CVE-2017-2998Out-of-bounds Write in Adobe Flash Player

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
8.8HIGHNVD
EPSS
3.1%
top 13.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe Flash PlayerAdobe Flash Player Desktop Runtime
Timeline
PublishedMar 14
Latest updateMay 14

Description

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDadobe/flash_player24.0.0.221

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-9mf8-jm57-rfw8: Adobe Flash Player versions 242022-05-14
CVEList
CVE-2017-2998: Adobe Flash Player versions 242017-03-14

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple code execution issues fixed in APSB17-072017-03-14

🕵️Threat Intelligence

1
Unit42
Palo Alto Networks Unit 42 Vulnerability Research March 2017 Disclosures2017-03-16

💬Community

3
Bugzilla
CVE-2017-10285 OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966)2017-10-13
Bugzilla
CVE-2017-10346 OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)2017-10-13
Bugzilla
CVE-2017-2994 CVE-2017-2997 CVE-2017-2998 CVE-2017-2999 CVE-2017-3000 CVE-2017-3001 CVE-2017-3002 CVE-2017-3003 flash-plugin: multiple code execution issues fixed in APSB17-072017-03-14
CVE-2017-2998 — Out-of-bounds Write in Adobe | cvebase