Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-11282

Published: 01/12/2017 Updated: 08/09/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Flash Player

Vulnerability Summary

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and previous versions.

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

redhat enterprise linux workstation 6.0

redhat enterprise linux server 6.0

redhat enterprise linux desktop 6.0

Vendor Advisories

Red Hat: CVE-2017-11282
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser Successful exploitation could lead to arbitrary code execution This affects 2600151 and earlier ...
Arch Linux Issues:
A memory corruption issue has been found in Adobe Flash player version 2600151 and earlier, leading to remote code execution ...

Exploits

Exploit DB: Adobe Flash - Out-of-Bounds Read in applyToRange
Source: bugschromiumorg/p/project-zero/issues/detail?id=1323 The attached fuzzed file causes an out-of-bounds read in TextFormatapplyToRange Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42783zip ...

Recent Articles

It's September 2017, and .NET lets PDFs hijack your Windows PC
The Register • Shaun Nichols in San Francisco • 12 Sep 2017

Look Microsoft, we'll stop these headlines when your stuff stops getting pwned

While much of the tech world is still fixating on Apple's $1,000 face-reading iPhone, administrators are going to be busy testing and deploying this month's Patch Tuesday load. Microsoft, Adobe, and Google have all released patches to mark the second Tuesday of the month. The updates include fixes for Flash, Edge, Internet Explorer, and Android. Redmond's September patch dump addresses a total of 81 CVE-listed vulnerabilities, 39 of which would allow for remote code execution. Four of the flaws ...

Read more...

References

CWE-119https://helpx.adobe.com/security/products/flash-player/apsb17-28.htmlhttps://www.exploit-db.com/exploits/42783/https://security.gentoo.org/glsa/201709-16http://www.securitytracker.com/id/1039314http://www.securityfocus.com/bid/100716https://www.youtube.com/watch?v=6iZnIQbRf5Mhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1323http://packetstormsecurity.com/files/144332/Adobe-Flash-appleToRange-Out-Of-Bounds-Read.htmlhttps://access.redhat.com/errata/RHSA-2017:2702https://nvd.nist.govhttps://www.exploit-db.com/exploits/42783/https://access.redhat.com/security/cve/cve-2017-11282https://security.archlinux.org/CVE-2017-11282
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook