CVE-2017-5240

Name of the Vulnerable Software and Affected Versions Rapid7 AppSpider Pro versions prior to 6.14.060

Description The issue is related to a heap-based buffer overflow in the FLAnalyzer.exe component. This can be triggered by a malicious or malformed Flash source file, leading to a denial of service condition where the application crashes.

Recommendations For versions prior to 6.14.060, update to version 6.14.060 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of Flash source files by the FLAnalyzer.exe component until the update is applied.