Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
760
VMScore

CVE-2017-11281

Published: 01/12/2017 Updated: 08/09/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Adobe

Vulnerability Summary

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and previous versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server 6.0

Vendor Advisories

Red Hat: CVE-2017-11281
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function Successful exploitation could lead to arbitrary code execution This affects 2600151 and earlier ...
Arch Linux Issues:
A memory corruption issue has been found in Adobe Flash player version 2600151 and earlier, leading to remote code execution ...

Exploits

Exploit DB: Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing
Source: bugschromiumorg/p/project-zero/issues/detail?id=1322 The attached fuzzed MP4 file causes an out-of-bounds memory access when played with Adobe Flash Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42782zip ...
Exploit DB: Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
Source: bugschromiumorg/p/project-zero/issues/detail?id=1321 The attached MP4 file causes an out-of-bounds memory access when played in flash player Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42781zip ...

Recent Articles

It's September 2017, and .NET lets PDFs hijack your Windows PC
The Register • Shaun Nichols in San Francisco • 12 Sep 2017

Look Microsoft, we'll stop these headlines when your stuff stops getting pwned

While much of the tech world is still fixating on Apple's $1,000 face-reading iPhone, administrators are going to be busy testing and deploying this month's Patch Tuesday load. Microsoft, Adobe, and Google have all released patches to mark the second Tuesday of the month. The updates include fixes for Flash, Edge, Internet Explorer, and Android. Redmond's September patch dump addresses a total of 81 CVE-listed vulnerabilities, 39 of which would allow for remote code execution. Four of the flaws ...

Read more...

References

CWE-119https://helpx.adobe.com/security/products/flash-player/apsb17-28.htmlhttps://www.exploit-db.com/exploits/42782/https://www.exploit-db.com/exploits/42781/https://security.gentoo.org/glsa/201709-16http://www.securitytracker.com/id/1039314http://www.securityfocus.com/bid/100710https://www.youtube.com/watch?v=CvmnUeza9zwhttps://access.redhat.com/errata/RHSA-2017:2702https://nvd.nist.govhttps://www.exploit-db.com/exploits/42782/https://access.redhat.com/security/cve/cve-2017-11281https://security.archlinux.org/CVE-2017-11281
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook