stack.watch 👀 CVE-2014-8439 vulnerability in Adobe Products

CVE-2014-8439 vulnerability in Adobe Products
Published on November 25, 2014

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.

Known Exploited Vulnerability

This Adobe Flash Player Dereferenced Pointer Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.

The following remediation steps are recommended / required by June 15, 2022: The impacted product is end-of-life and should be disconnected if still in use.

Vulnerability Analysis

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2014-8439 has been classified to as a Buffer Overflow vulnerability or weakness.

Products Associated with CVE-2014-8439

You can be notified by stack.watch whenever vulnerabilities like CVE-2014-8439 are published in these products:

What versions are vulnerable to CVE-2014-8439?

Each of the following must match for the vulnerability to exist.

Adobe Air Up to Version 15.0.0.292

Adobe Air Sdk And Compiler Up to Version 15.0.0.301

Adobe Air Sdk Up to Version 15.0.0.301