First published: Fri Feb 21 2014(Updated: )
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Macromedia Flash Player | ||
All of | ||
Any of | ||
Macromedia Flash Player | <11.7.700.269 | |
Macromedia Flash Player | >=11.8.800.94<12.0.0.70 | |
Any of | ||
Apple iOS and macOS | ||
Microsoft Windows Operating System | ||
Adobe AIR SDK | <4.0.0.1628 | |
All of | ||
Macromedia Flash Player | <11.2.202.341 | |
Linux Kernel | ||
All of | ||
Adobe | <4.0.0.1628 | |
Android | ||
openSUSE | =11.4 | |
openSUSE | =12.3 | |
openSUSE | =13.1 | |
SUSE Linux Enterprise Desktop | =11-sp3 | |
Red Hat Enterprise Linux Desktop | =5.0 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Server EUS | =6.5 | |
Red Hat Enterprise Linux Server | =5.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Server | =6.5 | |
Red Hat Enterprise Linux Workstation | =5.0 | |
Red Hat Enterprise Linux Workstation | =6.0 | |
Macromedia Flash Player | >=11.0<11.7.700.269 | |
Macromedia Flash Player | >=11.8<11.8.800.175 | |
Macromedia Flash Player | >=11.9<12.0.0.70 | |
Apple iOS and macOS | ||
Microsoft Windows Operating System | ||
Macromedia Flash Player | >=11.0<11.2.202.341 | |
Linux Kernel | ||
Adobe | <4.0.0.1628 |
The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-0502 has a critical severity rating as it allows a remote attacker to execute arbitrary code.
To fix CVE-2014-0502, users should update Adobe Flash Player to version 11.7.700.269 or later.
Adobe Flash Player versions prior to 11.7.700.269 on Windows and Mac OS X and 11.2.202.341 on Linux are affected by CVE-2014-0502.
CVE-2014-0502 primarily affects Adobe Flash Player on Windows and Mac OS X, with some Linux versions also vulnerable.
Yes, versions of Adobe AIR prior to 4.0.0.1628 are also affected by CVE-2014-0502.