Security Bypass Vulnerability in Adobe Flash Player
CVE-2017-2938

6.5MEDIUM

Key Information:

Vendor

Adobe
Status
Adobe Flash Player 24.0.0.186 And Earlier.
Vendor
CVE Published:
11 January 2017

What is CVE-2017-2938?

Adobe Flash Player versions 24.0.0.186 and earlier contain a security bypass vulnerability that affects how TCP connections are handled. This vulnerability may allow an attacker to bypass security measures, potentially exposing systems to further attacks. Users are advised to upgrade to the latest version of Adobe Flash Player to mitigate this risk and ensure their systems are protected against potential exploitation.

Affected Version(s)

Adobe Flash Player 24.0.0.186 and earlier. Adobe Flash Player 24.0.0.186 and earlier.

References

https://security.gentoo.org/glsa/201702-20
vendor-advisoryx_refsource_GENTOO
https://helpx.adobe.com/security/products/flash-player/ap...
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0057.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.