⚠ Actively exploited

Added to CISA KEV on 2024-09-17. Federal agencies required to patch by 2024-10-08. Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product..

CVE-2014-0497 — Integer Underflow (Wrap or Wraparound) in Adobe Flash Player

CWE-191 — Integer Underflow (Wrap or Wraparound)CWE-190 — Integer Overflow or Wraparound15 documents13 sources

Severity

9.8CRITICALNVD

EPSS

93.1%

top 0.21%

CISA KEV

KEV

Added 2024-09-17

Due 2024-10-08

Exploit

Exploited in wild

Active exploitation observed

Affected products

Adobe Flash Player Google Chrome Opensuse +6 more

Timeline

PublishedFeb 5

KEV addedSep 17

KEV dueOct 8

CISA Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Description

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDadobe/flash_player11.8.800.94 — 12.0.0.44+2

▶NVDsuse/linux_enterprise_desktop11

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

▶NVDredhat/enterprise_linux_desktop5.0, 6.0+1

▶NVDredhat/enterprise_linux_workstation5.0, 6.0+1

Also affects: Enterprise Linux 6.5

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-qx9j-q623-p5fh: Integer underflow in Adobe Flash Player before 11↗2022-05-14

▶

CVEList

CVE-2014-0497: Integer underflow in Adobe Flash Player before 11↗2014-02-05

▶

VulnCheck

Adobe Flash Player Integer Underflow Vulnerablity↗2014

▶

💥Exploits & PoCs

Exploit-DB

Adobe Flash Player - Integer Underflow Remote Code Execution (Metasploit)↗2014-05-06

▶

Metasploit

Adobe Flash Player Integer Underflow Remote Code Execution↗

▶

📋Vendor Advisories

CISA

Adobe Flash Player Integer Underflow Vulnerablity↗2024-09-17

▶

Red Hat

flash-plugin: integer underflow flaw leads to arbitrary code execution (APSB14-04)↗2014-02-04

▶

🕵️Threat Intelligence

Securelist

How Security Products are Tested – Part 1↗2017-02-27

▶

Krebs

Adobe Pushes Fix for Flash Zero-Day Attack↗2014-02-04

▶

Krebs

Adobe Pushes Fix for Flash Zero-Day Attack – Krebs on Security↗2014-02-01

▶

Zscaler

Zscaler found Multiple Security Vulnerabilities | 02-11-2014↗

▶

Recorded Future

Tracking Moving Targets: Exploit Kits and CVEs↗

▶

💬Community

Bugzilla

CVE-2014-0497 flash-plugin: integer underflow flaw leads to arbitrary code execution (APSB14-04)↗2014-02-04

▶