Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11281 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents9 sources

Severity

9.8CRITICALNVD

EPSS

60.9%

top 1.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Flash Player Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedDec 1

Latest updateMay 13

Description

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/flash_player26.0.0.151

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-94wf-332j-3j5q: Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function↗2022-05-13

▶

CVEList

CVE-2017-11281: Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function↗2017-12-01

▶

OSV

CVE-2017-11281: Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function↗2017-12-01

▶

💥Exploits & PoCs

Exploit-DB

Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing↗2017-09-25

▶

Exploit-DB

Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing↗2017-09-25

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution issues fixed in APSB17-28↗2017-09-12

▶