Published: 14/03/2017 Updated: 05/01/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player versions and previous versions have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeFlash Player24.0.0.221

Vendor Advisories

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An update for flash-plugin is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring Syst ...
A memory corruption vulnerability that could lead to code execution has been found in Adobe Flash Player <= 2400221 ...
Arch Linux Security Advisory ASA-201703-12 ========================================== Severity: Critical Date : 2017-03-15 CVE-ID : CVE-2017-2997 CVE-2017-2998 CVE-2017-2999 CVE-2017-3000 CVE-2017-3001 CVE-2017-3002 CVE-2017-3003 Package : lib32-flashplugin Type : multiple issues Remote : Yes Link : securityarchlinux ...
Microsoft Security Bulletin MS17-023 - Critical 10/11/2017 15 minutes to read Contributors In this article Security Update for Adobe Flash Player (4014329)Executive SummaryVulnerability InformationAffected Softwar ...

Recent Articles

Adobe fixes 8 Security Vulnerabilities in Adobe Flash Player & Shockwave Player
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Adobe has released updates for Adobe Flash Player and Adobe Shockwave Player that resolves a combined 8 security vulnerabilities. Of these 8 vulnerabilities, 7 of them are rated as Critical because they could lead to information disclosure or remote code execution. 
A remote code execution vulnerability is particularly worrisome as it could allow attackers to remotely execute command on an affected machine. This would allow them to execute almost any command, including the downloading and...