CVE-2017-11292

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 27.0.0.159 and earlier

Description The issue is related to a flawed bytecode verification procedure in Adobe Flash Player, which allows an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. The vulnerability is associated with incorrect array data indexing, and its exploitation may allow a remote attacker to execute arbitrary code.

Recommendations For Adobe Flash Player versions 27.0.0.159 and earlier, update to a version that fixes the flawed bytecode verification procedure to prevent type confusion and arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Validation of Array Index

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-843

Related Identifiers

ALT-PU-2017-2537

ALT-PU-2018-2414

BDU:2021-05393

CVE-2017-11292

MGASA-2017-0377

RHSA-2017:2899

RHSA-2017_2899

Affected Products

Alt Linux

Flash Player

Red Hat

CVE-2017-11292

Weakness Enumeration

Related Identifiers

Affected Products

References · 19