Vulnerability-Lookup

CVE-2017-2930 (GCVE-0-2017-2930)

Vulnerability from cvelistv5 – Published: 2017-01-11 04:40 – Updated: 2024-08-05 14:09

Summary

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.

Severity

No CVSS data available.

CWE

Memory Corruption

Assigner

adobe

References

9 references

URL	Tags
https://security.gentoo.org/glsa/201702-20	vendor-advisoryx_refsource_GENTOO
https://www.exploit-db.com/exploits/41012/	exploitx_refsource_EXPLOIT-DB
https://helpx.adobe.com/security/products/flash-p…	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0057.html	vendor-advisoryx_refsource_REDHAT
https://www.exploit-db.com/exploits/41008/	exploitx_refsource_EXPLOIT-DB
https://cosig.gouv.qc.ca/en/cosig-2017-01-en/	x_refsource_MISC
http://www.securitytracker.com/id/1037570	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/95350	vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/140463/Adobe…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Adobe Flash Player 24.0.0.186 and earlier.	Affected: Adobe Flash Player 24.0.0.186 and earlier.

Date Public

2017-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:09:17.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201702-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-20"
          },
          {
            "name": "41012",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41012/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
          },
          {
            "name": "RHSA-2017:0057",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
          },
          {
            "name": "41008",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41008/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/"
          },
          {
            "name": "1037570",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037570"
          },
          {
            "name": "95350",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95350"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Flash Player 24.0.0.186 and earlier.",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe Flash Player 24.0.0.186 and earlier."
            }
          ]
        }
      ],
      "datePublic": "2017-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "GLSA-201702-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-20"
        },
        {
          "name": "41012",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41012/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
        },
        {
          "name": "RHSA-2017:0057",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
        },
        {
          "name": "41008",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41008/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/"
        },
        {
          "name": "1037570",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037570"
        },
        {
          "name": "95350",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95350"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2017-2930",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Flash Player 24.0.0.186 and earlier.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe Flash Player 24.0.0.186 and earlier."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Corruption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201702-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-20"
            },
            {
              "name": "41012",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41012/"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
            },
            {
              "name": "RHSA-2017:0057",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
            },
            {
              "name": "41008",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41008/"
            },
            {
              "name": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/",
              "refsource": "MISC",
              "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/"
            },
            {
              "name": "1037570",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037570"
            },
            {
              "name": "95350",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95350"
            },
            {
              "name": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2017-2930",
    "datePublished": "2017-01-11T04:40:00.000Z",
    "dateReserved": "2016-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-05T14:09:17.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-2930",
      "date": "2026-05-27",
      "epss": "0.81971",
      "percentile": "0.99224"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\", \"versionEndIncluding\": \"24.0.0.186\", \"matchCriteriaId\": \"259FB981-3C1A-4846-B15B-D17973BF1016\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\", \"versionEndIncluding\": \"24.0.0.186\", \"matchCriteriaId\": \"386E1058-968D-4710-8816-120E1A2D2789\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\", \"versionEndIncluding\": \"24.0.0.186\", \"matchCriteriaId\": \"FE5F67AB-339F-4664-803C-2EB4B03C5286\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21540673-614A-4D40-8BD7-3F07723803B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"24.0.0.186\", \"matchCriteriaId\": \"02ED3FF7-F6B7-458F-B314-897E19EA364F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Las versiones Adobe Flash Player 24.0.0.186 y anteriores tienen una vulnerabilidad de corrupci\\u00f3n de memoria explotable debido a un error de concurrencia cuando manipulan una lista de visualizaci\\u00f3n. Una explotaci\\u00f3n satisfactoria podr\\u00eda conducir a la ejecuci\\u00f3n de c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2017-2930",
      "lastModified": "2024-11-21T03:24:28.803",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-01-11T04:59:00.383",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0057.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95350\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037570\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cosig.gouv.qc.ca/en/cosig-2017-01-en/\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-02.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201702-20\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/41008/\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/41012/\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2017-0057.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95350\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037570\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cosig.gouv.qc.ca/en/cosig-2017-01-en/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-02.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201702-20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/41008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/41012/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2930\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2017-01-11T04:59:00.383\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Las versiones Adobe Flash Player 24.0.0.186 y anteriores tienen una vulnerabilidad de corrupci\u00f3n de memoria explotable debido a un error de concurrencia cuando manipulan una lista de visualizaci\u00f3n. Una explotaci\u00f3n satisfactoria podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\",\"versionEndIncluding\":\"24.0.0.186\",\"matchCriteriaId\":\"259FB981-3C1A-4846-B15B-D17973BF1016\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\",\"versionEndIncluding\":\"24.0.0.186\",\"matchCriteriaId\":\"386E1058-968D-4710-8816-120E1A2D2789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\",\"versionEndIncluding\":\"24.0.0.186\",\"matchCriteriaId\":\"FE5F67AB-339F-4664-803C-2EB4B03C5286\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"24.0.0.186\",\"matchCriteriaId\":\"02ED3FF7-F6B7-458F-B314-897E19EA364F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0057.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95350\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037570\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cosig.gouv.qc.ca/en/cosig-2017-01-en/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb17-02.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-20\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41008/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/41012/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0057.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037570\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cosig.gouv.qc.ca/en/cosig-2017-01-en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb17-02.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/41012/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2017-AVI-006

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 24.0.0.194 sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 24.0.0.194 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 24.0.0.194 sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Linux versions antérieures à 24.0.0.194 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB17-02 du 10 janvier 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 24.0.0.194 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 24.0.0.194 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 24.0.0.194 sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Linux versions ant\u00e9rieures \u00e0 24.0.0.194 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2927"
    },
    {
      "name": "CVE-2017-2933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2933"
    },
    {
      "name": "CVE-2017-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2934"
    },
    {
      "name": "CVE-2017-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2928"
    },
    {
      "name": "CVE-2017-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2935"
    },
    {
      "name": "CVE-2017-2932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2932"
    },
    {
      "name": "CVE-2017-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2930"
    },
    {
      "name": "CVE-2017-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2936"
    },
    {
      "name": "CVE-2017-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2926"
    },
    {
      "name": "CVE-2017-2931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2931"
    },
    {
      "name": "CVE-2017-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2925"
    },
    {
      "name": "CVE-2017-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2938"
    },
    {
      "name": "CVE-2017-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2937"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-006",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAdobe Flash Player\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB17-02 du 10 janvier 2017",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
    }
  ]
}

CERTFR-2017-AVI-007

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les bibliothèques Adobe Flash contenues dans Internet Explorer 10 et Internet Explorer 11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft ms17-003 du 10 janvier 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes biblioth\u00e8ques Adobe Flash contenues dans Internet Explorer  10 et Internet Explorer 11\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2927"
    },
    {
      "name": "CVE-2017-2933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2933"
    },
    {
      "name": "CVE-2017-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2934"
    },
    {
      "name": "CVE-2017-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2928"
    },
    {
      "name": "CVE-2017-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2935"
    },
    {
      "name": "CVE-2017-2932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2932"
    },
    {
      "name": "CVE-2017-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2930"
    },
    {
      "name": "CVE-2017-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2936"
    },
    {
      "name": "CVE-2017-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2926"
    },
    {
      "name": "CVE-2017-2931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2931"
    },
    {
      "name": "CVE-2017-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2925"
    },
    {
      "name": "CVE-2017-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2937"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-007",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ms17-003 du 10 janvier 2017",
      "url": "https://technet.microsoft.com/fr-fr/library/security/ms17-003.aspx"
    }
  ]
}

CERTFR-2017-AVI-008

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Edge

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft ms17-003 du 10 janvier 2017	None	vendor-advisory
Bulletin de sécurité Microsoft ms17-001 du 10 janvier 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Edge\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2927"
    },
    {
      "name": "CVE-2017-2933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2933"
    },
    {
      "name": "CVE-2017-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2934"
    },
    {
      "name": "CVE-2017-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2928"
    },
    {
      "name": "CVE-2017-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2935"
    },
    {
      "name": "CVE-2017-2932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2932"
    },
    {
      "name": "CVE-2017-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2930"
    },
    {
      "name": "CVE-2017-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2936"
    },
    {
      "name": "CVE-2017-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2926"
    },
    {
      "name": "CVE-2017-2931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2931"
    },
    {
      "name": "CVE-2017-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2925"
    },
    {
      "name": "CVE-2017-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2937"
    },
    {
      "name": "CVE-2017-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0002"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ms17-003 du 10 janvier 2017",
      "url": "https://technet.microsoft.com/fr-fr/library/security/ms17-003.aspx"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ms17-001 du 10 janvier 2017",
      "url": "https://technet.microsoft.com/fr-fr/library/security/ms17-001.aspx"
    }
  ]
}

CERTFR-2017-AVI-006

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 24.0.0.194 sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 24.0.0.194 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 24.0.0.194 sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Linux versions antérieures à 24.0.0.194 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB17-02 du 10 janvier 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 24.0.0.194 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 24.0.0.194 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 24.0.0.194 sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Linux versions ant\u00e9rieures \u00e0 24.0.0.194 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2927"
    },
    {
      "name": "CVE-2017-2933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2933"
    },
    {
      "name": "CVE-2017-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2934"
    },
    {
      "name": "CVE-2017-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2928"
    },
    {
      "name": "CVE-2017-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2935"
    },
    {
      "name": "CVE-2017-2932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2932"
    },
    {
      "name": "CVE-2017-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2930"
    },
    {
      "name": "CVE-2017-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2936"
    },
    {
      "name": "CVE-2017-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2926"
    },
    {
      "name": "CVE-2017-2931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2931"
    },
    {
      "name": "CVE-2017-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2925"
    },
    {
      "name": "CVE-2017-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2938"
    },
    {
      "name": "CVE-2017-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2937"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-006",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAdobe Flash Player\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB17-02 du 10 janvier 2017",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
    }
  ]
}

CERTFR-2017-AVI-007

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les bibliothèques Adobe Flash contenues dans Internet Explorer 10 et Internet Explorer 11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft ms17-003 du 10 janvier 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes biblioth\u00e8ques Adobe Flash contenues dans Internet Explorer  10 et Internet Explorer 11\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2927"
    },
    {
      "name": "CVE-2017-2933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2933"
    },
    {
      "name": "CVE-2017-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2934"
    },
    {
      "name": "CVE-2017-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2928"
    },
    {
      "name": "CVE-2017-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2935"
    },
    {
      "name": "CVE-2017-2932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2932"
    },
    {
      "name": "CVE-2017-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2930"
    },
    {
      "name": "CVE-2017-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2936"
    },
    {
      "name": "CVE-2017-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2926"
    },
    {
      "name": "CVE-2017-2931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2931"
    },
    {
      "name": "CVE-2017-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2925"
    },
    {
      "name": "CVE-2017-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2937"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-007",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ms17-003 du 10 janvier 2017",
      "url": "https://technet.microsoft.com/fr-fr/library/security/ms17-003.aspx"
    }
  ]
}

CERTFR-2017-AVI-008

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Edge

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft ms17-003 du 10 janvier 2017	None	vendor-advisory
Bulletin de sécurité Microsoft ms17-001 du 10 janvier 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eMicrosoft Edge\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2927"
    },
    {
      "name": "CVE-2017-2933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2933"
    },
    {
      "name": "CVE-2017-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2934"
    },
    {
      "name": "CVE-2017-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2928"
    },
    {
      "name": "CVE-2017-2935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2935"
    },
    {
      "name": "CVE-2017-2932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2932"
    },
    {
      "name": "CVE-2017-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2930"
    },
    {
      "name": "CVE-2017-2936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2936"
    },
    {
      "name": "CVE-2017-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2926"
    },
    {
      "name": "CVE-2017-2931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2931"
    },
    {
      "name": "CVE-2017-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2925"
    },
    {
      "name": "CVE-2017-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2937"
    },
    {
      "name": "CVE-2017-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0002"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-008",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ms17-003 du 10 janvier 2017",
      "url": "https://technet.microsoft.com/fr-fr/library/security/ms17-003.aspx"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ms17-001 du 10 janvier 2017",
      "url": "https://technet.microsoft.com/fr-fr/library/security/ms17-001.aspx"
    }
  ]
}

CNVD-2017-00375

Vulnerability from cnvd - Published: 2017-01-12

Title

Adobe Flash Player内存破坏漏洞（CNVD-2017-00375）

Description

Adobe Flash Player是美国Adobe公司开发的一款是一种广泛使用的、专有的多媒体程序播放器。 Adobe Flash Player中存在内存破坏漏洞，攻击者可利用漏洞控制受影响的系统，导致任意代码执行。

Severity

高

Patch Name

Adobe Flash Player内存破坏漏洞（CNVD-2017-00375）的补丁

Patch Description

Adobe Flash Player是美国Adobe公司开发的一款是一种广泛使用的、专有的多媒体程序播放器。 Adobe Flash Player中存在内存破坏漏洞，攻击者可利用漏洞控制受影响的系统，导致任意代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/flash-player/apsb17-02.html

Reference

https://helpx.adobe.com/security/products/flash-player/apsb17-02.html

Impacted products

Name
Adobe Flash Player <=24.0.0.186

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2930"
    }
  },
  "description": "Adobe Flash Player\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e \u662f\u4e00\u79cd\u5e7f\u6cdb\u4f7f\u7528\u7684\u3001\u4e13\u6709\u7684\u591a\u5a92\u4f53\u7a0b\u5e8f\u64ad\u653e\u5668\u3002 \r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "discovererName": "Francis Provencher of COSIG",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00375",
  "openTime": "2017-01-12",
  "patchDescription": "Adobe Flash Player\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e \u662f\u4e00\u79cd\u5e7f\u6cdb\u4f7f\u7528\u7684\u3001\u4e13\u6709\u7684\u591a\u5a92\u4f53\u7a0b\u5e8f\u64ad\u653e\u5668\u3002 \r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-00375\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Flash Player \u003c=24.0.0.186"
  },
  "referenceLink": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-01-11",
  "title": "Adobe Flash Player\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2017-00375\uff09"
}

FKIE_CVE-2017-2930

Vulnerability from fkie_nvd - Published: 2017-01-11 04:59 - Updated: 2026-05-06 22:30

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html	Third Party Advisory, VDB Entry
psirt@adobe.com	http://rhn.redhat.com/errata/RHSA-2017-0057.html	Third Party Advisory
psirt@adobe.com	http://www.securityfocus.com/bid/95350	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.securitytracker.com/id/1037570	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	https://cosig.gouv.qc.ca/en/cosig-2017-01-en/	Broken Link
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb17-02.html	Patch, Vendor Advisory
psirt@adobe.com	https://security.gentoo.org/glsa/201702-20	Third Party Advisory
psirt@adobe.com	https://www.exploit-db.com/exploits/41008/	Exploit, Third Party Advisory, VDB Entry
psirt@adobe.com	https://www.exploit-db.com/exploits/41012/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2017-0057.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95350	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037570	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cosig.gouv.qc.ca/en/cosig-2017-01-en/	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb17-02.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201702-20	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41008/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41012/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
adobe	flash_player	*
apple	mac_os_x	-
google	chrome_os	-
linux	linux_kernel	-
microsoft	windows	-
adobe	flash_player	*
adobe	flash_player	*
microsoft	windows_10	-
microsoft	windows_8.1	-
adobe	flash_player	*
apple	mac_os_x	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "259FB981-3C1A-4846-B15B-D17973BF1016",
              "versionEndIncluding": "24.0.0.186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "386E1058-968D-4710-8816-120E1A2D2789",
              "versionEndIncluding": "24.0.0.186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
              "matchCriteriaId": "FE5F67AB-339F-4664-803C-2EB4B03C5286",
              "versionEndIncluding": "24.0.0.186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02ED3FF7-F6B7-458F-B314-897E19EA364F",
              "versionEndIncluding": "24.0.0.186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Las versiones Adobe Flash Player 24.0.0.186 y anteriores tienen una vulnerabilidad de corrupci\u00f3n de memoria explotable debido a un error de concurrencia cuando manipulan una lista de visualizaci\u00f3n. Una explotaci\u00f3n satisfactoria podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2017-2930",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-11T04:59:00.383",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95350"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037570"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201702-20"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41008/"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41012/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201702-20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/41012/"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M8H4-JCMW-392V

Vulnerability from github – Published: 2022-05-14 03:54 – Updated: 2025-04-20 03:30

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-11T04:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-m8h4-jcmw-392v",
  "modified": "2025-04-20T03:30:53Z",
  "published": "2022-05-14T03:54:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2930"
    },
    {
      "type": "WEB",
      "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201702-20"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41008"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41012"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95350"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037570"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-2930

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2930

Aliases

CVE-2017-2930

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2930",
    "description": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.",
    "id": "GSD-2017-2930",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-2930.html",
      "https://access.redhat.com/errata/RHSA-2017:0057",
      "https://advisories.mageia.org/CVE-2017-2930.html",
      "https://packetstormsecurity.com/files/cve/CVE-2017-2930"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2930"
      ],
      "details": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.",
      "id": "GSD-2017-2930",
      "modified": "2023-12-13T01:21:05.643927Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2017-2930",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Flash Player 24.0.0.186 and earlier.",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Adobe Flash Player 24.0.0.186 and earlier."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Memory Corruption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "GLSA-201702-20",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201702-20"
          },
          {
            "name": "41012",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41012/"
          },
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
          },
          {
            "name": "RHSA-2017:0057",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
          },
          {
            "name": "41008",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41008/"
          },
          {
            "name": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/",
            "refsource": "MISC",
            "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/"
          },
          {
            "name": "1037570",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037570"
          },
          {
            "name": "95350",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95350"
          },
          {
            "name": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "24.0.0.186",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "24.0.0.186",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "24.0.0.186",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "24.0.0.186",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2017-2930"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
            },
            {
              "name": "95350",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95350"
            },
            {
              "name": "1037570",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037570"
            },
            {
              "name": "41012",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/41012/"
            },
            {
              "name": "41008",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/41008/"
            },
            {
              "name": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "https://cosig.gouv.qc.ca/en/cosig-2017-01-en/"
            },
            {
              "name": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html"
            },
            {
              "name": "GLSA-201702-20",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201702-20"
            },
            {
              "name": "RHSA-2017:0057",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-17T17:47Z",
      "publishedDate": "2017-01-11T04:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2930 (GCVE-0-2017-2930)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature