CVE-2014-0502

HIGH KEV

Adobe Flash Player <11.7.700.269-12.0.0.70 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2014-0502 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 17, 2024.

Description

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201405-04.xml
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0196.html

Scores

CVSS v3 8.8
EPSS 0.8983
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-09-17
VulnCheck KEV 2014-02-21
InTheWild.io 2018-12-13
ENISA EUVD EUVD-2014-0533
CWE
CWE-415
Status published
Products (15)
adobe/adobe_air < 4.0.0.1628
adobe/adobe_air_sdk < 4.0.0.1628
adobe/flash_player < 11.7.700.269
opensuse/opensuse 11.4
opensuse/opensuse 12.3
opensuse/opensuse 13.1
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 6.5
redhat/enterprise_linux_server 5.0
... and 5 more
Published Feb 21, 2014
KEV Added Sep 17, 2024
Tracked Since Feb 18, 2026