Memory Corruption Vulnerability in Adobe Flash Player by Adobe
CVE-2017-2991

8.8HIGH

Key Information:

Vendor

Adobe
Status
Adobe Flash Player 24.0.0.194 And Earlier.
Vendor
CVE Published:
15 February 2017

What is CVE-2017-2991?

Adobe Flash Player is affected by a memory corruption vulnerability in the h264 codec, related to the decompression process. This flaw allows an attacker to exploit the vulnerability, potentially leading to arbitrary code execution. If successfully exploited, this could compromise the integrity of the system running the affected version of Adobe Flash Player.

Affected Version(s)

Adobe Flash Player 24.0.0.194 and earlier. Adobe Flash Player 24.0.0.194 and earlier.

References

http://www.securityfocus.com/bid/96190
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201702-20
vendor-advisoryx_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2017-0275.html
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.