ID CVE-2017-3106
Summary Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player:26.0.0.137
    cpe:2.3:a:adobe:flash_player:26.0.0.137
  • Apple Mac OS
    cpe:2.3:o:apple:mac_os
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:edge
    cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:edge
  • cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:internet_explorer_11
    cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:internet_explorer_11
  • cpe:2.3:o:microsoft:windows_10
    cpe:2.3:o:microsoft:windows_10
  • cpe:2.3:o:microsoft:windows_8.1
    cpe:2.3:o:microsoft:windows_8.1
  • cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:chrome
    cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:chrome
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • cpe:2.3:o:google:chrome_os
    cpe:2.3:o:google:chrome_os
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 9.3
Impact:
Exploitability:
CWE CWE-704
CAPEC
refmap via4
bid 100190
confirm https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
sectrack 1039088
Last major update 11-08-2017 - 15:29
Published 11-08-2017 - 15:29
Last modified 16-08-2017 - 10:51
Back to Top