PT-2017-3425 · Adobe+3 · Flash Player+3

Publicado

2017-11-14

·

Atualizado

2024-06-15

·

CVE-2017-11215

CVSS v3.1

10

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 27.0.0.183 and earlier
Description The issue is related to a use after free vulnerability in the Primetime SDK of Adobe Flash Player. This vulnerability can provide an attacker with unintended memory access, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. The vulnerability is associated with the mismatch between an old and a new object.
Recommendations For Adobe Flash Player versions 27.0.0.183 and earlier, update to a version later than 27.0.0.183 to resolve the issue. As a temporary workaround, consider disabling the Primetime SDK functionality until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2017-2836
ALT-PU-2018-2414
BDU:2018-00213
CVE-2017-11215
MGASA-2017-0410
MGASA-2018-0268
OPENSUSE-SU-2018:1175-1
OPENSUSE-SU-2018:1437-1
OPENSUSE-SU-2018_0704-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2017:3222
RHSA-2017_3222

Produtos afetados

Alt Linux
Flash Player
Red Hat
Suse