Unrated severityNVD Advisory· Published May 14, 2014· Updated May 6, 2026

CVE-2014-0518

Description

Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR SDK before fixed versions allow bypass of access restrictions via unspecified vectors.

Vulnerability

Adobe Flash Player versions prior to 13.0.0.214 on Windows and OS X, and prior to 11.2.202.359 on Linux, along with Adobe AIR SDK and AIR SDK & Compiler before 13.0.0.111, contain an unspecified vulnerability that allows attackers to bypass intended access restrictions [1][2].

Exploitation

The exact attack vector is not detailed in the available references [1][2]. An attacker would likely need to convince a user to open a malicious Flash file, potentially via a web page or email attachment. User interaction is required, and no authentication is necessary for exploitation.

Impact

Successful exploitation results in the attacker bypassing access restrictions, which could lead to unauthorized actions, information disclosure, or further compromise of the affected system. The precise impact depends on the context but represents a security bypass vulnerability.

Mitigation

Adobe has released fixed versions: Flash Player 13.0.0.214 (Windows/OS X) and 11.2.202.359 (Linux), and AIR SDK 13.0.0.111. Red Hat Enterprise Linux users should update to flash-plugin-11.2.202.359-1.el6 via RHSA-2014:0496 [1]. Gentoo users should upgrade to >=www-plugins/adobe-flash-11.2.202.359 as per GLSA 201406-08 [2]. No workaround is known.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Adobe Inc./Air
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
Range: <13.0.0.111
Adobe Inc./Flashplayer
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: >=13.0,<13.0.0.214
GNU/Flash Playerllm-fuzzy
Range: before 13.0.0.214 (Windows/OS X) and before 11.2.202.359 (Linux)
Adobe Inc./Air Sdkllm-fuzzy
Range: <13.0.0.111
Adobe Inc./Air Sdk \& Compilerllm-fuzzy
Range: <13.0.0.111

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb14-14.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-updates/2014-05/msg00051.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-0496.htmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-201406-08.xmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000