CISA KEV 정보
| 취약점명 | Adobe Flash Player Double Free Vulnerablity |
|---|---|
| 설명 | Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. |
| 조치사항 | The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-399 |
| 등록일 (KEV) | 2024-09-17 |
| 조치 기한 | 2024-10-08 |
| 추가 참고 | https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2014-0502 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C설명: Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
CWE: CWE-415 | CWE-415
참조
- http://helpx.adobe.com/security/products/flash-player/apsb14-07.html [Broken Link, Patch, Vendor Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html [Mailing List]
- http://rhn.redhat.com/errata/RHSA-2014-0196.html [Third Party Advisory]
- http://security.gentoo.org/glsa/glsa-201405-04.xml [Third Party Advisory]
- http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/ [Exploit, Third Party Advisory]
- https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html [Exploit, Third Party Advisory]
- http://helpx.adobe.com/security/products/flash-player/apsb14-07.html [Broken Link, Patch, Vendor Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html [Mailing List]
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html [Mailing List]
- http://rhn.redhat.com/errata/RHSA-2014-0196.html [Third Party Advisory]
- http://security.gentoo.org/glsa/glsa-201405-04.xml [Third Party Advisory]
- http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/ [Exploit, Third Party Advisory]
- ... 외 2건
This product uses the NVD API but is not endorsed or certified by the NVD.