VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 9, 2014· Updated May 6, 2026

CVE-2014-0537

CVE-2014-0537

Description

Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR before specified versions allow attackers to bypass access restrictions via unspecified vectors, enabling potential unauthorized actions.

Vulnerability

CVE-2014-0537 is an access restriction bypass vulnerability in Adobe Flash Player and Adobe AIR. Affected versions include Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X, before 11.2.202.394 on Linux; Adobe AIR before 14.0.0.137 on Android; Adobe AIR SDK before 14.0.0.137; and Adobe AIR SDK & Compiler before 14.0.0.137. The vulnerability can be triggered via unspecified vectors, likely through crafted SWF content delivered to a user.

Exploitation

The exact attack vector is not disclosed in the available references, but the vulnerability is remotely exploitable by delivering a malicious SWF file to a user running an affected version. No authentication or special privileges are required; user interaction (e.g., visiting a compromised website or opening a malicious file) is sufficient.

Impact

Successful exploitation allows an attacker to bypass intended access restrictions within the Flash Player or AIR runtime. This could lead to unauthorized information disclosure, privilege escalation, or other security policy violations, depending on the context of the application.

Mitigation

Adobe released updates on July 8, 2014, to address this vulnerability. Users should upgrade to Flash Player 13.0.0.231 or 14.0.0.145 (Windows/OS X), 11.2.202.394 (Linux), or AIR 14.0.0.137 (Android and SDK). Red Hat [1] and Gentoo [2] advisories confirm these fixes. No workarounds are available; upgrading is the only mitigation.

References
  1. http://rhn.redhat.com/errata/RHSA-2014-0860.html
  2. Multiple vulnerabilities (GLSA 201407-02) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

42
  • Adobe Inc./Air4 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=14.0.0.110
    • cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
    • (no CPE)range: <14.0.0.137
  • Adobe Inc./Air Sdk4 versions
    cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*range: <=14.0.0.110
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
    • (no CPE)range: <14.0.0.137
  • Adobe Inc./Flashplayer34 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 33 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.223
    • cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • (no CPE)range: <13.0.0.231 and 14.x <14.0.0.145 (Windows/OS X), <11.2.202.394 (Linux)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.