ID CVE-2017-3106
Summary Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • Adobe Flash Player 26.0.0.137
    cpe:2.3:a:adobe:flash_player:26.0.0.137
  • Apple Mac OS
    cpe:2.3:o:apple:mac_os
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player 26.0.0.137 for Edge
    cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:edge
  • Adobe Flash Player 26.0.0.137 for Internet Explorer 11
    cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:internet_explorer_11
  • cpe:2.3:o:microsoft:windows_10
    cpe:2.3:o:microsoft:windows_10
  • cpe:2.3:o:microsoft:windows_8.1
    cpe:2.3:o:microsoft:windows_8.1
  • Adobe Flash Player 26.0.0.137 for Chrome
    cpe:2.3:a:adobe:flash_player:26.0.0.137:-:-:-:-:chrome
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • cpe:2.3:o:google:chrome_os
    cpe:2.3:o:google:chrome_os
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 9.3
Impact:
Exploitability:
CWE CWE-704
CAPEC
exploit-db via4
author Google Security Research
date 2017-08-17
description Adobe Flash - Invoke Accesses Trait Out-of-Bounds
file platforms/windows/dos/42480.txt
id 42480
platform windows
port 0
type dos
refmap via4
bid 100190
confirm https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
gentoo GLSA-201709-16
sectrack 1039088
Last major update 11-08-2017 - 15:29
Published 11-08-2017 - 15:29
Last modified 25-09-2017 - 21:29
Back to Top