High severity8.8CISA KEVNVD Advisory· Published Feb 21, 2014· Updated Apr 21, 2026

CVE-2014-0502

Description

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

Affected products

Adobe Inc./Air
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
Range: <4.0.0.1628
Adobe Inc./Air Sdk
cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*
Range: <4.0.0.1628
Adobe Inc./Flash Player
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Range: <11.7.700.269
OpenSUSE/openSUSE3 versions
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb14-07.htmlnvdBroken LinkPatchVendor Advisory
www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/nvdExploitThird Party Advisory
volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.htmlnvdExploitThird Party Advisory
rhn.redhat.com/errata/RHSA-2014-0196.htmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-201405-04.xmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.htmlnvdMailing List
lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.htmlnvdMailing List
lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.htmlnvdMailing List
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.073
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000