ID CVE-2017-3073
Summary Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0.0.204:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0.0.204:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.216:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.216:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.257:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.257:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:chrome:*:*
  • cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
    cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-01-2023 - 17:21)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
rhsa
id RHSA-2017:1219
rpms flash-plugin-0:25.0.0.171-1.el6_9
refmap via4
bid 98349
confirm https://helpx.adobe.com/security/products/flash-player/apsb17-15.html
gentoo GLSA-201705-12
sectrack 1038427
Last major update 30-01-2023 - 17:21
Published 09-05-2017 - 16:29
Last modified 30-01-2023 - 17:21
Back to Top