ID CVE-2017-11292
Summary Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.131:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.131:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.137:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.137:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.151:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.151:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:27.0.0.130:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:27.0.0.130:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:27.0.0.159:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:27.0.0.159:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.171:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.171:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:26.0.0.120:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:26.0.0.120:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:26.0.0.151:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:26.0.0.151:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:27.0.0.130:*:*:*:*:edge:*:*
    cpe:2.3:a:adobe:flash_player:27.0.0.130:*:*:*:*:edge:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.241:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.171:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.171:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:a:adobe:flash_player:26.0.0.151:*:*:*:*:internet_explorer:*:*
    cpe:2.3:a:adobe:flash_player:26.0.0.151:*:*:*:*:internet_explorer:*:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:18.0.0.204:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:18.0.0.204:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:20.0.0.306:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.97:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.216:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.216:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:21.0.0.242:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.192:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:22.0.0.211:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.162:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.185:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.205:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.207:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:23.0.0.257:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:23.0.0.257:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.186:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.194:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:24.0.0.221:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.127:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.148:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.163:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.163:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:25.0.0.171:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:25.0.0.171:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:26.0.0.126:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:26.0.0.126:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:26.0.0.131:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:26.0.0.131:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:26.0.0.151:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:26.0.0.151:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:27.0.0.130:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:27.0.0.130:*:*:*:*:chrome:*:*
  • cpe:2.3:a:adobe:flash_player:27.0.0.159:*:*:*:*:chrome:*:*
    cpe:2.3:a:adobe:flash_player:27.0.0.159:*:*:*:*:chrome:*:*
  • cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
    cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 27-01-2023 - 19:24)
Impact:
Exploitability:
CWE CWE-843
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2017:2899
rpms flash-plugin-0:27.0.0.170-1.el6_9
refmap via4
bid 101286
confirm https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
gentoo GLSA-201710-22
sectrack 1039582
Last major update 27-01-2023 - 19:24
Published 22-10-2017 - 19:29
Last modified 27-01-2023 - 19:24
Back to Top