9.8

CVE-2017-11281

Exploit

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

Data is provided by the National Vulnerability Database (NVD)
AdobeFlash Player Version <= 26.0.0.151
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformchrome Version <= 26.0.0.151
   ApplemacOS Version-
   GoogleChrome Os Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformedge Version <= 26.0.0.151
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player SwPlatforminternet_explorer Version <= 26.0.0.151
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 45.37% 0.975
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://security.gentoo.org/glsa/201709-16
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100710
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039314
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42781/
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42782/
Third Party Advisory
VDB Entry
https://www.youtube.com/watch?v=CvmnUeza9zw
Third Party Advisory
Exploit