CVE-2014-0492
Adobe Flash Player Jump Opcode Information Leak Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak."
Adobe Flash Player anteriores a 11.7.700.260 y 11.8.x y 11.9.x anteriores a 12.0.0.38 en Windows y Mac OS X y anteriores a 11.2.202.335 en Linux, Adobe AIR anteriores a 4.0.0.1390, Adobe AIR SDK anteriores a 4.0.0.1390 permite a atacantes evadir el mecanismo de protección ASLR aprovechando un "address leak".
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of the jump operation code. The issue lies in the failure of the ActionScript Virtual Machine to properly sanitize values before jumping to them. An attacker can leverage this vulnerability to leak addresses from Flash.ocx within the current process.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-02, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.335.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-20 CVE Reserved
- 2014-01-15 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/56516 | Third Party Advisory | |
| http://secunia.com/advisories/56636 | Third Party Advisory | |
| http://www.securitytracker.com/id/1029602 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://helpx.adobe.com/security/products/flash-player/apsb14-02.html | 2018-12-13 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html | 2018-12-13 | |
| http://rhn.redhat.com/errata/RHSA-2014-0028.html | 2018-12-13 | |
| https://access.redhat.com/security/cve/CVE-2014-0492 | 2014-01-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1053235 | 2014-01-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | >= 11.0 < 11.7.700.260 Search vendor "Adobe" for product "Flash Player" and version " >= 11.0 < 11.7.700.260" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | >= 11.0 < 11.7.700.260 Search vendor "Adobe" for product "Flash Player" and version " >= 11.0 < 11.7.700.260" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | >= 11.8 < 11.8.800.175 Search vendor "Adobe" for product "Flash Player" and version " >= 11.8 < 11.8.800.175" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | >= 11.8 < 11.8.800.175 Search vendor "Adobe" for product "Flash Player" and version " >= 11.8 < 11.8.800.175" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | >= 11.9 < 12.0.0.38 Search vendor "Adobe" for product "Flash Player" and version " >= 11.9 < 12.0.0.38" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | >= 11.9 < 12.0.0.38 Search vendor "Adobe" for product "Flash Player" and version " >= 11.9 < 12.0.0.38" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | >= 11.0 < 11.2.202.335 Search vendor "Adobe" for product "Flash Player" and version " >= 11.0 < 11.2.202.335" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Adobe Search vendor "Adobe" | Adobe Air Sdk Search vendor "Adobe" for product "Adobe Air Sdk" | < 4.0.0.1390 Search vendor "Adobe" for product "Adobe Air Sdk" and version " < 4.0.0.1390" | - |
Affected
| ||||||
| Adobe Search vendor "Adobe" | Adobe Air Search vendor "Adobe" for product "Adobe Air" | < 4.0.0.1390 Search vendor "Adobe" for product "Adobe Air" and version " < 4.0.0.1390" | - |
Affected
| ||||||