CVE-2014-0502

2014-02-2105:07:00

CWE-399

[email protected]

web.nvd.nist.gov

178

cve-2014-0502

double free

adobe flash player

remote code execution

nvd

security vulnerability

exploit

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.41 Medium

EPSS

Percentile

97.3%

JSON

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Affected configurations

NVD

Node

adobeflash_playerRange11.0–11.7.700.269

adobeflash_playerRange11.8–11.8.800.175

adobeflash_playerRange11.9–12.0.0.70

AND

applemac_os_x

microsoftwindowsMatch-

Node

adobeadobe_air_sdkRange<4.0.0.1628

Node

adobeflash_playerRange11.0–11.2.202.341

AND

linuxlinux_kernel

Node

adobeadobe_airRange<4.0.0.1628

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt11.7.700.269
adobe:flash_playeradobe flash playerlt11.8.800.175
adobe:flash_playeradobe flash playerlt12.0.0.70