GSD-2014-0502 — Vulnetix

Try Vulnetix Request Demo

GSD-2014-0502 PUBLISHED CVSS 8.800000190734863 HIGH

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
adobe	flash_player	0, 0, 11.8.0
adobe	air_sdk	0
n/a	n/a	n/a
adobe	air	0

Timeline

Feb 20, 2014 PoC Published
Feb 21, 2014 CVE Published
Feb 24, 2014 PoC Published
Feb 25, 2014 PoC Published
May 17, 2014 PoC Published
Sep 20, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory

References

openSUSE-SU-2014:0278 vendor-advisory
https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html url
http://helpx.adobe.com/security/products/flash-player/apsb14-07.html url
RHSA-2014:0196 vendor-advisory
SUSE-SU-2014:0290 vendor-advisory
openSUSE-SU-2014:0277 vendor-advisory
http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/ url
GLSA-201405-04 advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0502 advisory

Open in Interactive Console →