CVE-2014-0497
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 20, 2013
- Published Date
- February 05, 2014
- Last Updated
- September 18, 2024
- Vendor
- n/a
- Product
- n/a
- Description
- Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2024-09-17 00:00:00 UTC) Source
References
http://www.exploit-db.com/exploits/33212
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html
http://rhn.redhat.com/errata/RHSA-2014-0137.html
http://www.osvdb.org/102849
http://www.securityfocus.com/bid/65327
http://secunia.com/advisories/56799
http://www.securitytracker.com/id/1029715
http://secunia.com/advisories/56737
http://secunia.com/advisories/56437
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html
http://secunia.com/advisories/56780
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html
http://secunia.com/advisories/56839
https://exchange.xforce.ibmcloud.com/vulnerabilities/90884
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2024-09-17 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobe_flash_avm2.rb | 2025-04-29 11:01:29 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
adobe_flash_avm2
Type: metasploit • Created: Unknown
Metasploit module for CVE-2014-0497