CVE-2017-2930

8.8HIGH

Key Information:

Vendor: Adobe
Status: Adobe Flash Player 24.0.0.186 And Earlier.
Vendor: CVE Published:; 11 January 2017

Summary

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.

Affected Version(s)

Adobe Flash Player 24.0.0.186 and earlier. Adobe Flash Player 24.0.0.186 and earlier.

References

https://security.gentoo.org/glsa/201702-20

vendor-advisoryx_refsource_GENTOO

https://www.exploit-db.com/exploits/41012/

exploitx_refsource_EXPLOIT-DB

https://helpx.adobe.com/security/products/flash-player/ap...

x_refsource_CONFIRM

EPSS Score

29% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2017
Vulnerability Reserved
Dec 2, 2016