CVE-2014-8439
HIGH KEV RANSOMWAREAdobe Flash Player < 11.2.202.418 - Use After Free
Title source: ruleDescription
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
References (12)
Scores
CVSS v3
8.8
EPSS
0.3444
EPSS Percentile
97.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-05-25
VulnCheck KEV
2014-10-14
InTheWild.io
2014-10-14
ENISA EUVD
EUVD-2014-8276
Ransomware Use
Confirmed
CWE
CWE-119
CWE-416
Status
published
Products (4)
adobe/air
< 15.0.0.292
adobe/air_sdk
< 15.0.0.301
adobe/air_sdk_\&_compiler
< 15.0.0.302
adobe/flash_player
< 11.2.202.418
Published
Nov 25, 2014
KEV Added
May 25, 2022
Tracked Since
Feb 18, 2026