PT-2017-3425 · Adobe+3 · Flash Player+3

Published

2017-11-14

Updated

2024-06-15

CVE-2017-11215

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 27.0.0.183 and earlier

Description The issue is related to a use after free vulnerability in the Primetime SDK of Adobe Flash Player. This vulnerability can provide an attacker with unintended memory access, potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. The vulnerability is associated with the mismatch between an old and a new object.

Recommendations For Adobe Flash Player versions 27.0.0.183 and earlier, update to a version later than 27.0.0.183 to resolve the issue. As a temporary workaround, consider disabling the Primetime SDK functionality until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2017-2836

ALT-PU-2018-2414

BDU:2018-00213

CVE-2017-11215

MGASA-2017-0410

MGASA-2018-0268

OPENSUSE-SU-2018:1175-1

OPENSUSE-SU-2018:1437-1

OPENSUSE-SU-2018_0704-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2017:3222

RHSA-2017_3222

Affected Products

Alt Linux

Flash Player

Red Hat

Suse

PT-2017-3425 · Adobe+3 · Flash Player+3

CVE-2017-11215

Weakness Enumeration

Related Identifiers

Affected Products

References · 2351