Is CVE-2014-0497 exploitable?

Yes — CVE-2014-0497 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2014-0497 a false positive?

No practitioners have marked CVE-2014-0497 a false positive so far (2 verdicts).

How do I remediate CVE-2014-0497?

See the authoritative references (NVD, vendor advisory) and community field notes on this page for remediation guidance.

CVE-2014-0497

is CVE-2014-0497real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

Critical · CVSS 9.8EPSS 99.9%CISA KEVCWE-191

Affected:Adobe Google Redhat Opensuse Suse

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.

References

NVD MITRE CVE.org CISA KEV

Published Feb 5, 2014

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2014-0497/badge.svg)](https://www.truepositive.app/cve/CVE-2014-0497)

HTML

<a href="https://www.truepositive.app/cve/CVE-2014-0497"><img src="https://www.truepositive.app/cve/CVE-2014-0497/badge.svg" alt="TruePositive verdict for CVE-2014-0497"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts

Not a real issue

to add your verdict.

Community real-world severity: Critical (Critical 2) — CVSS base score 9.8

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.