CVE-2014-0535
Description
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player and AIR before certain versions allow attackers to bypass intended access restrictions via unspecified vectors.
Vulnerability
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X, before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 contain an unspecified vulnerability that allows attackers to bypass intended access restrictions [1][2][3]. The official description notes this is a different vulnerability than CVE-2014-0534.
Exploitation
According to the official description, exploitation is possible via unspecified vectors. The Gentoo advisory [3] indicates that a remote attacker could possibly execute arbitrary code, cause a denial of service, conduct cross-site scripting (XSS) attacks, or bypass security restrictions. No further details on the attack vector or required privileges are provided in the available references.
Impact
Successful exploitation could allow an attacker to bypass security restrictions, potentially leading to arbitrary code execution, denial of service, or cross-site scripting [3]. The impact scope is broad, affecting the confidentiality, integrity, and availability of the affected system, depending on the specific attack scenario.
Mitigation
Adobe has released fixed versions: Flash Player 13.0.0.223 or later, 14.0.0.125 or later (Windows/OS X), 11.2.202.378 or later (Linux); AIR 14.0.0.110 or later [1][2][3]. Red Hat [1] and Gentoo [3] advisories recommend all users upgrade immediately. No workaround is available [3].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
38<14.0.0.110+ 3 more
- (no CPE)range: <14.0.0.110
- cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*range: <=13.0.0.111
- cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
- (no CPE)range: <14.0.0.110
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=13.0.0.111
- cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
- (no CPE)range: <14.0.0.110
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.359
- cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
- Range: <13.0.0.223 (before 13.0.0.223 on Windows/OS X) and <14.0.0.125 (14.x before 14.0.0.125), <11.2.202.378 on Linux
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- helpx.adobe.com/security/products/flash-player/apsb14-16.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2014-06/msg00021.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-06/msg00029.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-06/msg00030.htmlnvd
- rhn.redhat.com/errata/RHSA-2014-0745.htmlnvd
- secunia.com/advisories/58390nvd
- secunia.com/advisories/58465nvd
- secunia.com/advisories/58585nvd
- secunia.com/advisories/59053nvd
- secunia.com/advisories/59304nvd
- security.gentoo.org/glsa/glsa-201406-17.xmlnvd
- www.securityfocus.com/bid/67970nvd
- www.securitytracker.com/id/1030368nvd
News mentions
0No linked articles in our index yet.