Flash Player < (inferred) RCE (APSB14-04)

high Nessus Network Monitor Plugin ID 8108


The remote host is running a browser plugin that is vulnerable to remote code execution.


Versions of Adobe Flash Player equal or prior to are outdated and thus unpatched for a remote code execution vulnerability, though no further details have been released by the vendor (CVE-2014-0491).

Exploits against this vulnerability are known to be used in the wild.


Upgrade to Flash Player or later. For Linux users, upgrade to version or later.

See Also





Plugin Details

Severity: High

ID: 8108

Family: Web Clients

Published: 2/11/2014

Updated: 3/6/2019

Dependencies: 6245

Nessus ID: 72286

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Patch Publication Date: 2/5/2014

Vulnerability Publication Date: 2/5/2014

Exploitable With

Metasploit (windows/browser/adobe_flash_avm2.rb)

Reference Information

CVE: CVE-2014-0497

BID: 65327