First published: Wed Feb 05 2014(Updated: )
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Macromedia Flash Player | ||
All of | ||
Macromedia Flash Player | <11.2.202.336 | |
Linux Kernel | ||
All of | ||
Any of | ||
Macromedia Flash Player | <11.7.700.261 | |
Macromedia Flash Player | >=11.8.800.94<12.0.0.44 | |
Any of | ||
Apple iOS and macOS | ||
Microsoft Windows Operating System | ||
All of | ||
Google Chrome | <32.0.1700.107 | |
Any of | ||
macOS | ||
Chrome OS | ||
Linux Kernel | ||
Microsoft Windows Operating System | ||
Red Hat Enterprise Linux Desktop | =5.0 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Server EUS | =6.5 | |
Red Hat Enterprise Linux Server | =5.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Server | =6.5 | |
Red Hat Enterprise Linux Workstation | =5.0 | |
Red Hat Enterprise Linux Workstation | =6.0 | |
openSUSE | =11.4 | |
openSUSE | =12.3 | |
openSUSE | =13.1 | |
SUSE Linux Enterprise Desktop | =11-sp2 | |
SUSE Linux Enterprise Desktop | =11-sp3 | |
Macromedia Flash Player | >=11.0<11.2.202.336 | |
Linux Kernel | ||
Macromedia Flash Player | >=11.0<11.7.700.261 | |
Macromedia Flash Player | >=11.8<12.0.0.44 | |
Apple iOS and macOS | ||
Microsoft Windows Operating System |
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-0497 has a critical severity rating as it allows remote code execution through an integer underflow vulnerability in Adobe Flash Player.
Adobe Flash Player versions before 11.7.700.261, between 11.8.x and 12.0.x prior to 12.0.0.44 on Windows and Mac, and before 11.2.202.336 on Linux are affected by CVE-2014-0497.
To remediate CVE-2014-0497, update Adobe Flash Player to the latest version available.
Yes, CVE-2014-0497 can be exploited remotely, allowing attackers to execute arbitrary code.
CVE-2014-0497 impacts Adobe Flash Player on Windows, Mac OS X, and Linux platforms.