VDB
CVE-2014-0502
CVE-2014-0502
PUBLISHED
KEV
CVSS 10 CRITICAL
Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.
EPSS 89.84% · 99.6th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
89.84%
99.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| adobe | flash_player | 0, 11.8.0, 0 |
| suse | linux_enterprise_desktop | 11, 11, 11 |
| redhat | enterprise_linux_workstation | 6.0, 6.0, 5.0 |
| adobe | air | 0 |
| n/a | n/a | *, n/a |
| redhat | enterprise_linux_desktop | 5.0, 6.0, 5.0 |
| redhat | enterprise_linux_eus | 6.5, 6.5, 6.5 |
| opensuse | opensuse | 13.1, 12.3, 13.1 |
| redhat | enterprise_linux_server | 6.0, 5.0, 6.0 |
| adobe | adobe_air | 0, 0, 0 |
| adobe | adobe_air_sdk | 0, 0, 0 |
| adobe | flash_player | 0, 11.8.800.94, 0 |
| redhat | enterprise_linux_server_aus | 6.5, 6.5, 6.5 |
| adobe | air_sdk | 0 |
Exploit Intelligence
- Flash double free vulnerability leads to code execution (hackerone)
- Flash double free vulnerability leads to code execution (hackerone)
- CIRCL seen: CVE-2014-0502 (circl-sighting)
- CIRCL seen: CVE-2014-0502 (circl-sighting)
- CIRCL seen: CVE-2014-0502 (circl-sighting)
- CIRCL seen: CVE-2014-0502 (circl-sighting)
- CIRCL seen: CVE-2014-0502 (circl-sighting)
- CIRCL seen: CVE-2014-0502 (circl-sighting)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0502 (circl)
- openSUSE-SU-2014:0277 (circl)
…and 25 more exploits
Timeline
- Feb 20, 2014 PoC Published
- Feb 21, 2014 CVE Published
- Feb 21, 2014 VulnCheck KEV Exploitation
- Feb 24, 2014 PoC Published
- Feb 25, 2014 PoC Published
- Feb 27, 2014 PoC Published
- May 17, 2014 PoC Published
- Dec 26, 2019 VulnCheck KEV Exploitation
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 17, 2023 EPSS Score
- Sep 17, 2024 CISA KEV Added
References
- openSUSE-SU-2014:0278 vendor-advisory
- https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html url
- GLSA-201405-04 vendor-advisory
- http://helpx.adobe.com/security/products/flash-player/apsb14-07.html url
- RHSA-2014:0196 vendor-advisory
- SUSE-SU-2014:0290 vendor-advisory
- openSUSE-SU-2014:0277 vendor-advisory
- http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/ url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0502 url
- https://nvd.nist.gov/vuln/detail/CVE-2014-0502 advisory
- http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502 url