CVE-2014-0588
Description
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0573 and CVE-2014-8438.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free vulnerability in Adobe Flash Player allows arbitrary code execution via unspecified vectors.
Vulnerability
A use-after-free vulnerability exists in Adobe Flash Player before 13.0.0.252, 14.x and 15.x before 15.0.0.223 on Windows and OS X, and before 11.2.202.418 on Linux, as well as in Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 [1]. The flaw can be triggered through unspecified vectors, leading to memory corruption.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious Flash file and enticing a user to open it, likely via a web browser or a document containing the SWF content. No authentication is required, and the attack can be executed remotely. The exact exploitation steps are not detailed in the reference [1], but the use-after-free condition is known to be exploitable.
Impact
Successful exploitation allows an attacker to execute arbitrary code on the affected system. This could lead to full compromise of the target, including data theft, installation of malware, or other malicious activities. The attacker gains the same privileges as the current user.
Mitigation
Adobe has released updates addressing this vulnerability: Flash Player 13.0.0.252 and 15.0.0.223 for Windows and OS X, and 11.2.202.418 for Linux; AIR 15.0.0.356 and corresponding SDK updates [1]. Users should apply the latest patches promptly. No workaround is available; installing the fixed version is the only mitigation.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <=15.0.0.356
- (no CPE)range: <15.0.0.356
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*range: <=15.0.0.356
- (no CPE)range: <15.0.0.356
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: >=13.0,<13.0.0.252
- (no CPE)range: <13.0.0.252, >=14.0.0.0 <15.0.0.223 (Windows/OS X); <11.2.202.418 (Linux)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- helpx.adobe.com/security/products/flash-player/apsb14-24.htmlnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.htmlnvdMailing ListThird Party Advisory
- www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.