CVE-2014-9163

HIGH KEV

Adobe Flash Player <13.0.0.259-15.0.0.246 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.

References (3)

[Vendor Advisory] http://helpx.adobe.com/security/products/flash-player/apsb14-27.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-9163

[Issue Tracking] https://github.com/cisagov/vulnrichment/issues/196

Scores

CVSS v3 7.8

EPSS 0.0319

EPSS Percentile 87.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-04-13

VulnCheck KEV 2014-12-09

InTheWild.io 2014-12-09

ENISA EUVD EUVD-2014-8988

CWE

CWE-121

Status published

Products (1)

adobe/flash_player 13.0 - 13.0.0.259

Published Dec 10, 2014

KEV Added Apr 13, 2022

Tracked Since Feb 18, 2026