Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2017-11281

Published: 01/12/2017 Updated: 14/12/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Adobe

Vulnerability Summary

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and previous versions.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Red Hat: CVE-2017-11281
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function Successful exploitation could lead to arbitrary code execution This affects 2600151 and earlier ...
Arch Linux Advisories: [ASA-201709-7] lib32-flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201709-7 ========================================= Severity: Critical Date : 2017-09-13 CVE-ID : CVE-2017-11281 CVE-2017-11282 Package : lib32-flashplugin Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-399 Summary ======= The package lib32-flashplugin before vers ...
Arch Linux Advisories: [ASA-201709-6] flashplugin: arbitrary code execution
Arch Linux Security Advisory ASA-201709-6 ========================================= Severity: Critical Date : 2017-09-13 CVE-ID : CVE-2017-11281 CVE-2017-11282 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : securityarchlinuxorg/AVG-398 Summary ======= The package flashplugin before version 27001 ...
Arch Linux Issues:
A memory corruption issue has been found in Adobe Flash player version 2600151 and earlier, leading to remote code execution ...

Exploits

Exploit DB: Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
Source: bugschromiumorg/p/project-zero/issues/detail?id=1321 The attached MP4 file causes an out-of-bounds memory access when played in flash player Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42781zip ...
Exploit DB: Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing
Source: bugschromiumorg/p/project-zero/issues/detail?id=1322 The attached fuzzed MP4 file causes an out-of-bounds memory access when played with Adobe Flash Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42782zip ...

Recent Articles

It's September 2017, and .NET lets PDFs hijack your Windows PC
The Register • Shaun Nichols in San Francisco • 12 Sep 2017

Look Microsoft, we'll stop these headlines when your stuff stops getting pwned

While much of the tech world is still fixating on Apple's $1,000 face-reading iPhone, administrators are going to be busy testing and deploying this month's Patch Tuesday load.
Microsoft, Adobe, and Google have all released patches to mark the second Tuesday of the month. The updates include fixes for Flash, Edge, Internet Explorer, and Android.
Redmond's September patch dump addresses a total of 81 CVE-listed vulnerabilities, 39 of which would allow for remote code execution. Four o...

Read more...
Adobe Fixes Eight Vulnerabilities in Flash, RoboHelp, ColdFusion
Threatpost • Chris Brook • 12 Sep 2017

Adobe fixed eight vulnerabilities across three products, including two critical memory corruption bugs and a critical XML parsing flaw, with its regularly scheduled update on Tuesday.
RoboHelp for Windows, ColdFusion, and as usual, Flash Player, all received updates as part of the company’s Patch Tuesday security bulletins.
Versions 26.0.0.151 and earlier of Flash Player are affected by the memory corruption vulnerabilities (CVE-2017-11281, CVE-2017-11282). Adobe warned the bugs, d...

Read more...

References

CWE-119http://www.securityfocus.com/bid/100710http://www.securitytracker.com/id/1039314https://access.redhat.com/errata/RHSA-2017:2702https://helpx.adobe.com/security/products/flash-player/apsb17-28.htmlhttps://security.gentoo.org/glsa/201709-16https://www.exploit-db.com/exploits/42781/https://www.exploit-db.com/exploits/42782/https://www.youtube.com/watch?v=CvmnUeza9zwhttps://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2017-11281https://www.exploit-db.com/exploits/42781/https://nvd.nist.govhttps://threatpost.com/adobe-fixes-eight-vulnerabilities-in-flash-robohelp-flash-player/127944/https://access.redhat.com/security/cve/cve-2017-11281https://security.archlinux.org/CVE-2017-11281
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-24069remote code executionmass assignmentCVE-2021-1782CVE-2021-23962CVE-2021-24081cross-site scriptingCVE-2021-21973CVE-2021-23972