CVE-2014-0506 — Adobe Flash Player vulnerability

CWE-3995 documents4 sources

Severity

10.0CRITICALNVD

EPSS

19.9%

top 4.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedMar 27

Latest updateMay 17

Description

Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDadobe/flash_player12.0.0.77

🔴Vulnerability Details

GHSA

GHSA-g8c9-p2wf-f6gp: Use-after-free vulnerability in Adobe Flash Player before 11↗2022-05-17

▶

📋Vendor Advisories

Red Hat

flash-plugin: two flaws leading to code execution (APSB14-09)↗2014-04-08

▶

💬Community

Bugzilla

CVE-2014-0506 CVE-2014-0507 flash-plugin: two flaws leading to code execution (APSB14-09)↗2014-04-09

▶

Bugzilla

CVE-2014-0152 ovirt-engine-webadmin: session fixation↗2014-03-28

▶