Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
383
VMScore

CVE-2017-3085

Published: 11/08/2017 Updated: 16/11/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 4 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Adobe

Vulnerability Summary

Adobe Flash Player versions 26.0.0.137 and previous versions have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player_desktop_runtime

adobe flash_player

redhat enterprise linux 6.0

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Red Hat: CVE-2017-3085
Adobe Flash Player versions 2600137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect ...
Arch Linux Issues:
An information disclosure flaw has been found in Adobe Flash player < 2600151 ...

Github Repositories

https://github.com/dmc5179/rhsa-tools

Tools and Scripts for interacting with the Red Hat Security API

rhsa-tools Tools and Scripts for interacting with the Red Hat Security API Note: The browser session is not started in headless mode because accessredhatcom has a cookies warning When running the pre_scrapejs script, click accept/x/dismiss on any cookie warnings to dismiss them Since the browser session persists across page scrapes, the cookie warning will not appear If t

Recent Articles

It's 2017 and Hyper-V can be pwned by a guest app, Windows by a search query, Office by...
The Register • Shaun Nichols in San Francisco • 08 Aug 2017

Update IE, Edge, Windows, SQL Server, Office and – of course – Flash

Patch Tuesday Microsoft has released the August edition of its Patch Tuesday update to address security holes in multiple products. Folks are urged to install the fixes as soon as possible before they are exploited. Among the flaws are remote code execution holes in Windows, Internet Explorer/Edge and Flash Player, plus a guest escape in Hyper-V. Of the 48 patches issued by Redmond, 25 are rated as critical security risks. Those 25 critical issues include a remote code execution vulnerability fo...

Read more...

References

CWE-601https://helpx.adobe.com/security/products/flash-player/apsb17-23.htmlhttp://www.securitytracker.com/id/1039088http://www.securityfocus.com/bid/100191https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/http://www.zerodayinitiative.com/advisories/ZDI-17-634/https://security.gentoo.org/glsa/201709-16https://access.redhat.com/errata/RHSA-2017:2457https://nvd.nist.govhttps://github.com/dmc5179/rhsa-toolshttps://www.theregister.co.uk/2017/08/08/august_patch_tuesday/https://access.redhat.com/security/cve/cve-2017-3085https://security.archlinux.org/CVE-2017-3085
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook