Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2017-2985

Published: 15/02/2017 Updated: 17/11/2022
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Adobe Flash Player versions 24.0.0.194 and previous versions have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

adobe flash_player_desktop_runtime

Vendor Advisories

Red Hat: Critical: flash-plugin security update
Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An update for flash-plugin is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring Syst ...
Arch Linux Issues:
A use-after-free vulnerability possibly leading to code execution has been found in Adobe Flash Player < 2400221 ...

Exploits

Exploit DB: Adobe Flash - Use-After-Free in Applying Bitmap Filter
Source: bugschromiumorg/p/project-zero/issues/detail?id=1007 The attached swf causes a use-after-free in applying bitmap filters Proof of Concept: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41422zip ...

References

CWE-416https://helpx.adobe.com/security/products/flash-player/apsb17-04.htmlhttp://www.securityfocus.com/bid/96199https://security.gentoo.org/glsa/201702-20http://www.securitytracker.com/id/1037815https://www.exploit-db.com/exploits/41422/http://rhn.redhat.com/errata/RHSA-2017-0275.htmlhttps://access.redhat.com/errata/RHSA-2017:0275https://nvd.nist.govhttps://www.exploit-db.com/exploits/41422/https://security.archlinux.org/CVE-2017-2985
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook