Use After Free Vulnerability in Adobe Flash Player
CVE-2017-3059

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Flash Player 25.0.0.127 And Earlier.
Vendor: CVE Published:; 12 April 2017

Summary

Adobe Flash Player versions up to 25.0.0.127 are impacted by a use after free vulnerability in an internal script object. This flaw can be exploited to execute arbitrary code, compromising system integrity and potentially allowing unauthorized access to sensitive data.

Affected Version(s)

Adobe Flash Player 25.0.0.127 and earlier. Adobe Flash Player 25.0.0.127 and earlier.

References

https://security.gentoo.org/glsa/201704-04

vendor-advisoryx_refsource_GENTOO

http://www.securitytracker.com/id/1038225

vdb-entryx_refsource_SECTRACK

https://helpx.adobe.com/security/products/flash-player/ap...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2017
Vulnerability Reserved
Dec 2, 2016

.