CVE-2017-3114
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| linux-kernel | - | not-affected | |
| rhel | 6.0 | affected | |
| windows | - | not-affected | |
| macos | - | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | flash_player | {"endIncluding":"27.0.0.183"} | |
References
- http://www.securityfocus.com/bid/101837
- http://www.securitytracker.com/id/1039778
- https://access.redhat.com/errata/RHSA-2017:3222
- https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
- https://security.gentoo.org/glsa/201711-13
- http://www.securityfocus.com/bid/101837
- http://www.securitytracker.com/id/1039778
- https://access.redhat.com/errata/RHSA-2017:3222
- https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
- https://security.gentoo.org/glsa/201711-13
CWEs
CWE-125
Verify integrity in audit chain (admin only). AS-IS.