VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 10, 2014· Updated May 6, 2026

CVE-2014-0554

CVE-2014-0554

Description

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to bypass intended access restrictions via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player before patched versions allowed attackers to bypass security restrictions, potentially leading to arbitrary code execution.

Vulnerability

Adobe Flash Player before version 13.0.0.244, versions 14.x and 15.x before 15.0.0.152 on Windows and OS X, and before 11.2.202.406 on Linux, along with Adobe AIR before 15.0.0.249 on Windows and OS X, before 15.0.0.252 on Android, and related SDK packages before 15.0.0.249, contain an unspecified vulnerability that allows attackers to bypass intended access restrictions [1]. The exact code path is not publicly detailed, but the flaw exists in the SWF renderer commonly used for interactive web content.

Exploitation

An attacker can exploit this vulnerability by enticing a user to visit a crafted web page or open a malicious SWF file. According to source [1], the attacker requires no authentication and can leverage unspecified vectors, possibly via network access. The exploitation does not require any special user privileges beyond normal browsing activity.

Impact

Successful exploitation could allow an attacker to bypass security restrictions, leading to potential arbitrary code execution with the privileges of the affected process [1]. This could result in full compromise of the user's system, including data disclosure, modification, or further malware installation.

Mitigation

Adobe released fixed versions on or before September 10, 2014: Flash Player 13.0.0.244, 15.0.0.152, and 11.2.202.406; AIR 15.0.0.249 and 15.0.0.252. Gentoo users should update to >=www-plugins/adobe-flash-11.2.202.406 [1]. No workaround is available; users must upgrade to mitigate the vulnerability.

References
  1. Multiple vulnerabilities (GLSA 201409-05) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

55
  • Adobe Inc./Air6 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=14.0.0.179
    • cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:14.0.0.137:*:*:*:*:*:*:*
    • (no CPE)range: before 15.0.0.249 on Windows/OS X; before 15.0.0.252 on Android
  • Adobe Inc./Air Sdk6 versions
    cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*range: <=14.0.0.178
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137:*:*:*:*:*:*:*
    • (no CPE)range: before 15.0.0.249
  • Adobe Inc./Flashplayer42 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 41 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=13.0.0.241
    • cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.144:*:*:*:*:*:*:*
    • (no CPE)range: before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows/OS X; before 11.2.202.406 on Linux
  • Adobe Inc./Air Sdk \& Compilerllm-fuzzy
    Range: before 15.0.0.249

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.