Use After Free Vulnerability in Adobe Flash Player Sound Class
CVE-2017-3058

7.8HIGH

Key Information:

Vendor

Adobe
Status
Adobe Flash Player 25.0.0.127 And Earlier.
Vendor
CVE Published:
12 April 2017

What is CVE-2017-3058?

Adobe Flash Player versions 25.0.0.127 and earlier contain a vulnerability in the sound class that allows for a use after free condition. This flaw can be exploited by attackers to execute arbitrary code on affected systems, potentially compromising system integrity and allowing unauthorized access. It is crucial for users to update their software to the latest versions to mitigate this risk.

Affected Version(s)

Adobe Flash Player 25.0.0.127 and earlier. Adobe Flash Player 25.0.0.127 and earlier.

References

https://security.gentoo.org/glsa/201704-04
vendor-advisoryx_refsource_GENTOO
http://www.securitytracker.com/id/1038225
vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/flash-player/ap...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.