Published: 22/09/2015 Updated: 17/02/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

Vulnerability Summary

Adobe Flash Player prior to and 19.x prior to on Windows and OS X and prior to on Linux, Adobe AIR prior to, Adobe AIR SDK prior to, and Adobe AIR SDK & Compiler prior to allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Affected Products

Vendor Product Versions
AdobeAir Sdk18.0.0.199
AdobeAir Sdk & Compiler18.0.0.180
AdobeFlash Player11.2.202.508,,,,,,,,,,,,,,,,,,,,,,,,,


Source: codegooglecom/p/google-security-research/issues/detail?id=504 The latest version of the Vector<primitive> length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows While it’s no longer possible to obviously bypass the length check there’s still unguarded data in the object which ...

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93