CVE-2014-0497

CRITICAL KEV

Adobe Flash Player Integer Underflow Remote Code Execution

Title source: metasploit

Description

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/33212

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_avm2.rb

View Code ZIP pw:eip

References (17)

[Release Notes] http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html

[Broken Link, Patch, Vendor Advisory] http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-0137.html

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56437

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56737

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56780

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56799

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56839

[Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/33212

[Broken Link] http://www.osvdb.org/102849

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65327

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029715

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90884

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0497

Scores

CVSS v3 9.8

EPSS 0.9302

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2024-09-17

VulnCheck KEV 2015-07-21

InTheWild.io 2024-09-17

ENISA EUVD EUVD-2014-0528

Classification

CWE

CWE-191

Status draft

Affected Products (15)

adobe/flash_player < 11.2.202.336

google/chrome < 32.0.1700.107

redhat/enterprise_linux_desktop

redhat/enterprise_linux_eus

redhat/enterprise_linux_server

redhat/enterprise_linux_server_aus

redhat/enterprise_linux_workstation

opensuse/opensuse

suse/linux_enterprise_desktop

Timeline

Published Feb 05, 2014

KEV Added Sep 17, 2024

Tracked Since Feb 18, 2026