CVE-2017-3073

CWE-416 — Use After Free7 documents6 sources

Severity

8.8HIGH

EPSS

1.8%

top 17.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime Redhat Enterprise Linux +2 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5adobe_flash_player_25.0.0.148_and_earlier.Adobe Flash Player 25.0.0.148 and earlier.

▶NVDadobe/flash_player25.0.0.148

▶NVDadobe/flash_player_desktop_runtime25.0.0.163+1

▶Ubuntuflashplugin-nonfree< 25.0.0.171ubuntu0.14.04.1+1

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Enterprise Linux 6.0

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-r88h-g29r-792h: Adobe Flash Player versions 25↗2022-05-13

▶

OSV

CVE-2017-3073: Adobe Flash Player versions 25↗2017-05-09

▶

CVEList

CVE-2017-3073: Adobe Flash Player versions 25↗2017-05-09

▶

📋Vendor Advisories

Red Hat

flash-plugin: multiple code execution issues fixed in APSB17-15↗2017-05-09

▶

💬Community

Bugzilla

CVE-2017-18205 zsh: NULL dereference in cd in sh compatibility mode under given circumstances↗2018-02-27

▶

Bugzilla

CVE-2017-3068 CVE-2017-3069 CVE-2017-3070 CVE-2017-3071 CVE-2017-3072 CVE-2017-3073 CVE-2017-3074 flash-plugin: multiple code execution issues fixed in APSB17-15↗2017-05-09

▶