PT-2017-1250 · Adobe+3 · Flash Player+3
Published
2017-02-15
·
Updated
2022-11-17
·
CVE-2017-2985
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions 24.0.0.194 and earlier
Description
The issue is related to a use after free vulnerability in the ActionScript 3
BitmapData class. This vulnerability is associated with the use of memory after it has been freed. Successful exploitation could lead to arbitrary code execution. The exploitation of this issue may allow a remote attacker to execute arbitrary code.Recommendations
For Adobe Flash Player versions 24.0.0.194 and earlier, consider disabling the
BitmapData class in ActionScript 3 until a patch is available. Restrict access to the vulnerable BitmapData class to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Flash Player
Red Hat
Suse