CVE-2014-8439

HIGH KEV RANSOMWARE

Adobe Flash Player < 11.2.202.418 - Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2014-8439 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022, with confirmed use in ransomware campaigns.

Description

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.

References (12)

Core 12

Core References

Third Party Advisory x_refsource_confirm

https://www.f-secure.com/weblog/archives/00002768.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031259

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/71289

Permissions Required third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60217

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1915.html

Vendor Advisory x_refsource_confirm

http://helpx.adobe.com/security/products/flash-player/apsb14-22.html

Vendor Advisory x_refsource_confirm

http://helpx.adobe.com/security/products/flash-player/apsb14-26.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/98932

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8439

Scores

CVSS v3 8.8

EPSS 0.3444

EPSS Percentile 97.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-05-25

VulnCheck KEV 2014-10-14

InTheWild.io 2014-10-14

ENISA EUVD EUVD-2014-8276

Ransomware Use Confirmed

CWE

CWE-119 CWE-416

Status published

Products (4)

adobe/air < 15.0.0.292

adobe/air_sdk < 15.0.0.301

adobe/air_sdk_\&_compiler < 15.0.0.302

adobe/flash_player < 11.2.202.418

Published Nov 25, 2014

KEV Added May 25, 2022

Tracked Since Feb 18, 2026