⚠ Actively exploited
Added to CISA KEV on 2024-09-17. Federal agencies required to patch by 2024-10-08. Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product..
CVE-2014-0502 — Double Free in Adobe AIR
Severity
8.8HIGHNVD
EPSS
89.0%
top 0.47%
CISA KEV
KEV
Added 2024-09-17
Due 2024-10-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedFeb 21
KEV addedSep 17
KEV dueOct 8
CISA Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Description
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages8 packages
Also affects: Enterprise Linux 6.5