Published: 22/09/2015 Updated: 17/02/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

Vulnerability Summary

Adobe Flash Player before and 19.x before on Windows and OS X and before on Linux, Adobe AIR before, Adobe AIR SDK before, and Adobe AIR SDK & Compiler before allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Affected Products

Vendor Product Versions
AdobeAir Sdk18.0.0.199
AdobeAir Sdk & Compiler18.0.0.180
AdobeFlash Player11.2.202.508,,,,,,,,,,,,,,,,,,,,,,,,,


Administrators are advised to apply the appropriate updates.

Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.

Administrators are advised to monitor critical systems.


To exploit the vulnerability, the attacker may provide the user with a link to a malicious web page or a file containing crafted Flash content intended to submit malicious input to the affected software and use misleading language or instructions to persuade the user to follow the link or open the file.

Although a successful exploit of this vulnerability could cause a DoS condition, it is possible that this vulnerability may have other impacts via unknown vectors.

IntelliShield has previously covered this vulnerability in a Security Activity Bulletin at the following link: Security Activity Bulletin 41129

EDB Exploits

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 10.0 BOF CVE-2017-0561 10.0 - CVE-2017-11176 10.0 UAF CVE-2017-8890 10.0 CVE-2017-7895 10.0 CVE-2017-3106 9.3 CVE-2017-3064 9.3 CVE-2017-0430 9.3 CVE-2017-0429 9.3 CVE-2017-0428 9.3 CVE-2017-0427 9.3 CVE-2017-0528 9.3 CVE-2017-0510 9.3 CVE-2017-0508 9.3 CVE-2017-0507 9.3 CVE-2017-0455 9.3