PT-2017-3426 · Adobe+2 · Flash Player+2

Published

2017-11-13

·

Updated

2021-09-08

·

CVE-2017-11213

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 27.0.0.183 and earlier
Description The issue is caused by an integer overflow when creating a bitmap image, leading to an out-of-bounds access. This can allow a remote attacker to execute arbitrary code. The vulnerability occurs due to a computation that reads data past the end of the target buffer. A successful attack can lead to sensitive data exposure.
Recommendations For Adobe Flash Player versions 27.0.0.183 and earlier, update to a version that contains a fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to bitmap image creation functions until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-2836
ALT-PU-2018-2414
BDU:2018-00214
CVE-2017-11213
MGASA-2017-0410
RHSA-2017:3222
RHSA-2017_3222
ZDI-17-998

Affected Products

Alt Linux
Flash Player
Red Hat