Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3076Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Flash Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
9.8CRITICALNVD
EPSS
53.9%
top 1.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Flash Player
Timeline
PublishedJun 20
Latest updateMay 14

Description

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDadobe/flash_player25.0.0.171

🔴Vulnerability Details

3
GHSA
GHSA-vfh6-rm76-vxx7: Adobe Flash Player versions 252022-05-14
CVEList
CVE-2017-3076: Adobe Flash Player versions 252017-06-20
OSV
CVE-2017-3076: Adobe Flash Player versions 252017-06-20

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash - AVC Edge Processing Out-of-Bounds Read2017-06-23

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple code execution issues fixed in APSB17-172017-06-13

💬Community

1
Bugzilla
CVE-2017-3075 CVE-2017-3076 CVE-2017-3077 CVE-2017-3078 CVE-2017-3079 CVE-2017-3081 CVE-2017-3082 CVE-2017-3083 CVE-2017-3084 flash-plugin: multiple code execution issues fixed in APSB17-172017-06-13