ID CVE-2017-3075
Summary Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • Adobe Flash Player 25.0.0.171 for Edge
    cpe:2.3:a:adobe:flash_player:25.0.0.171:-:-:-:-:edge
  • Adobe Flash Player 25.0.0.171 for Internet Explorer
    cpe:2.3:a:adobe:flash_player:25.0.0.171:-:-:-:-:internet_explorer
  • cpe:2.3:o:microsoft:windows_10
    cpe:2.3:o:microsoft:windows_10
  • cpe:2.3:o:microsoft:windows_8.1
    cpe:2.3:o:microsoft:windows_8.1
  • Adobe Flash Player 25.0.0.171 for Chrome
    cpe:2.3:a:adobe:flash_player:25.0.0.171:-:-:-:-:chrome
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Google Chrome OS
    cpe:2.3:o:google:chrome_os
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player 25.0.0.171
    cpe:2.3:a:adobe:flash_player:25.0.0.171
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FLASH_PLAYER_APSB17-17.NASL
    description The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 25.0.0.171. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 100757
    published 2017-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100757
    title Adobe Flash Player for Mac <= 25.0.0.171 Multiple Vulnerabilities (APSB17-17)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CD944B3F51F611E7B7B2001C25E46B1D.NASL
    description Adobe reports : - These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084). - These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100829
    published 2017-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100829
    title FreeBSD : Flash Player -- multiple vulnerabilities (cd944b3f-51f6-11e7-b7b2-001c25e46b1d)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSB17-17.NASL
    description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 25.0.0.171. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 100756
    published 2017-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100756
    title Adobe Flash Player <= 25.0.0.171 Multiple Vulnerabilities (APSB17-17)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201707-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201707-15 (Adobe Flash Player: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 101924
    published 2017-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101924
    title GLSA-201707-15 : Adobe Flash Player: Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1439.NASL
    description An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.126. Security Fix(es) : * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 100778
    published 2017-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100778
    title RHEL 6 : flash-plugin (RHSA-2017:1439)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS17_JUN_4022730.NASL
    description The remote Windows host is missing security update KB4022730. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082)
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 100766
    published 2017-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100766
    title KB4022730: Security update for Adobe Flash Player (June 2017)
redhat via4
advisories
rhsa
id RHSA-2017:1439
refmap via4
bid 99023
confirm https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
gentoo GLSA-201707-15
sectrack 1038655
Last major update 20-06-2017 - 13:29
Published 20-06-2017 - 13:29
Last modified 04-01-2018 - 21:31
Back to Top