CVE-2017-11282
critical
CVSS v3
9.8
CVSS v2
7.5
VIR risk
9.8
Description
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | - | not-affected | |
| linux-kernel | - | not-affected | |
| rhel | 6.0 | affected | |
| windows | - | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | flash_player | {"endIncluding":"26.0.0.151"} | |
References
- http://packetstormsecurity.com/files/144332/Adobe-Flash-appleToRange-Out-Of-Bounds-Read.html
- http://www.securityfocus.com/bid/100716
- http://www.securitytracker.com/id/1039314
- https://access.redhat.com/errata/RHSA-2017:2702
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1323
- https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
- https://security.gentoo.org/glsa/201709-16
- https://www.exploit-db.com/exploits/42783/
- https://www.youtube.com/watch?v=6iZnIQbRf5M
- http://packetstormsecurity.com/files/144332/Adobe-Flash-appleToRange-Out-Of-Bounds-Read.html
- http://www.securityfocus.com/bid/100716
- http://www.securitytracker.com/id/1039314
- https://access.redhat.com/errata/RHSA-2017:2702
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1323
- https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
- https://security.gentoo.org/glsa/201709-16
- https://www.exploit-db.com/exploits/42783/
- https://www.youtube.com/watch?v=6iZnIQbRf5M
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.