CVE-2017-11292
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Adobe Flash Player version 27.0.0.159 and earlier | Adobe Flash Player version 27.0.0.159 and earlier | affected |
Weaknesses
- arbitrary code execution
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1039582
- https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
- https://security.gentoo.org/glsa/201710-22
- http://www.securityfocus.com/bid/101286
- https://access.redhat.com/errata/RHSA-2017:2899
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- http://www.securitytracker.com/id/1039582
- https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
- https://security.gentoo.org/glsa/201710-22
- http://www.securityfocus.com/bid/101286
- https://access.redhat.com/errata/RHSA-2017:2899
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.