What is the severity of CVE-2014-8437?

CVE-2014-8437 has a severity rating of medium to high due to the potential for remote attackers to discover session tokens.

How do I fix CVE-2014-8437?

To fix CVE-2014-8437, update Adobe Flash Player to version 13.0.0.252 or later, 14.x to version 14.0.0.180 or later, or 15.x to version 15.0.0.223 or later.

Which versions are affected by CVE-2014-8437?

CVE-2014-8437 affects Adobe Flash Player versions before 13.0.0.252, 14.x before 14.0.0.180, and 15.x before 15.0.0.223, as well as Adobe AIR versions before 15.0.0.356.

Can CVE-2014-8437 be exploited in an Adobe AIR environment?

Yes, CVE-2014-8437 can be exploited in Adobe AIR environments that are running versions before 15.0.0.356.

What types of devices are affected by CVE-2014-8437?

CVE-2014-8437 affects Windows, OS X, and Linux systems that are running vulnerable versions of Adobe Flash Player and Adobe AIR.

Vulnerability/
CVE-2014-8437

medium

CWE

200

11/11/2014

6/8/2024

CVE-2014-8437: Infoleak

First published: Tue Nov 11 2014(Updated: )

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Macromedia Flash Player	>=13.0<13.0.0.252
Macromedia Flash Player	>=14.0<=14.0.0.179
Macromedia Flash Player	>=15.0<15.0.0.223
Apple iOS and macOS
Microsoft Windows Operating System
Macromedia Flash Player	>=11.0<11.2.202.418
Linux Kernel
Adobe AIR	<=15.0.0.356
Adobe	<=15.0.0.356
Adobe AIR SDK & Compiler	<15.0.0.356

Remedy

http://helpx.adobe.com/security/products/flash-player/apsb14-24.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-8437?
CVE-2014-8437 has a severity rating of medium to high due to the potential for remote attackers to discover session tokens.
How do I fix CVE-2014-8437?
To fix CVE-2014-8437, update Adobe Flash Player to version 13.0.0.252 or later, 14.x to version 14.0.0.180 or later, or 15.x to version 15.0.0.223 or later.
Which versions are affected by CVE-2014-8437?
CVE-2014-8437 affects Adobe Flash Player versions before 13.0.0.252, 14.x before 14.0.0.180, and 15.x before 15.0.0.223, as well as Adobe AIR versions before 15.0.0.356.
Can CVE-2014-8437 be exploited in an Adobe AIR environment?
Yes, CVE-2014-8437 can be exploited in Adobe AIR environments that are running versions before 15.0.0.356.
What types of devices are affected by CVE-2014-8437?
CVE-2014-8437 affects Windows, OS X, and Linux systems that are running vulnerable versions of Adobe Flash Player and Adobe AIR.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/remedy
agent/author
agent/last-modified-date
agent/event
agent/description
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/adobe
canonical/macromedia flash player
version/macromedia flash player/13.0
version/macromedia flash player/14.0
version/macromedia flash player/14.0.0.179
version/macromedia flash player/15.0
vendor/apple
canonical/apple ios and macos
vendor/microsoft
canonical/microsoft windows operating system
version/macromedia flash player/11.0
vendor/linux
canonical/linux kernel
canonical/adobe air
version/adobe air/15.0.0.356
canonical/adobe
version/adobe/15.0.0.356
canonical/adobe air sdk & compiler