Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-2985Use After Free in Adobe Flash Player

CWE-416Use After Free7 documents7 sources
Severity
8.8HIGHNVD
EPSS
52.4%
top 2.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe Flash PlayerAdobe Flash Player Desktop Runtime
Timeline
PublishedFeb 15
Latest updateMay 14

Description

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDadobe/flash_player24.0.0.194

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-cg93-xx8v-ph94: Adobe Flash Player versions 242022-05-14
OSV
CVE-2017-2985: Adobe Flash Player versions 242017-02-15
CVEList
CVE-2017-2985: Adobe Flash Player versions 242017-02-15

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash - Use-After-Free in Applying Bitmap Filter2017-02-21

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple code execution issues fixed in APSB17-042017-02-14

💬Community

1
Bugzilla
CVE-2017-2982 CVE-2017-2984 CVE-2017-2985 CVE-2017-2986 CVE-2017-2987 CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992 CVE-2017-2993 CVE-2017-2995 CVE-2017-2996 flash-plugin: multiple code exec2017-02-14
CVE-2017-2985 — Use After Free in Adobe Flash Player | cvebase