Vulnerability-Lookup

CVE-2017-11292 (GCVE-0-2017-11292)

Vulnerability from cvelistv5 – Published: 2017-10-21 05:00 – Updated: 2025-10-21 23:55

CISA KEV

Summary

Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

arbitrary code execution

Assigner

adobe

References

URL

Tags

	http://www.securitytracker.com/id/1039582	vdb-entryx_refsource_SECTRACK
	https://helpx.adobe.com/security/products/flash-p…	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201710-22	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/101286	vdb-entryx_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:2899	vendor-advisoryx_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	Adobe Flash Player version 27.0.0.159 and earlier	Affected: Adobe Flash Player version 27.0.0.159 and earlier

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: c5f9ab5b-f327-4878-a0e4-372fa383c412

Vulnerability ID: CVE-2017-11292

Status: Confirmed

Status Updated: 2022-03-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2022-03-03

Asserted: 2022-03-03

Scope

Notes: KEV entry: Adobe Flash Player Type Confusion Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-11292

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-843
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Flash Player
Due Date	2022-03-24
Date Added	2022-03-03
Vendorproject	Adobe
Vulnerabilityname	Adobe Flash Player Type Confusion Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2017-11292

Created: 2026-02-02 12:28 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:05:30.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039582",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039582"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
          },
          {
            "name": "GLSA-201710-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-22"
          },
          {
            "name": "101286",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101286"
          },
          {
            "name": "RHSA-2017:2899",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2899"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-11292",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T21:33:29.862857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:30.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00+00:00",
            "value": "CVE-2017-11292 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Flash Player version 27.0.0.159 and earlier",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe Flash Player version 27.0.0.159 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-10-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-07T10:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "1039582",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039582"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
        },
        {
          "name": "GLSA-201710-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-22"
        },
        {
          "name": "101286",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101286"
        },
        {
          "name": "RHSA-2017:2899",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2899"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2017-11292",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Flash Player version 27.0.0.159 and earlier",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe Flash Player version 27.0.0.159 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039582",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039582"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
            },
            {
              "name": "GLSA-201710-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-22"
            },
            {
              "name": "101286",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101286"
            },
            {
              "name": "RHSA-2017:2899",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2899"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2017-11292",
    "datePublished": "2017-10-21T05:00:00.000Z",
    "dateReserved": "2017-07-13T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:30.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2017-11292",
      "cwes": "[\"CWE-843\"]",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-11292",
      "product": "Flash Player",
      "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "shortDescription": "Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Type Confusion Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-03-24",
      "cisaExploitAdd": "2022-03-03",
      "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "cisaVulnerabilityName": "Adobe Flash Player Type Confusion Vulnerability",
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"27.0.0.159\", \"matchCriteriaId\": \"BE22B5D8-0B12-4058-A369-AC20E57630B6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\", \"versionEndIncluding\": \"27.0.0.130\", \"matchCriteriaId\": \"B06EC24D-217E-4362-90A6-F07C03765797\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\", \"versionEndIncluding\": \"27.0.0.130\", \"matchCriteriaId\": \"0C270BC4-E41E-4DBE-B2CC-22A6626F7C56\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21540673-614A-4D40-8BD7-3F07723803B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\", \"versionEndIncluding\": \"27.0.0.159\", \"matchCriteriaId\": \"31607166-57B0-4CA2-A05A-DF30F0A70EB8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Adobe Flash Player en sus versiones 27.0.0.159 y anteriores tiene un procedimiento de verificaci\\u00f3n de c\\u00f3digo de bytes con errores, lo que permite que un valor que no es de confianza se emplee en el c\\u00e1lculo de un \\u00edndice de arrays. Esto puede llevar a una confusi\\u00f3n de tipos, y la explotaci\\u00f3n con \\u00e9xito podr\\u00eda desembocar en la ejecuci\\u00f3n de c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2017-11292",
      "lastModified": "2024-11-21T03:07:29.570",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-10-22T19:29:00.237",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/101286\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039582\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2899\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-32.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201710-22\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/101286\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039582\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2899\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-32.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201710-22\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-11292\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2017-10-22T19:29:00.237\",\"lastModified\":\"2025-10-22T00:16:01.620\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Adobe Flash Player en sus versiones 27.0.0.159 y anteriores tiene un procedimiento de verificaci\u00f3n de c\u00f3digo de bytes con errores, lo que permite que un valor que no es de confianza se emplee en el c\u00e1lculo de un \u00edndice de arrays. Esto puede llevar a una confusi\u00f3n de tipos, y la explotaci\u00f3n con \u00e9xito podr\u00eda desembocar en la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-03-03\",\"cisaActionDue\":\"2022-03-24\",\"cisaRequiredAction\":\"The impacted product is end-of-life and should be disconnected if still in use.\",\"cisaVulnerabilityName\":\"Adobe Flash Player Type Confusion Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"27.0.0.159\",\"matchCriteriaId\":\"BE22B5D8-0B12-4058-A369-AC20E57630B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\",\"versionEndIncluding\":\"27.0.0.130\",\"matchCriteriaId\":\"B06EC24D-217E-4362-90A6-F07C03765797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\",\"versionEndIncluding\":\"27.0.0.130\",\"matchCriteriaId\":\"0C270BC4-E41E-4DBE-B2CC-22A6626F7C56\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\",\"versionEndIncluding\":\"27.0.0.159\",\"matchCriteriaId\":\"31607166-57B0-4CA2-A05A-DF30F0A70EB8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101286\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039582\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2899\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb17-32.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-22\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039582\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb17-32.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201710-22\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Adobe Flash Player version 27.0.0.159 and earlier\", \"vendor\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"Adobe Flash Player version 27.0.0.159 and earlier\"}]}], \"datePublic\": \"2017-10-21T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"arbitrary code execution\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2017-12-07T10:57:01.000Z\", \"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\"}, \"references\": [{\"name\": \"1039582\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"], \"url\": \"http://www.securitytracker.com/id/1039582\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-32.html\"}, {\"name\": \"GLSA-201710-22\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"], \"url\": \"https://security.gentoo.org/glsa/201710-22\"}, {\"name\": \"101286\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"], \"url\": \"http://www.securityfocus.com/bid/101286\"}, {\"name\": \"RHSA-2017:2899\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2899\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@adobe.com\", \"ID\": \"CVE-2017-11292\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Adobe Flash Player version 27.0.0.159 and earlier\", \"version\": {\"version_data\": [{\"version_value\": \"Adobe Flash Player version 27.0.0.159 and earlier\"}]}}]}, \"vendor_name\": \"n/a\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"arbitrary code execution\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"1039582\", \"refsource\": \"SECTRACK\", \"url\": \"http://www.securitytracker.com/id/1039582\"}, {\"name\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-32.html\", \"refsource\": \"CONFIRM\", \"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-32.html\"}, {\"name\": \"GLSA-201710-22\", \"refsource\": \"GENTOO\", \"url\": \"https://security.gentoo.org/glsa/201710-22\"}, {\"name\": \"101286\", \"refsource\": \"BID\", \"url\": \"http://www.securityfocus.com/bid/101286\"}, {\"name\": \"RHSA-2017:2899\", \"refsource\": \"REDHAT\", \"url\": \"https://access.redhat.com/errata/RHSA-2017:2899\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T18:05:30.368Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"1039582\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"], \"url\": \"http://www.securitytracker.com/id/1039582\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-32.html\"}, {\"name\": \"GLSA-201710-22\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"], \"url\": \"https://security.gentoo.org/glsa/201710-22\"}, {\"name\": \"101286\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"], \"url\": \"http://www.securityfocus.com/bid/101286\"}, {\"name\": \"RHSA-2017:2899\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"], \"url\": \"https://access.redhat.com/errata/RHSA-2017:2899\"}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-11292\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T21:33:29.862857Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T21:33:32.703Z\"}, \"timeline\": [{\"time\": \"2022-03-03T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2017-11292 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"assignerShortName\": \"adobe\", \"cveId\": \"CVE-2017-11292\", \"datePublished\": \"2017-10-21T05:00:00.000Z\", \"dateReserved\": \"2017-07-13T00:00:00.000Z\", \"dateUpdated\": \"2025-10-21T19:55:30.775Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2017-33575

Vulnerability from cnvd - Published: 2017-11-10

Title

Adobe Flash Player任意代码执行漏洞（CNVD-2017-33575）

Description

Adobe Flash Player是多媒体程序播放器。 Adobe Flash Player在实现上存在任意代码执行漏洞，攻击者可利用此漏洞在受影响应用上下文中执行任意代码。

Severity

中

Patch Name

Adobe Flash Player任意代码执行漏洞（CNVD-2017-33575）的补丁

Patch Description

Adobe Flash Player是多媒体程序播放器。 Adobe Flash Player在实现上存在任意代码执行漏洞，攻击者可利用此漏洞在受影响应用上下文中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-11292

Impacted products

Name
Adobe Flash Player <=27.0.0.159

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11292"
    }
  },
  "description": "Adobe Flash Player\u662f\u591a\u5a92\u4f53\u7a0b\u5e8f\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33575",
  "openTime": "2017-11-10",
  "patchDescription": "Adobe Flash Player\u662f\u591a\u5a92\u4f53\u7a0b\u5e8f\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2017-33575\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Flash Player \u003c=27.0.0.159"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-11292",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-17",
  "title": "Adobe Flash Player\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2017-33575\uff09"
}

GSD-2017-11292

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-11292

Aliases

CVE-2017-11292

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-11292",
    "description": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.",
    "id": "GSD-2017-11292",
    "references": [
      "https://access.redhat.com/errata/RHSA-2017:2899",
      "https://advisories.mageia.org/CVE-2017-11292.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-11292"
      ],
      "details": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.",
      "id": "GSD-2017-11292",
      "modified": "2023-12-13T01:21:15.135599Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2017-11292",
      "dateAdded": "2022-03-03",
      "dueDate": "2022-03-24",
      "product": "Flash Player",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Flash Player Type Confusion Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2017-11292",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Flash Player version 27.0.0.159 and earlier",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Adobe Flash Player version 27.0.0.159 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1039582",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039582"
          },
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
          },
          {
            "name": "GLSA-201710-22",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201710-22"
          },
          {
            "name": "101286",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101286"
          },
          {
            "name": "RHSA-2017:2899",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:2899"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "27.0.0.159",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "27.0.0.130",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "27.0.0.130",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "27.0.0.159",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2017-11292"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-843"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
            },
            {
              "name": "GLSA-201710-22",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201710-22"
            },
            {
              "name": "1039582",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039582"
            },
            {
              "name": "101286",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101286"
            },
            {
              "name": "RHSA-2017:2899",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2899"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-27T19:24Z",
      "publishedDate": "2017-10-22T19:29Z"
    }
  }
}

RHSA-2017_2899

Vulnerability from csaf_redhat - Published: 2017-10-17 10:36 - Updated: 2024-11-14 21:44

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.170. Security Fix(es): * This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-11292)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 27.0.0.170.\n\nSecurity Fix(es):\n\n* This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-11292)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:2899",
        "url": "https://access.redhat.com/errata/RHSA-2017:2899"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
      },
      {
        "category": "external",
        "summary": "1502726",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502726"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2899.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-14T21:44:47+00:00",
      "generator": {
        "date": "2024-11-14T21:44:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2017:2899",
      "initial_release_date": "2017-10-17T10:36:44+00:00",
      "revision_history": [
        {
          "date": "2017-10-17T10:36:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-10-17T10:36:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T21:44:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
                "product": {
                  "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
                  "product_id": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@27.0.0.170-1.el6_9?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11292",
      "discovery_date": "2017-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1502726"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: remote code execution vulnerability (APSB17-32)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-11292"
        },
        {
          "category": "external",
          "summary": "RHBZ#1502726",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502726"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-11292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-11292"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11292",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11292"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2017-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-10-17T10:36:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:2899"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: remote code execution vulnerability (APSB17-32)"
    }
  ]
}

RHSA-2017:2899

Vulnerability from csaf_redhat - Published: 2017-10-17 10:36 - Updated: 2025-11-21 18:02

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 27.0.0.170.\n\nSecurity Fix(es):\n\n* This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-11292)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:2899",
        "url": "https://access.redhat.com/errata/RHSA-2017:2899"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
      },
      {
        "category": "external",
        "summary": "1502726",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502726"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2899.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:02:37+00:00",
      "generator": {
        "date": "2025-11-21T18:02:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2017:2899",
      "initial_release_date": "2017-10-17T10:36:44+00:00",
      "revision_history": [
        {
          "date": "2017-10-17T10:36:44+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-10-17T10:36:44+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:02:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
                "product": {
                  "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
                  "product_id": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@27.0.0.170-1.el6_9?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:27.0.0.170-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:27.0.0.170-1.el6_9.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11292",
      "discovery_date": "2017-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1502726"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: remote code execution vulnerability (APSB17-32)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-11292"
        },
        {
          "category": "external",
          "summary": "RHBZ#1502726",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502726"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-11292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-11292"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11292",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11292"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2017-10-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-10-17T10:36:44+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:2899"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:27.0.0.170-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: remote code execution vulnerability (APSB17-32)"
    }
  ]
}

FKIE_CVE-2017-11292

Vulnerability from fkie_nvd - Published: 2017-10-22 19:29 - Updated: 2025-10-22 00:16

CISA KEV

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://www.securityfocus.com/bid/101286	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.securitytracker.com/id/1039582	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	https://access.redhat.com/errata/RHSA-2017:2899	Third Party Advisory
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb17-32.html	Patch, Vendor Advisory
psirt@adobe.com	https://security.gentoo.org/glsa/201710-22	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101286	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039582	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2017:2899	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb17-32.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201710-22	Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292

Impacted products

Vendor	Product	Version
adobe	flash_player_desktop_runtime	*
apple	mac_os_x	-
linux	linux_kernel	-
microsoft	windows	-
adobe	flash_player	*
adobe	flash_player	*
microsoft	windows_10	-
microsoft	windows_8.1	-
adobe	flash_player	*
apple	mac_os_x	-
google	chrome_os	-
linux	linux_kernel	-
microsoft	windows	-
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0

JSON

To clipboard

{
  "cisaActionDue": "2022-03-24",
  "cisaExploitAdd": "2022-03-03",
  "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
  "cisaVulnerabilityName": "Adobe Flash Player Type Confusion Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE22B5D8-0B12-4058-A369-AC20E57630B6",
              "versionEndIncluding": "27.0.0.159",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "B06EC24D-217E-4362-90A6-F07C03765797",
              "versionEndIncluding": "27.0.0.130",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
              "matchCriteriaId": "0C270BC4-E41E-4DBE-B2CC-22A6626F7C56",
              "versionEndIncluding": "27.0.0.130",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "31607166-57B0-4CA2-A05A-DF30F0A70EB8",
              "versionEndIncluding": "27.0.0.159",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player en sus versiones 27.0.0.159 y anteriores tiene un procedimiento de verificaci\u00f3n de c\u00f3digo de bytes con errores, lo que permite que un valor que no es de confianza se emplee en el c\u00e1lculo de un \u00edndice de arrays. Esto puede llevar a una confusi\u00f3n de tipos, y la explotaci\u00f3n con \u00e9xito podr\u00eda desembocar en la ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2017-11292",
  "lastModified": "2025-10-22T00:16:01.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2017-10-22T19:29:00.237",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101286"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039582"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2899"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201710-22"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-F6X6-GF9M-8CC3

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2025-10-22 00:31

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-11292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-22T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-f6x6-gf9m-8cc3",
  "modified": "2025-10-22T00:31:29Z",
  "published": "2022-05-13T01:02:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11292"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2899"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201710-22"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101286"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039582"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2017-AVI-355

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 27.0.0.159 et antérieures sur Windows, Macintosh et Linux
Adobe	N/A	Adobe Flash Player pour Google Chrome versions 27.0.0.159 et antérieures sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions 27.0.0.130 et antérieures sur Windows 10 and 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB17-28 du 12 octobre 2017	None	vendor-advisory
Bulletin de sécurité Adobe APSB17-32 du 16 octobre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player Desktop Runtime versions 27.0.0.159 et ant\u00e9rieures sur Windows, Macintosh et Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions 27.0.0.159 et ant\u00e9rieures sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions 27.0.0.130 et ant\u00e9rieures sur Windows 10 and 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11281"
    },
    {
      "name": "CVE-2017-11292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11292"
    },
    {
      "name": "CVE-2017-11282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11282"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-355",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Flash Player.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB17-28 du 12 octobre 2017",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-28.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB17-32 du 16 octobre 2017",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
    }
  ]
}

CERTFR-2017-AVI-355

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 27.0.0.159 et antérieures sur Windows, Macintosh et Linux
Adobe	N/A	Adobe Flash Player pour Google Chrome versions 27.0.0.159 et antérieures sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions 27.0.0.130 et antérieures sur Windows 10 and 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB17-28 du 12 octobre 2017	None	vendor-advisory
Bulletin de sécurité Adobe APSB17-32 du 16 octobre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player Desktop Runtime versions 27.0.0.159 et ant\u00e9rieures sur Windows, Macintosh et Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions 27.0.0.159 et ant\u00e9rieures sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions 27.0.0.130 et ant\u00e9rieures sur Windows 10 and 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11281"
    },
    {
      "name": "CVE-2017-11292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11292"
    },
    {
      "name": "CVE-2017-11282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11282"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-355",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Flash Player.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB17-28 du 12 octobre 2017",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-28.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB17-32 du 16 octobre 2017",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-11292 (GCVE-0-2017-11292)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Tags

Sightings

Nomenclature