CVE-2014-0502
CVE-2014-0502
In short
Adobe Flash Player has a memory management flaw that allows attackers to execute malicious code on your computer through a specially crafted file or website. This vulnerability was actively exploited by hackers in early 2014.
Technical detail
Double free vulnerability in Adobe Flash Player memory management allows remote code execution via specially crafted content. Exploitation requires user interaction (visiting a malicious website or opening a compromised file); successful exploitation results in arbitrary code execution with user privileges. The flaw affects multiple versions across Windows, macOS, Linux, and Adobe AIR on Android.
Summary generated and translated by AI from the official description.
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://helpx.adobe.com/security/products/flash-player/apsb14-07.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0196.htmlhttp://security.gentoo.org/glsa/glsa-201405-04.xmlhttps://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0502http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/