VIR Vulnerability Intelligence Relay

CVE-2014-0501

critical
Published 2014-02-12 · Modified 2026-04-29
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — http://helpx.adobe.com/security/products/shockwave/apsb14-06.html

Application impact
VendorProductVersionsFixed
adobeshockwave_player{"endIncluding":"12.0.7.148"}
adobeshockwave_player11.0.0.456
adobeshockwave_player11.0.3.471
adobeshockwave_player11.5.0.595
adobeshockwave_player11.5.0.596
adobeshockwave_player11.5.1.601
adobeshockwave_player11.5.2.602
adobeshockwave_player11.5.6.606
adobeshockwave_player11.5.7.609
adobeshockwave_player11.5.8.612
adobeshockwave_player11.5.9.615
adobeshockwave_player11.5.9.620
adobeshockwave_player11.5.10.620
adobeshockwave_player11.6.0.626
adobeshockwave_player11.6.1.629
adobeshockwave_player11.6.3.633
adobeshockwave_player11.6.4.634
adobeshockwave_player11.6.5.635
adobeshockwave_player11.6.6.636
adobeshockwave_player11.6.7.637
adobeshockwave_player11.6.8.638
adobeshockwave_player12.0.0.112
adobeshockwave_player12.0.2.122
adobeshockwave_player12.0.3.133
adobeshockwave_player12.0.4.144
adobeshockwave_player12.0.6.147

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.