⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: The impacted product is end-of-life and should be disconnected if still in use..
CVE-2017-11292
Severity
8.8HIGH
EPSS
29.3%
top 3.40%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 22
KEV addedMar 3
KEV dueMar 24
Latest updateMay 13
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Description
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages7 packages
▶CVEListV5adobe_flash_player_version_27.0.0.159_and_earlierAdobe Flash Player version 27.0.0.159 and earlier