CVE-2014-0518
flash-plugin: security protection bypass (APSB14-14)
Severity Score
Exploit Likelihood
Affected Versions
4Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.
Adobe Flash Player anterior a 13.0.0.214 en Windows y OS X y anterior a 11.2.202.359 en Linux, Adobe AIR SDK anterior a 13.0.0.111 y Adobe AIR SDK & Compiler anterior a 13.0.0.111 permiten a atacantes evadir restricciones de acceso a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0517, CVE-2014-0519 y CVE-2014-0520.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-20 CVE Reserved
- 2014-05-14 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|