VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 10, 2014· Updated May 6, 2026

CVE-2014-0548

CVE-2014-0548

Description

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before patched versions allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Vulnerability

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X, and before 11.2.202.406 on Linux, along with Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 contain a vulnerability that allows remote attackers to bypass the Same Origin Policy via unspecified vectors [1]. The bug resides in the core security model enforcement of cross-origin requests.

Exploitation

An attacker can exploit this vulnerability by hosting malicious Flash content (e.g., a crafted SWF file) on a website and convincing a user to visit that site. No authentication or prior access is required; the attack is remote. The exact steps involve the attacker leveraging the unspecified vectors to bypass the Same Origin Policy, potentially allowing the malicious Flash to interact with content from other origins.

Impact

Successful exploitation enables the attacker to bypass the Same Origin Policy, which can lead to unauthorized reading of data from other origins (confidentiality impact) and potentially performing actions on behalf of the user (integrity impact). The scope may be limited to the context of the affected Flash runtime, but the attacker could access sensitive information from different domains.

Mitigation

Adobe released fixed versions: Adobe Flash Player 13.0.0.244, 15.0.0.152 (Windows/OS X), and 11.2.202.406 (Linux); Adobe AIR 15.0.0.249 (Windows/OS X) and 15.0.0.252 (Android); Adobe AIR SDK and AIR SDK & Compiler 15.0.0.249. Users should upgrade to these versions. The Gentoo security advisory [1] also recommends updating to the latest version. No workarounds are available.

References
  1. Multiple vulnerabilities (GLSA 201409-05) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

54
  • Adobe Inc./Air6 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=14.0.0.179
    • cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:14.0.0.137:*:*:*:*:*:*:*
    • (no CPE)range: <15.0.0.249 (Windows/OS X) and <15.0.0.252 (Android)
  • Adobe Inc./Air Sdk6 versions
    cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*range: <=14.0.0.178
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137:*:*:*:*:*:*:*
    • (no CPE)range: <15.0.0.249
  • Adobe Inc./Flashplayer41 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 40 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.241
    • cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.144:*:*:*:*:*:*:*
  • GNU/Flash Playerllm-fuzzy
    Range: <15.0.0.152 (Windows/OS X) and <11.2.202.406 (Linux)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.