Published: 22/09/2015 Updated: 17/02/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player prior to and 19.x prior to on Windows and OS X and prior to on Linux, Adobe AIR prior to, Adobe AIR SDK prior to, and Adobe AIR SDK & Compiler prior to allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.

Affected Products

Vendor Product Versions
AdobeAir Sdk18.0.0.199
AdobeAir Sdk & Compiler18.0.0.180
AdobeFlash Player11.2.202.508,,,,,,,,,,,,,,,,,,,,,,,,,


Source: codegooglecom/p/google-security-research/issues/detail?id=504 The latest version of the Vector<primitive> length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows While it’s no longer possible to obviously bypass the length check there’s still unguarded data in the object which ...

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93