Back to KEVs

CVE-2014-0497

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 20, 2013
Published Date
February 05, 2014
Last Updated
September 18, 2024
Vendor
Adobe
Product
Flash Player
Description
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
Tags
windows linux macos cisa metasploit_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2024-09-17 00:00:00 UTC) Source

References

http://www.exploit-db.com/exploits/33212 http://helpx.adobe.com/security/products/flash-player/apsb14-04.html http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html http://rhn.redhat.com/errata/RHSA-2014-0137.html http://www.osvdb.org/102849 http://www.securityfocus.com/bid/65327 http://secunia.com/advisories/56799 http://www.securitytracker.com/id/1029715 http://secunia.com/advisories/56737 http://secunia.com/advisories/56437 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html http://secunia.com/advisories/56780 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html http://secunia.com/advisories/56839 https://exchange.xforce.ibmcloud.com/vulnerabilities/90884

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-09-17 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_avm2.rb 2025-04-29 11:01:29 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

adobe_flash_avm2

Type: metasploit • Created: Unknown

Metasploit module for CVE-2014-0497

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Metasploit