CVE-2017-3112

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 27.0.0.183 and earlier

Description The issue occurs due to a computation that reads data past the end of the target buffer, specifically in the AdobePSDK metadata. This happens because of an invalid pointer offset used during access of internal data structure fields. A successful attack can lead to sensitive data exposure. The vulnerability can also allow a remote attacker to execute arbitrary code.

Recommendations For Adobe Flash Player versions 27.0.0.183 and earlier, update to a version later than 27.0.0.183 to resolve the issue. As a temporary workaround, consider restricting access to AdobePSDK metadata until a patch is available.