What is CVE-2014-8440?

CVE-2014-8440 is a vulnerability in Adobe Air. Published 2014-11-11.

Is CVE-2014-8440 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Adobe Air

CVE-2014-8440

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 all…

EPSS: 0.880 (99.5th percentile) — read the EPSS interpretation.

Affected products

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20141112 Adobe Flash Player Byte Array Uncompress Uninitialized Memory Corruption Vulnerability (x_refsource_IDEFENSE, Third Party Advisory, third-party-advisory)
36880 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
adobe-flash-cve20148440-code-exec(98615) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
openSUSE-SU-2015:0725 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
71047 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2014-8440?: CVE-2014-8440 is a vulnerability in Adobe Air. Published 2014-11-11.
Is CVE-2014-8440 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.