CVE-2017-2997Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer27 documents6 sources
Severity
8.8HIGHNVD
EPSS
5.5%
top 9.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Flash PlayerAdobe Flash Player Desktop Runtime
Timeline
PublishedMar 14
Latest updateMay 14

Description

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDadobe/flash_player24.0.0.221

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-4vhw-m4wv-jrr8: Adobe Flash Player versions 242022-05-14
CVEList
CVE-2017-2997: Adobe Flash Player versions 242017-03-14

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple code execution issues fixed in APSB17-072017-03-14

🕵️Threat Intelligence

2
Unit42
Palo Alto Networks Unit 42 Vulnerability Research March 2017 Disclosures2017-03-16
Unit42
Palo Alto Networks Unit 42 Vulnerability Research March 2017 Disclosures2017-03-16

💬Community

21
Bugzilla
CVE-2017-15395 chromium-browser: null pointer dereference in imagecapture2017-10-18
Bugzilla
CVE-2017-5124 chromium-browser: uxss with mhtml2017-10-18
Bugzilla
CVE-2017-5129 chromium-browser: use after free in webaudio2017-10-18
Bugzilla
CVE-2017-5125 chromium-browser: heap overflow in skia2017-10-18
Bugzilla
CVE-2017-15386 chromium-browser: ui spoofing in blink2017-10-18
CVE-2017-2997 — Adobe Flash Player vulnerability | cvebase