CVE-2017-3080

CWE-200 — Information Exposure6 documents6 sources

Severity

6.5MEDIUM

EPSS

3.8%

top 11.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime

Timeline

PublishedJul 17

Latest updateMay 13

Description

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5adobe_flash_player_26.0.0.131_and_earlier.Adobe Flash Player 26.0.0.131 and earlier.

▶NVDadobe/flash_player26.0.0.120+1

▶NVDadobe/flash_player_desktop_runtime26.0.0.131

▶Ubuntuflashplugin-nonfree< 26.0.0.137ubuntu0.14.04.1+1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-pcx3-v62r-wwm3: Adobe Flash Player versions 26↗2022-05-13

▶

OSV

CVE-2017-3080: Adobe Flash Player versions 26↗2017-07-17

▶

CVEList

CVE-2017-3080: Adobe Flash Player versions 26↗2017-07-14

▶

📋Vendor Advisories

Red Hat

flash-plugin: information disclosure issues fixed in APSB17-21↗2017-07-11

▶

💬Community

Bugzilla

CVE-2017-3080 CVE-2017-3100 flash-plugin: information disclosure issues fixed in APSB17-21↗2017-07-11

▶