Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
Recent assessments:
gwillcox-r7 at November 22, 2020 3:32am UTC reported:
Reported as exploited in the wild as part of Googleβs 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
helpx.adobe.com/security/products/flash-player/apsb14-22.html
helpx.adobe.com/security/products/flash-player/apsb14-26.html
lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html
lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html
rhn.redhat.com/errata/RHSA-2014-1915.html
secunia.com/advisories/60217
www.securityfocus.com/bid/71289
www.securitytracker.com/id/1031259
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439
exchange.xforce.ibmcloud.com/vulnerabilities/98932
www.f-secure.com/weblog/archives/00002768.html