CVE-2014-0497
Last modified
CVE-2014-0497 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.. CISA has confirmed active exploitation in the wild. EPSS estimates a 99.88% chance of exploitation in the next 30 days.
Description
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Adobe | Flash Player | < 11.2.202.336 | — |
| Adobe | Flash Player | < 11.7.700.261 | — |
| Adobe | Flash Player | >= 11.8.800.94, < 12.0.0.44 | — |
| Chrome | < 32.0.1700.107 | — | |
| Redhat | Enterprise Linux Desktop | 5.0 | — |
| Redhat | Enterprise Linux Desktop | 6.0 | — |
| Redhat | Enterprise Linux Eus | 6.5 | — |
| Redhat | Enterprise Linux Server | 5.0 | — |
| Redhat | Enterprise Linux Server | 6.0 | — |
| Redhat | Enterprise Linux Server Aus | 6.5 | — |
| Redhat | Enterprise Linux Workstation | 5.0 | — |
| Redhat | Enterprise Linux Workstation | 6.0 | — |
| Opensuse | Opensuse | 11.4 | — |
| Opensuse | Opensuse | 12.3 | — |
| Opensuse | Opensuse | 13.1 | — |
| Suse | Linux Enterprise Desktop | 11 | Sp2 |
References
- http://helpx.adobe.com/security/products/flash-player/apsb14-04.htmlBroken Link, Patch, Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0137.htmlThird Party Advisory
- http://secunia.com/advisories/56437Broken Link, Third Party Advisory
- http://secunia.com/advisories/56737Broken Link, Third Party Advisory
- http://secunia.com/advisories/56780Broken Link, Third Party Advisory
- http://secunia.com/advisories/56799Broken Link, Third Party Advisory
- http://secunia.com/advisories/56839Broken Link, Third Party Advisory
- http://www.exploit-db.com/exploits/33212Third Party Advisory, VDB Entry
- http://www.osvdb.org/102849Broken Link
- http://www.securityfocus.com/bid/65327Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1029715Broken Link, Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90884Third Party Advisory, VDB Entry
- http://helpx.adobe.com/security/products/flash-player/apsb14-04.htmlBroken Link, Patch, Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0137.htmlThird Party Advisory
- http://secunia.com/advisories/56437Broken Link, Third Party Advisory
- http://secunia.com/advisories/56737Broken Link, Third Party Advisory
- http://secunia.com/advisories/56780Broken Link, Third Party Advisory
- http://secunia.com/advisories/56799Broken Link, Third Party Advisory
- http://secunia.com/advisories/56839Broken Link, Third Party Advisory
- http://www.exploit-db.com/exploits/33212Third Party Advisory, VDB Entry
- http://www.osvdb.org/102849Broken Link
- http://www.securityfocus.com/bid/65327Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1029715Broken Link, Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90884Third Party Advisory, VDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0497US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2014-0497?
How severe is CVE-2014-0497?
How do I fix CVE-2014-0497?
Are you affected by CVE-2014-0497?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST