9.8

CVE-2017-11282

Exploit

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

Data is provided by the National Vulnerability Database (NVD)
AdobeFlash Player Version <= 26.0.0.151
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformchrome Version <= 26.0.0.151
   ApplemacOS Version-
   GoogleChrome Os Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformedge Version <= 26.0.0.151
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player SwPlatforminternet_explorer Version <= 26.0.0.151
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 20.69% 0.953
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://security.gentoo.org/glsa/201709-16
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039314
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/100716
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42783/
Third Party Advisory
Exploit
VDB Entry
https://www.youtube.com/watch?v=6iZnIQbRf5M
Third Party Advisory
Exploit