Vulnerability in N/a
CVE-2014-0497
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
EPSS: 0.932 (99.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Public proof-of-concept exploits
References
- 33212 (exploit, x_refsource_EXPLOIT-DB)
- helpx.adobe.com/security/products/flash-player/apsb14-04.html (x_refsource_CONFIRM)
- googlechromereleases.blogspot.com/2014/02/stable-channel-update.html (x_refsource_CONFIRM)
- SUSE-SU-2014:0221 (vendor-advisory, x_refsource_SUSE)
- RHSA-2014:0137 (x_refsource_REDHAT, vendor-advisory)
- 102849 (x_refsource_OSVDB, vdb-entry)
- 65327 (vdb-entry, x_refsource_BID)
- 56799 (x_refsource_SECUNIA, third-party-advisory)
- 1029715 (vdb-entry, x_refsource_SECTRACK)
- 56737 (x_refsource_SECUNIA, third-party-advisory)
Frequently asked questions
- What is CVE-2014-0497?
- CVE-2014-0497 is a vulnerability in N/a. Published 2014-02-05.
- Is CVE-2014-0497 known to be exploited?
- Yes. CVE-2014-0497 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2024-09-17), indicating it is being actively exploited. 1 public proof-of-concept repositories are indexed.