← Back

CVE-2014-0509

nvd nist
Published: Apr 8, 2014Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (159)

Adobe
3 products
Flash Player
Adobe Air
Adobe Air Sdk
Configuration A
36 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Adobe
Flash Player
Version 11.3.300.257
Flash Player
Version 11.3.300.262
Flash Player
Version 11.3.300.265
Flash Player
Version 11.3.300.268
Flash Player
Version 11.3.300.270
Flash Player
Version 11.3.300.271
Flash Player
Version 11.3.300.273
Flash Player
Version 11.4.402.265
Flash Player
Version 11.4.402.278
Flash Player
Version 11.4.402.287
Flash Player
Version 11.5.502.110
Flash Player
Version 11.5.502.135
Flash Player
Version 11.5.502.136
Flash Player
Version 11.5.502.146
Flash Player
Version 11.5.502.149
Flash Player
Version 11.6.602.167
Flash Player
Version 11.6.602.168
Flash Player
Version 11.6.602.171
Flash Player
Version 11.6.602.180
Flash Player
Version 11.7.700.169
Flash Player
Version 11.7.700.202
Flash Player
Version 11.7.700.224
Flash Player
Version 11.7.700.232
Flash Player
Version 11.7.700.242
Flash Player
Version 11.7.700.252
Flash Player
Version 11.7.700.257
Flash Player
Version 11.7.700.260
Flash Player
Version 11.8.800.168
Flash Player
Version 11.8.800.94
Flash Player
Version 11.8.800.97
Flash Player
Version 11.9.900.117
Flash Player
Version 11.9.900.152
Flash Player
Version 11.9.900.170
Flash Player
Version 12.0.0.38
Flash Player
Version 12.0.0.41
Flash Player
Version 12.0.0.43
Running on/withPlatform Versions
Apple
Mac Os X
All versions
Microsoft
Windows
All versions
Configuration B
57 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Adobe Air
Up to 4.0.0.1390
Adobe Air
Version 1.0.1
Adobe Air
Version 1.0.4990
Adobe Air
Version 1.0.8.4990
Adobe Air
Version 1.0
Adobe Air
Version 1.1.0.5790
Adobe Air
Version 1.1
Adobe Air
Version 1.5.0.7220
Adobe Air
Version 1.5.1.8210
Adobe Air
Version 1.5.1
Adobe Air
Version 1.5.2
Adobe Air
Version 1.5.3.9120
Adobe Air
Version 1.5.3.9130
Adobe Air
Version 1.5.3
Adobe Air
Version 1.5
Adobe Air
Version 2.0.2.12610
Adobe Air
Version 2.0.2
Adobe Air
Version 2.0.3.13070
Adobe Air
Version 2.0.3
Adobe Air
Version 2.0.4
Adobe Air
Version 2.5.0.16600
Adobe Air
Version 2.5.1.17730
Adobe Air
Version 2.6.0.19120
Adobe Air
Version 2.6.0.19140
Adobe Air
Version 2.6
Adobe Air
Version 2.7.0.19480
Adobe Air
Version 2.7.0.1948
Adobe Air
Version 2.7.0.19530
Adobe Air
Version 2.7.0.1953
Adobe Air
Version 2.7.1.19610
Adobe Air
Version 2.7.1
Adobe Air
Version 2.7
Adobe Air
Version 3.0.0.4080
Adobe Air
Version 3.0.0.408
Adobe Air
Version 3.1.0.485
Adobe Air
Version 3.1.0.4880
Adobe Air
Version 3.1.0.488
Adobe Air
Version 3.2.0.2070
Adobe Air
Version 3.2.0.207
Adobe Air
Version 3.3.0.3670
Adobe Air
Version 3.4.0.2540
Adobe Air
Version 3.4.0.2710
Adobe Air
Version 3.5.0.1060
Adobe Air
Version 3.5.0.600
Adobe Air
Version 3.5.0.880
Adobe Air
Version 3.5.0.890
Adobe Air
Version 3.6.0.597
Adobe Air
Version 3.6.0.6090
Adobe Air
Version 3.7.0.1530
Adobe Air
Version 3.7.0.1860
Adobe Air
Version 3.7.0.2090
Adobe Air
Version 3.8.0.870
Adobe Air
Version 3.8.0.910
Adobe Air
Version 3.9.0.1030
Adobe Air
Version 3.9.0.1060
Adobe Air
Version 3.9.0.1210
Adobe Air
Version 3.9.0.1380
Configuration C
42 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adobe
Flash Player
Up to 11.2.202.346
Flash Player
Version 11.0.1.152
Flash Player
Version 11.0.1.153
Flash Player
Version 11.0
Flash Player
Version 11.1.102.55
Flash Player
Version 11.1.102.59
Flash Player
Version 11.1.102.62
Flash Player
Version 11.1.102.63
Flash Player
Version 11.1.111.44
Flash Player
Version 11.1.111.50
Flash Player
Version 11.1.111.54
Flash Player
Version 11.1.111.8
Flash Player
Version 11.1.115.34
Flash Player
Version 11.1.115.48
Flash Player
Version 11.1.115.54
Flash Player
Version 11.1.115.58
Flash Player
Version 11.1.115.7
Flash Player
Version 11.1
Flash Player
Version 11.2.202.223
Flash Player
Version 11.2.202.228
Flash Player
Version 11.2.202.233
Flash Player
Version 11.2.202.235
Flash Player
Version 11.2.202.236
Flash Player
Version 11.2.202.238
Flash Player
Version 11.2.202.243
Flash Player
Version 11.2.202.251
Flash Player
Version 11.2.202.258
Flash Player
Version 11.2.202.261
Flash Player
Version 11.2.202.262
Flash Player
Version 11.2.202.270
Flash Player
Version 11.2.202.273
Flash Player
Version 11.2.202.275
Flash Player
Version 11.2.202.280
Flash Player
Version 11.2.202.285
Flash Player
Version 11.2.202.291
Flash Player
Version 11.2.202.297
Flash Player
Version 11.2.202.310
Flash Player
Version 11.2.202.327
Flash Player
Version 11.2.202.332
Flash Player
Version 11.2.202.335
Flash Player
Version 11.2.202.336
Flash Player
Version 11.2.202.341
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Configuration D
24 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Adobe Air Sdk
Up to 4.0.0.1628
Adobe Air Sdk
Version 3.0.0.4080
Adobe Air Sdk
Version 3.1.0.488
Adobe Air Sdk
Version 3.2.0.2070
Adobe Air Sdk
Version 3.3.0.3650
Adobe Air Sdk
Version 3.3.0.3690
Adobe Air Sdk
Version 3.4.0.2540
Adobe Air Sdk
Version 3.4.0.2710
Adobe Air Sdk
Version 3.5.0.1060
Adobe Air Sdk
Version 3.5.0.600
Adobe Air Sdk
Version 3.5.0.880
Adobe Air Sdk
Version 3.5.0.890
Adobe Air Sdk
Version 3.6.0.599
Adobe Air Sdk
Version 3.6.0.6090
Adobe Air Sdk
Version 3.7.0.1530
Adobe Air Sdk
Version 3.7.0.1860
Adobe Air Sdk
Version 3.7.0.2090
Adobe Air Sdk
Version 3.8.0.1430
Adobe Air Sdk
Version 3.8.0.870
Adobe Air Sdk
Version 3.8.0.910
Adobe Air Sdk
Version 3.9.0.1030
Adobe Air Sdk
Version 3.9.0.1210
Adobe Air Sdk
Version 3.9.0.1380
Adobe Air Sdk
Version 4.0.0.1390

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

Source: psirt@adobe.com
Vendor Advisory
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.