Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-2986Out-of-bounds Write in Adobe Flash Player

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
8.8HIGHNVD
EPSS
38.1%
top 2.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe Flash PlayerAdobe Flash Player Desktop Runtime
Timeline
PublishedFeb 15
Latest updateMay 14

Description

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDadobe/flash_player24.0.0.194

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-v2hm-3qvf-hf6w: Adobe Flash Player versions 242022-05-14
OSV
CVE-2017-2986: Adobe Flash Player versions 242017-02-15
CVEList
CVE-2017-2986: Adobe Flash Player versions 242017-02-15

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash - YUVPlane Decoding Heap Overflow2017-02-21

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple code execution issues fixed in APSB17-042017-02-14

💬Community

1
Bugzilla
CVE-2017-2982 CVE-2017-2984 CVE-2017-2985 CVE-2017-2986 CVE-2017-2987 CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992 CVE-2017-2993 CVE-2017-2995 CVE-2017-2996 flash-plugin: multiple code exec2017-02-14
CVE-2017-2986 — Out-of-bounds Write in Adobe | cvebase