CVE-2017-2987Integer Overflow or Wraparound in Adobe Flash Player

CWE-190Integer Overflow or Wraparound36 documents7 sources
Severity
8.8HIGHNVD
EPSS
7.3%
top 8.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Flash PlayerAdobe Flash Player Desktop Runtime
Timeline
PublishedFeb 15
Latest updateMay 14

Description

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDadobe/flash_player24.0.0.194

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
GHSA-cqr9-g2qv-xv6v: Adobe Flash Player versions 242022-05-14
CVEList
CVE-2017-2987: Adobe Flash Player versions 242017-02-15
OSV
CVE-2017-2987: Adobe Flash Player versions 242017-02-15

💥Exploits & PoCs

1
Exploit-DB
Zyxel_ EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection2017-04-02

📋Vendor Advisories

29
Red Hat
chromium-browser: bad cast in blink2017-03-29
Red Hat
chromium-browser: heap buffer overflow in v82017-03-29
Red Hat
chromium-browser: out of bounds memory access in v82017-03-29
Red Hat
chromium-browser: use after free in blink2017-03-29
Red Hat
chromium-browser: use after free in printing2017-03-29

💬Community

2
Bugzilla
Address bar spoof in reader mode2017-04-20
Bugzilla
CVE-2017-2982 CVE-2017-2984 CVE-2017-2985 CVE-2017-2986 CVE-2017-2987 CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992 CVE-2017-2993 CVE-2017-2995 CVE-2017-2996 flash-plugin: multiple code exec2017-02-14
CVE-2017-2987 — Integer Overflow or Wraparound in Adobe | cvebase