Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2014-0502

Published: 21/02/2014 Updated: 13/12/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Flash Player

Vulnerability Summary

Double free vulnerability in Adobe Flash Player prior to 11.7.700.269 and 11.8.x up to and including 12.0.x prior to 12.0.0.70 on Windows and Mac OS X and prior to 11.2.202.341 on Linux, Adobe AIR prior to 4.0.0.1628 on Android, Adobe AIR SDK prior to 4.0.0.1628, and Adobe AIR SDK & Compiler prior to 4.0.0.1628 allows remote malicious users to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

adobe adobe air sdk

adobe adobe air

Vendor Advisories

Red Hat: CVE-2014-0502
Double free vulnerability in Adobe Flash Player before 117700269 and 118x through 120x before 120070 on Windows and Mac OS X and before 112202341 on Linux, Adobe AIR before 4001628 on Android, Adobe AIR SDK before 4001628, and Adobe AIR SDK & Compiler before 4001628 allows remote attackers to execute arbitrary code via uns ...

Recent Articles

New Flash vuln exploited (again). Adobe posts emergency fix (again)
The Register • Shaun Nichols in San Francisco • 20 Feb 2014

Miscreants attack fresh hole ... Windows, Mac, Linux peeps at risk

Adobe has released an update to address critical flaws in its Flash Player software, one of which is being actively targeted in the wild. The company said that the Windows and Mac OS X builds of Flash Player 12.0.0.44 and earlier, and Flash Player 11.2.202.336 and earlier for Linux, must be upgraded to fix a trio of bugs. Adobe said today's update will "resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498)", fix "a memory leak vulnerability that cou...

Read more...

References

CWE-399http://helpx.adobe.com/security/products/flash-player/apsb14-07.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0196.htmlhttp://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.htmlhttp://security.gentoo.org/glsa/glsa-201405-04.xmlhttps://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2014/02/20/flash_adobe_posts_emergency_fix/https://access.redhat.com/security/cve/cve-2014-0502
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook