CVE-2017-3000 — Sensitive Information Exposure in Adobe Flash Player

CWE-200 — Sensitive Information Exposure CWE-79 — Cross-site Scripting9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

17.1%

top 4.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime

Timeline

PublishedMar 14

Latest updateMay 14

Description

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDadobe/flash_player24.0.0.221

▶NVDadobe/flash_player_desktop_runtime24.0.0.221

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-vh5p-gf3p-64qv: Adobe Flash Player versions 24↗2022-05-14

▶

GHSA

Cross-Site Scripting (XSS) in restify↗2018-11-09

▶

CVEList

CVE-2017-3000: Adobe Flash Player versions 24↗2017-03-14

▶

💥Exploits & PoCs

Exploit-DB

Saltstack 3000.1 - Remote Code Execution↗2020-05-05

▶

Exploit-DB

Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS17-017)↗2018-03-15

▶

Exploit-DB

Panda Free Antivirus - 'PSKMAD.sys' Denial of Service↗2017-04-29

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution issues fixed in APSB17-07↗2017-03-14

▶

💬Community

Bugzilla

CVE-2017-2994 CVE-2017-2997 CVE-2017-2998 CVE-2017-2999 CVE-2017-3000 CVE-2017-3001 CVE-2017-3002 CVE-2017-3003 flash-plugin: multiple code execution issues fixed in APSB17-07↗2017-03-14

▶