CVE-2014-0502

CVE Database · CVE-2014-0502

CVE-2014-0502

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

24.20%

Published

Feb 21, 2014

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2024-09-17 · Due: 2024-10-08

The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-415CWE-415

Affected Products (21)

adobe · flash_player (up to 11.7.700.269)vulnerable

adobe · flash_player (up to 12.0.0.70)vulnerable

apple · mac_os_x

microsoft · windows

adobe · adobe_air_sdk (up to 4.0.0.1628)vulnerable

adobe · flash_player (up to 11.2.202.341)vulnerable

linux · linux_kernel