Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-107
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Microsoft Edge
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eMicrosoft Edge\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-3064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3064"
},
{
"name": "CVE-2017-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3061"
},
{
"name": "CVE-2017-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3062"
},
{
"name": "CVE-2017-0093",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0093"
},
{
"name": "CVE-2017-0200",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0200"
},
{
"name": "CVE-2017-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3063"
},
{
"name": "CVE-2017-3058",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3058"
},
{
"name": "CVE-2017-3059",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3059"
},
{
"name": "CVE-2017-3060",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3060"
},
{
"name": "CVE-2017-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0205"
},
{
"name": "CVE-2017-0208",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0208"
},
{
"name": "CVE-2017-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0203"
}
],
"initial_release_date": "2017-04-12T00:00:00",
"last_revision_date": "2017-04-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft pour Flash du 11 avril 2017",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/2017-3447"
}
],
"reference": "CERTFR-2017-AVI-107",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 avril 2017",
"url": "https://portal.msrc.microsoft.com/fr-fr/security-guidance/releasenotedetail/42b8fa28-9d09-e711-80d9-000d3a32fc99"
}
]
}
CVE-2017-0200 (GCVE-0-2017-0200)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 12:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Edge |
Version: Edge |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0200"
},
{
"name": "97456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97456"
},
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Edge"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka \"Microsoft Edge Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0200"
},
{
"name": "97456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97456"
},
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Edge",
"version": {
"version_data": [
{
"version_value": "Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka \"Microsoft Edge Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0200",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0200"
},
{
"name": "97456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97456"
},
{
"name": "1038234",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0200",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0208 (GCVE-0-2017-0208)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 12:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Edge |
Version: Edge |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208"
},
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038234"
},
{
"name": "97460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Edge"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u0027s system, a.k.a. \"Scripting Engine Information Disclosure Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208"
},
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038234"
},
{
"name": "97460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Edge",
"version": {
"version_data": [
{
"version_value": "Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user\u0027s system, a.k.a. \"Scripting Engine Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208"
},
{
"name": "1038234",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038234"
},
{
"name": "97460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0208",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0093 (GCVE-0-2017-0093)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 12:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Edge |
Version: Edge |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:17.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093"
},
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038234"
},
{
"name": "97419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Edge"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0201."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093"
},
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038234"
},
{
"name": "97419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Edge",
"version": {
"version_data": [
{
"version_value": "Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka \"Scripting Engine Memory Corruption Vulnerability.\" This CVE ID is unique from CVE-2017-0201."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0093"
},
{
"name": "1038234",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038234"
},
{
"name": "97419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0093",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:17.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3064 (GCVE-0-2017-3064)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory Corruption
Summary
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Flash Player 25.0.0.127 and earlier. |
Version: Adobe Flash Player 25.0.0.127 and earlier. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:27.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "42019",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42019/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Flash Player 25.0.0.127 and earlier.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "42019",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42019/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "42019",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42019/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2017-3064",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-05T14:16:27.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3059 (GCVE-0-2017-3059)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use After Free
Summary
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Flash Player 25.0.0.127 and earlier. |
Version: Adobe Flash Player 25.0.0.127 and earlier. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:26.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Flash Player 25.0.0.127 and earlier.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2017-3059",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-05T14:16:26.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0203 (GCVE-0-2017-0203)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 12:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Security Feature Bypass
Summary
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Microsoft Edge Microsoft Edge |
Version: Microsoft Edge Microsoft Edge |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038234"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0203"
},
{
"name": "97443",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Edge Microsoft Edge",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Microsoft Edge Microsoft Edge"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038234"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0203"
},
{
"name": "97443",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Microsoft Edge Microsoft Edge"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038234",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038234"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0203",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0203"
},
{
"name": "97443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0203",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0205 (GCVE-0-2017-0205)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 12:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Edge |
Version: Edge |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:55:19.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0205"
},
{
"name": "97442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97442"
},
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Edge"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka \"Microsoft Edge Memory Corruption Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0205"
},
{
"name": "97442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97442"
},
{
"name": "1038234",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038234"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Edge",
"version": {
"version_data": [
{
"version_value": "Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka \"Microsoft Edge Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0205",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0205"
},
{
"name": "97442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97442"
},
{
"name": "1038234",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038234"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-0205",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-05T12:55:19.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3063 (GCVE-0-2017-3063)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use After Free
Summary
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Flash Player 25.0.0.127 and earlier. |
Version: Adobe Flash Player 25.0.0.127 and earlier. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:27.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Flash Player 25.0.0.127 and earlier.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2017-3063",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-05T14:16:27.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3062 (GCVE-0-2017-3062)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use After Free
Summary
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Flash Player 25.0.0.127 and earlier. |
Version: Adobe Flash Player 25.0.0.127 and earlier. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:27.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Flash Player 25.0.0.127 and earlier.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2017-3062",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-05T14:16:27.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3058 (GCVE-0-2017-3058)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use After Free
Summary
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Flash Player 25.0.0.127 and earlier. |
Version: Adobe Flash Player 25.0.0.127 and earlier. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Flash Player 25.0.0.127 and earlier.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "97551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2017-3058",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3060 (GCVE-0-2017-3060)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory Corruption
Summary
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Flash Player 25.0.0.127 and earlier. |
Version: Adobe Flash Player 25.0.0.127 and earlier. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:27.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Flash Player 25.0.0.127 and earlier.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2017-3060",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-05T14:16:27.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3061 (GCVE-0-2017-3061)
Vulnerability from cvelistv5
Published
2017-04-12 14:00
Modified
2024-08-05 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory Corruption
Summary
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Adobe Flash Player 25.0.0.127 and earlier. |
Version: Adobe Flash Player 25.0.0.127 and earlier. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:26.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "42018",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Flash Player 25.0.0.127 and earlier.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
],
"datePublic": "2017-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "GLSA-201704-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "42018",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "42018",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2017-3061",
"datePublished": "2017-04-12T14:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-05T14:16:26.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…