8.8
CVE-2017-11292
- EPSS 11.15%
- Published 22.10.2017 19:29:00
- Last modified 20.04.2025 01:37:25
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Flash Player Desktop Runtime Version <= 27.0.0.159
Adobe ≫ Flash Player SwPlatformedge Version <= 27.0.0.130
Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 27.0.0.130
Adobe ≫ Flash Player SwPlatformchrome Version <= 27.0.0.159
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Workstation Version6.0
03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe Flash Player Type Confusion Vulnerability
VulnerabilityAdobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
DescriptionThe impacted product is end-of-life and should be disconnected if still in use.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.15% | 0.932 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.