CVE-2014-0500: Buffer Overflow
First published: Wed Feb 12 2014(Updated: )
Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Shockwave Player | <=12.0.7.148 | |
| Adobe Shockwave Player | =11.0.0.456 | |
| Adobe Shockwave Player | =11.0.3.471 | |
| Adobe Shockwave Player | =11.5.0.595 | |
| Adobe Shockwave Player | =11.5.0.596 | |
| Adobe Shockwave Player | =11.5.1.601 | |
| Adobe Shockwave Player | =11.5.2.602 | |
| Adobe Shockwave Player | =11.5.6.606 | |
| Adobe Shockwave Player | =11.5.7.609 | |
| Adobe Shockwave Player | =11.5.8.612 | |
| Adobe Shockwave Player | =11.5.9.615 | |
| Adobe Shockwave Player | =11.5.9.620 | |
| Adobe Shockwave Player | =11.5.10.620 | |
| Adobe Shockwave Player | =11.6.0.626 | |
| Adobe Shockwave Player | =11.6.1.629 | |
| Adobe Shockwave Player | =11.6.3.633 | |
| Adobe Shockwave Player | =11.6.4.634 | |
| Adobe Shockwave Player | =11.6.5.635 | |
| Adobe Shockwave Player | =11.6.6.636 | |
| Adobe Shockwave Player | =11.6.7.637 | |
| Adobe Shockwave Player | =11.6.8.638 | |
| Adobe Shockwave Player | =12.0.0.112 | |
| Adobe Shockwave Player | =12.0.2.122 | |
| Adobe Shockwave Player | =12.0.3.133 | |
| Adobe Shockwave Player | =12.0.4.144 | |
| Adobe Shockwave Player | =12.0.6.147 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-0500?
CVE-2014-0500 has been classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2014-0500?
To fix CVE-2014-0500, update Adobe Shockwave Player to version 12.0.9.149 or later.
What systems are affected by CVE-2014-0500?
CVE-2014-0500 affects all versions of Adobe Shockwave Player prior to 12.0.9.149, including several 11.x versions.
What type of exploitation is possible with CVE-2014-0500?
CVE-2014-0500 can be exploited by remote attackers to execute arbitrary code or cause a denial of service.
Is there a patch available for CVE-2014-0500?
Yes, Adobe has released a patch for CVE-2014-0500 in version 12.0.9.149 and it is recommended to install it immediately.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/adobe
- canonical/adobe shockwave player
- version/adobe shockwave player/12.0.7.148
- version/adobe shockwave player/11.0.0.456
- version/adobe shockwave player/11.0.3.471
- version/adobe shockwave player/11.5.0.595
- version/adobe shockwave player/11.5.0.596
- version/adobe shockwave player/11.5.1.601
- version/adobe shockwave player/11.5.2.602
- version/adobe shockwave player/11.5.6.606
- version/adobe shockwave player/11.5.7.609
- version/adobe shockwave player/11.5.8.612
- version/adobe shockwave player/11.5.9.615
- version/adobe shockwave player/11.5.9.620
- version/adobe shockwave player/11.5.10.620
- version/adobe shockwave player/11.6.0.626
- version/adobe shockwave player/11.6.1.629
- version/adobe shockwave player/11.6.3.633
- version/adobe shockwave player/11.6.4.634
- version/adobe shockwave player/11.6.5.635
- version/adobe shockwave player/11.6.6.636
- version/adobe shockwave player/11.6.7.637
- version/adobe shockwave player/11.6.8.638
- version/adobe shockwave player/12.0.0.112
- version/adobe shockwave player/12.0.2.122
- version/adobe shockwave player/12.0.3.133
- version/adobe shockwave player/12.0.4.144
- version/adobe shockwave player/12.0.6.147