Unrated severityNVD Advisory· Published Jan 15, 2014· Updated Apr 29, 2026

CVE-2014-0491

Description

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR before certain versions allow attackers to bypass unspecified protection mechanisms via unknown vectors.

Vulnerability

Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X, and before 11.2.202.335 on Linux, as well as Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 contain a vulnerability that allows attackers to bypass unspecified protection mechanisms. The exact nature of the bypass and the affected components are not disclosed in the available references [1].

Exploitation

The exploitation vectors are not detailed in the public sources. The description indicates that attackers can exploit this vulnerability via unknown vectors, suggesting that the required conditions and steps are not publicly known [1].

Impact

Successful exploitation enables an attacker to bypass unspecified protection mechanisms. The precise impact on confidentiality, integrity, or availability is not specified, but such a bypass could facilitate further attacks against the affected systems [1].

Mitigation

Adobe released fixed versions: Flash Player 11.7.700.260 and 12.0.0.38 for Windows and Mac OS X, 11.2.202.335 for Linux; and Adobe AIR 4.0.0.1390 (including SDK and SDK & Compiler). Red Hat Enterprise Linux users can obtain updates via RHSA-2014-0028 [1]. No workarounds are documented in the available references.

References

http://rhn.redhat.com/errata/RHSA-2014-0028.html

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Air2 versions
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <4.0.0.1390
- (no CPE)range: <4.0.0.1390
Adobe Inc./Air Sdk
cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*
Range: <4.0.0.1390
Adobe Inc./Flashplayer
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: >=11.0,<11.7.700.260
Adobe Inc./Flash Playerllm-fuzzy
Range: <12.0.0.38 on Windows and Mac OS X, <11.2.202.335 on Linux

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb14-02.htmlnvdPatchVendor Advisory
lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-0028.htmlnvdThird Party Advisory
secunia.com/advisories/56516nvdThird Party Advisory
secunia.com/advisories/56636nvdThird Party Advisory
www.securitytracker.com/id/1029602nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000