Unrated severityNVD Advisory· Published May 14, 2014· Updated May 6, 2026

CVE-2014-0517

Description

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR SDK allow access restriction bypass; fixed in versions 13.0.0.214 and 11.2.202.359.

Vulnerability

Adobe Flash Player before 13.0.0.214 on Windows and OS X, before 11.2.202.359 on Linux, and Adobe AIR SDK before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors [1]. This affects the Flash Player plugin and AIR runtime.

Exploitation

The vulnerability does not require authentication or user interaction beyond normal usage [2]. An attacker can craft a malicious SWF file that, when processed by the vulnerable player, bypasses security controls. Specific exploitation details are not disclosed.

Impact

Successful exploitation allows an attacker to bypass security restrictions, potentially leading to arbitrary code execution with the privileges of the user running Flash Player [2]. This results in full compromise of confidentiality, integrity, and availability.

Mitigation

Adobe released Flash Player 13.0.0.214 (Windows/OS X) and 11.2.202.359 (Linux) on May 13, 2014 [2]. Users should upgrade immediately. No workaround exists. Red Hat and Gentoo have issued advisories urging updates.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Air
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
Range: <13.0.0.111
Adobe Inc./Flashplayer
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: >=13.0,<13.0.0.214
GNU/Flash Playerllm-fuzzy
Range: before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux
Adobe Inc./Air Sdkllm-fuzzy
Range: before 13.0.0.111
Adobe Inc./Air Sdk \& Compilerllm-fuzzy
Range: before 13.0.0.111

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb14-14.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2014-05/msg00051.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-0496.htmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-201406-08.xmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000