5
CVSSv2

CVE-2017-3085

Published: 11/08/2017 Updated: 05/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Adobe Flash Player versions 26.0.0.137 and previous versions have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Vendor Advisories

Adobe Flash Player versions 2600137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect ...
Arch Linux Security Advisory ASA-201708-1 ========================================= Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-3085 CVE-2017-3106 Package : lib32-flashplugin Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-372 Summary ======= The package lib32-flashplugin before version 2600 ...
Arch Linux Security Advisory ASA-201708-2 ========================================= Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-3085 CVE-2017-3106 Package : flashplugin Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-373 Summary ======= The package flashplugin before version 2600151-1 is vul ...
An information disclosure flaw has been found in Adobe Flash player < 2600151 ...

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93

Recent Articles

Recently Patched Flash Bug Can Leak Windows Credentials
BleepingComputer • Catalin Cimpanu • 11 Aug 2017

Earlier this week, Adobe patched a vulnerability in Flash Player that allows an attacker to use malicious Flash files to leak Windows credentials.
The security issue is tracked under the CVE-2017-3085 identifier and affects Flash Player versions from 23.0.0.162 up to 26.0.0.137, running on Windows XP, Vista, 7, 8.x, and 10.
The vulnerability was discovered by Dutch security researcher Björn Ruytenberg and is a variation of an older flaw tracked as CVE-2016-4271, which Adobe patched ...

Patched Flash Player Sandbox Escape Leaked Windows Credentials
Threatpost • Michael Mimoso • 10 Aug 2017

One of the patches included in Tuesday’s Adobe Flash Player update was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue.
Dutch researcher Bjorn Ruytenberg disclosed details after Adobe updated the soon-to-be deprecated Flash Player on Tuesday to version 26. Flash Player 23, released close to a year ago, closed off a local sandbox escape, but Ruytenberg found the update failed to address the v...

It's 2017 and Hyper-V can be pwned by a guest app, Windows by a search query, Office by...
The Register • Shaun Nichols in San Francisco • 08 Aug 2017

Update IE, Edge, Windows, SQL Server, Office and – of course – Flash

Patch Tuesday Microsoft has released the August edition of its Patch Tuesday update to address security holes in multiple products. Folks are urged to install the fixes as soon as possible before they are exploited.
Among the flaws are remote code execution holes in Windows, Internet Explorer/Edge and Flash Player, plus a guest escape in Hyper-V. Of the 48 patches issued by Redmond, 25 are rated as critical security risks.
Those 25 critical issues include a remote code execution vuln...

Flash Player Marches Toward End, Patches Two Code Execution Bugs in Latest Update
Threatpost • Michael Mimoso • 08 Aug 2017

Adobe today pushed out its first Flash Player update since announcing two weeks ago that it would stop distributing and updating the software in 2020.
Flash has been at the center of many targeted attacks and exploit kit activity, and despite numerous improvements to the product including sandboxing and attempts to kill off entire classes of vulnerabilities, many security conscious users will soon have their way with Flash going end-of-life.
Today, as part of its regular Patch Tuesd...