CVE-2014-0541
Description
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allow attackers to bypass intended access restrictions via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player enables access restriction bypass via unspecified vectors, allowing attackers to circumvent security controls.
Vulnerability
Adobe Flash Player before version 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X, before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, and Adobe AIR SDK (including SDK & Compiler) before 14.0.0.178 are affected by a vulnerability that allows attackers to bypass intended access restrictions. The vulnerability is triggered via unspecified vectors, meaning no specific code path or user interaction details are provided in the available references [1]. Affected versions include all Flash Player releases prior to the fixed versions listed above.
Exploitation
An attacker can exploit this vulnerability remotely without authentication. The exploit sequence is not detailed in the references, but the advisory notes that a remote attacker could bypass security restrictions [1]. The attack vector likely involves enticing a user to visit a malicious webpage or open a crafted SWF file, though the exact steps remain undisclosed.
Impact
Successful exploitation allows an attacker to bypass intended access restrictions, potentially leading to arbitrary code execution, denial of service, or security control circumvention [1]. The compromise occurs within the context of the affected application (Flash Player or AIR), granting the attacker the same privileges as the user running the software.
Mitigation
The fix is to upgrade to the latest version: Flash Player 13.0.0.241 or 14.0.0.176 (Windows/OS X), 11.2.202.400 (Linux), AIR 14.0.0.178 (Windows/OS X) or 14.0.0.179 (Android), and AIR SDK 14.0.0.178. These updates were released on August 12, 2014. No workaround is known [1]. The Gentoo advisory recommends users of Adobe Flash Player on Gentoo Linux to emerge the updated package [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
47cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=14.0.0.137
- cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*
- (no CPE)range: <14.0.0.178 (Windows/OS X), <14.0.0.179 (Android)
cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*range: <=14.0.0.137
- cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:*:*:*:*:*:*:*
- (no CPE)range: <14.0.0.178
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.231
- cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- Range: <13.0.0.241 (Windows/OS X), <14.0.0.176 (Windows/OS X), <11.2.202.400 (Linux)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7News mentions
0No linked articles in our index yet.