CVE-2014-0534
Description
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player and AIR before patched versions allow remote attackers to bypass access restrictions, potentially leading to arbitrary code execution.
Vulnerability
Adobe Flash Player versions before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X, and before 11.2.202.378 on Linux, along with Adobe AIR before 14.0.0.110 and its SDK variants, contain an unspecified vulnerability that allows attackers to bypass intended access restrictions [1][2]. The exact vectors are not detailed in the public references, but the flaw resides in the SWF rendering engine and is reachable when a user processes malicious Flash content.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious SWF file or web page that invokes the affected code path [2]. No special authentication or local access is required; the attack is remotely deliverable. Successful exploitation typically involves tricking the victim into visiting a malicious website or opening a booby‑trapped document that loads the Flash content. The specific sequence of operations needed to trigger the bypass is not disclosed, but the vulnerability is known to be exploitable in the wild.
Impact
If exploited, an attacker can bypass security restrictions to achieve arbitrary code execution, denial of service, or cross‑site scripting (XSS) depending on the attack vector [1][2]. The compromise occurs with the privileges of the user running the Flash process, potentially leading to full control of the affected system. The vulnerability also enables circumvention of security sandboxes, elevating the scope of impact.
Mitigation
Red Hat Enterprise Linux advisories (RHSA-2014:0745) and Gentoo Linux (GLSA 201406-17) recommend updating Adobe Flash Player to the patched versions: 13.0.0.223 (or 14.0.0.125 for 14.x), 11.2.202.378 for Linux, and Adobe AIR to 14.0.0.110 [1][2]. No workarounds are provided; users should apply the updates immediately. Unsupported versions that are no longer receiving patches remain vulnerable.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
37cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=13.0.0.111
- cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*range: <=13.0.0.111
- cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.214
- cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
- Range: <14.0.0.110
- Range: <13.0.0.223 and 14.x <14.0.0.125
- Range: <14.0.0.110
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- helpx.adobe.com/security/products/flash-player/apsb14-16.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-06/msg00029.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-06/msg00030.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-0745.htmlnvd
- secunia.com/advisories/58390nvd
- secunia.com/advisories/58465nvd
- secunia.com/advisories/58585nvd
- secunia.com/advisories/59053nvd
- secunia.com/advisories/59304nvd
- security.gentoo.org/glsa/glsa-201406-17.xmlnvd
- www.securityfocus.com/bid/67963nvd
- www.securitytracker.com/id/1030368nvd
News mentions
0No linked articles in our index yet.