CVE-2017-3072

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow6 documents6 sources

Severity

8.8HIGH

EPSS

2.0%

top 16.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime Redhat Enterprise Linux +2 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5adobe_flash_player_25.0.0.148_and_earlier.Adobe Flash Player 25.0.0.148 and earlier.

▶NVDadobe/flash_player25.0.0.148

▶NVDadobe/flash_player_desktop_runtime25.0.0.163+1

▶Ubuntuflashplugin-nonfree< 25.0.0.171ubuntu0.14.04.1+1

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Enterprise Linux 6.0

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-mfj9-rqfm-mcvg: Adobe Flash Player versions 25↗2022-05-13

▶

OSV

CVE-2017-3072: Adobe Flash Player versions 25↗2017-05-09

▶

CVEList

CVE-2017-3072: Adobe Flash Player versions 25↗2017-05-09

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution issues fixed in APSB17-15↗2017-05-09

▶

💬Community

Bugzilla

CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 CVE-2017-3074 flash-plugin: multiple code execution issues fixed in APSB17-15↗2017-05-09

▶