Adobe Flash Player before 18.104.22.168 and 19.x before 22.214.171.124 on Windows and OS X and before 126.96.36.1991 on Linux, Adobe AIR before 188.8.131.52, Adobe AIR SDK before 184.108.40.206, and Adobe AIR SDK & Compiler before 220.127.116.11 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.
|Adobe||Air Sdk & Compiler||18.104.22.168|
|Adobe||Flash Player||22.214.171.1248, 126.96.36.1999, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.1997, 188.8.131.527, 184.108.40.2066, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199|
Administrators are advised to apply the appropriate updates.
Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.
Administrators are advised to monitor critical systems.
To exploit the vulnerability, the attacker may provide the user with a link to a malicious web page or a file containing crafted Flash content intended to submit malicious input to the affected software and use misleading language or instructions to persuade the user to follow the link or open the file.
Although a successful exploit of this vulnerability could cause a DoS condition, it is possible that this vulnerability may have other impacts via unknown vectors.
IntelliShield has previously covered this vulnerability in a Security Activity Bulletin at the following link: Security Activity Bulletin 41129
CVE-Study CVE id CVSS Type CVE-2017-12762 10.0 BOF CVE-2017-0561 10.0 - CVE-2017-11176 10.0 UAF CVE-2017-8890 10.0 CVE-2017-7895 10.0 CVE-2017-3106 9.3 CVE-2017-3064 9.3 CVE-2017-0430 9.3 CVE-2017-0429 9.3 CVE-2017-0428 9.3 CVE-2017-0427 9.3 CVE-2017-0528 9.3 CVE-2017-0510 9.3 CVE-2017-0508 9.3 CVE-2017-0507 9.3 CVE-2017-0455 9.3