ID CVE-2017-2992
Summary Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0.0.204:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0.0.204:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.216:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.216:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.257:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.257:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:chrome:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
    cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 17-11-2022 - 17:51)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
rhsa
id RHSA-2017:0275
rpms flash-plugin-0:24.0.0.221-1.el6_8
refmap via4
bid 96193
confirm https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
exploit-db 41420
gentoo GLSA-201702-20
sectrack 1037815
Last major update 17-11-2022 - 17:51
Published 15-02-2017 - 06:59
Last modified 17-11-2022 - 17:51
Back to Top