VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 10, 2014· Updated May 6, 2026

CVE-2014-0557

CVE-2014-0557

Description

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Adobe Flash Player and AIR fail to restrict memory address discovery, allowing attackers to bypass ASLR and enable further exploitation.

Vulnerability

Adobe Flash Player before 13.0.0.244, 14.x and 15.x before 15.0.0.152 on Windows and OS X, and before 11.2.202.406 on Linux, along with Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, and Adobe AIR SDK and SDK & Compiler before 15.0.0.249, do not properly restrict discovery of memory addresses via unspecified vectors, enabling bypass of the Address Space Layout Randomization (ASLR) protection mechanism [1][2].

Exploitation

An attacker can leverage unspecified vectors, likely involving crafted SWF content delivered through a web browser or as a standalone Flash file, to discover memory addresses [2]. No explicit user interaction beyond loading the content is required; the attacker does not need authenticated access to the victim system. The exact attack sequence is not detailed in public advisories, but it involves triggering the memory address disclosure through the targeted Flash Player version [1][2].

Impact

Successful exploitation removes the ASLR barrier, significantly weakening memory protection. This does not directly execute code but facilitates subsequent exploits (e.g., heap sprays or return-oriented programming) that can lead to arbitrary code execution with the privileges of the affected process [2]. The bypassed ASLR therefore increases the risk of complete system compromise when combined with other Flash Player vulnerabilities.

Mitigation

Adobe addressed the issue by releasing Flash Player 15.0.0.152 (Windows/OS X), 11.2.202.406 (Linux), and AIR 15.0.0.249 (Windows/OS X) and 15.0.0.252 (Android), as well as updated AIR SDK and SDK & Compiler packages [1]. Users should update to these fixed versions immediately. No workarounds are available; systems running affected versions remain vulnerable [2].

References
  1. About Secunia Research | Flexera
  2. Multiple vulnerabilities (GLSA 201409-05) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

54
  • Adobe Inc./Air6 versions
    cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*range: <=14.0.0.178
    • cpe:2.3:a:adobe:adobe_air:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:13.0.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:14.0.0.110:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air:14.0.0.137:*:*:*:*:*:*:*
    • (no CPE)range: < 15.0.0.249 on Windows/OS X, < 15.0.0.252 on Android
  • Adobe Inc./Air Sdk6 versions
    cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*range: <=14.0.0.178
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.111:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:13.0.0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.110:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:adobe_air_sdk:14.0.0.137:*:*:*:*:*:*:*
    • (no CPE)range: < 15.0.0.249
  • Adobe Inc./Flashplayer41 versions
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 40 more
    • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=11.2.202.400
    • cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:flash_player:15.0.0.144:*:*:*:*:*:*:*
  • GNU/Flash Playerllm-fuzzy
    Range: < 15.0.0.152 on Windows/OS X, < 11.2.202.406 on Linux

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.