Exploitable Code Execution Vulnerability in Adobe Shockwave Player
CVE-2014-0500

Currently unrated

Key Information:

Vendor: Adobe
Status: Shockwave Player
Vendor: CVE Published:; 12 February 2014

What is CVE-2014-0500?

An issue exists in Adobe Shockwave Player prior to version 12.0.9.149 that enables remote attackers to execute arbitrary code or trigger a denial of service through memory corruption. The exploit can be carried out via unspecified vectors, which presents significant risks to users who have not yet updated to the latest version.

References

http://www.securityfocus.com/bid/65490

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/91007

vdb-entryx_refsource_XF

http://osvdb.org/103157

vdb-entryx_refsource_OSVDB

EPSS Score

25% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2014
Vulnerability Reserved
Dec 20, 2013