CVE-2014-0497

CVE Database · CVE-2014-0497

CVE-2014-0497

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.88%

Published

Feb 5, 2014

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2024-09-17 · Due: 2024-10-08

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Public PoC / Exploit (1)

All weaponized →

Exploit-DBAdobe Flash Player - Integer Underflow Remote Code Execution (Metasploit)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-191CWE-191

Affected Products (24)

adobe · flash_player (up to 11.2.202.336)vulnerable

linux · linux_kernel

adobe · flash_player (up to 11.7.700.261)vulnerable

adobe · flash_player (up to 12.0.0.44)vulnerable

apple · mac_os_x

microsoft · windows

google · chrome (up to 32.0.1700.107)vulnerable

apple · macos

google · chrome_os

linux · linux_kernel

microsoft · windows

References (20)

http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html

Release Notes

http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

Broken LinkPatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html

Mailing List

http://rhn.redhat.com/errata/RHSA-2014-0137.html

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs