CVE-2014-0497

CRITICAL KEV

Adobe Flash Player Integer Underflow Remote Code Execution

Title source: metasploit

Description

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/33212

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_avm2.rb

View Code ZIP pw:eip

References (17)

[Release Notes] http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html

[Broken Link, Patch, Vendor Advisory] http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-0137.html

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56437

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56737

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56780

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56799

[Broken Link, Third Party Advisory] http://secunia.com/advisories/56839

[Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/33212

[Broken Link] http://www.osvdb.org/102849

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65327

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029715

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90884

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0497

Scores

CVSS v3 9.8

EPSS 0.9316

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-09-17

VulnCheck KEV 2015-07-21

InTheWild.io 2024-09-17

ENISA EUVD EUVD-2014-0528

CWE

CWE-191

Status published

Products (14)

adobe/flash_player < 11.2.202.336

google/chrome < 32.0.1700.107

opensuse/opensuse 11.4

opensuse/opensuse 12.3

opensuse/opensuse 13.1

redhat/enterprise_linux_desktop 5.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 6.5

redhat/enterprise_linux_server 5.0

redhat/enterprise_linux_server 6.0

... and 4 more

Published Feb 05, 2014

KEV Added Sep 17, 2024

Tracked Since Feb 18, 2026