Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3068

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow7 documents7 sources

Severity

8.8HIGH

EPSS

68.5%

top 1.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime Redhat Enterprise Linux +2 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5adobe_flash_player_25.0.0.148_and_earlier.Adobe Flash Player 25.0.0.148 and earlier.

▶NVDadobe/flash_player25.0.0.148

▶NVDadobe/flash_player_desktop_runtime25.0.0.163+1

▶Ubuntuflashplugin-nonfree< 25.0.0.171ubuntu0.14.04.1+1

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Enterprise Linux 6.0

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-x5qr-f738-x6hv: Adobe Flash Player versions 25↗2022-05-13

▶

OSV

CVE-2017-3068: Adobe Flash Player versions 25↗2017-05-09

▶

CVEList

CVE-2017-3068: Adobe Flash Player versions 25↗2017-05-09

▶

💥Exploits & PoCs

Exploit-DB

Adobe Flash - AVC Deblocking Out-of-Bounds Read↗2017-05-17

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution issues fixed in APSB17-15↗2017-05-09

▶

💬Community

Bugzilla

CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 CVE-2017-3074 flash-plugin: multiple code execution issues fixed in APSB17-15↗2017-05-09

▶