Memory Corruption Vulnerability in Adobe Flash Player by Adobe
CVE-2017-2999

8.8HIGH

Key Information:

Vendor

Adobe
Status
Adobe Flash Player 24.0.0.221 And Earlier.
Vendor
CVE Published:
14 March 2017

What is CVE-2017-2999?

Adobe Flash Player contains a memory corruption vulnerability in its Primetime TVSDK functionality, particularly related to the hosting of playback surfaces. This vulnerability can be exploited to execute arbitrary code on the affected system, potentially allowing attackers to control affected devices. Users are encouraged to update their software to versions beyond 24.0.0.221 to mitigate risks associated with this vulnerability.

Affected Version(s)

Adobe Flash Player 24.0.0.221 and earlier. Adobe Flash Player 24.0.0.221 and earlier.

References

https://helpx.adobe.com/security/products/flash-player/ap...
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201703-02
vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/bid/96866
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.