ID CVE-2017-11305
Summary A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
References
Vulnerable Configurations
  • Adobe Flash Player 27.0.0.187 for Chrome
    cpe:2.3:a:adobe:flash_player:27.0.0.187:-:-:-:-:chrome
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Google Chrome OS
    cpe:2.3:o:google:chrome_os
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player 27.0.0.187 for Edge
    cpe:2.3:a:adobe:flash_player:27.0.0.187:-:-:-:-:edge
  • Adobe Flash Player 27.0.0.187 for Internet Explorer 11
    cpe:2.3:a:adobe:flash_player:27.0.0.187:-:-:-:-:internet_explorer_11
  • cpe:2.3:o:microsoft:windows_10
    cpe:2.3:o:microsoft:windows_10
  • cpe:2.3:o:microsoft:windows_8.1
    cpe:2.3:o:microsoft:windows_8.1
  • Adobe Flash Player 27.0.0.187
    cpe:2.3:a:adobe:flash_player:27.0.0.187
  • Apple Mac OS
    cpe:2.3:o:apple:mac_os
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 5.0
Impact:
Exploitability:
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0081.NASL
    description An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix(es) : * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 105743
    published 2018-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105743
    title RHEL 6 : flash-plugin (RHSA-2018:0081)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSB17-42.NASL
    description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 27.0.0.187. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 105175
    published 2017-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105175
    title Adobe Flash Player <= 27.0.0.187 (APSB17-42)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FLASH_PLAYER_APSB17-42.NASL
    description The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 27.0.0.187. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 105176
    published 2017-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105176
    title Adobe Flash Player for Mac <= 27.0.0.187 (APSB17-42)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_DEC_4053577.NASL
    description The remote Windows host is missing security update KB4053577. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file.
    last seen 2019-02-21
    modified 2018-09-10
    plugin id 105178
    published 2017-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105178
    title KB4053577: Security update for Adobe Flash Player (December 2017)
redhat via4
advisories
rhsa
id RHSA-2018:0081
refmap via4
bid 102139
confirm https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
sectrack 1039986
Last major update 13-12-2017 - 16:29
Published 13-12-2017 - 16:29
Last modified 11-01-2018 - 21:29
Back to Top