official description.
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://helpx.adobe.com/security/products/flash-player/apsb14-22.htmlhttp://helpx.adobe.com/security/products/flash-player/apsb14-26.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1915.htmlhttp://secunia.com/advisories/60217https://exchange.xforce.ibmcloud.com/vulnerabilities/98932https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8439https://www.f-secure.com/weblog/archives/00002768.htmlhttp://www.securityfocus.com/bid/71289http://www.securitytracker.com/id/1031259