8.8
CVE-2017-11292
- EPSS 11.15%
- Veröffentlicht 22.10.2017 19:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle psirt@adobe.com
- Teams Watchlist Login
- Unerledigt Login
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Flash Player Desktop Runtime Version <= 27.0.0.159
Adobe ≫ Flash Player SwPlatformedge Version <= 27.0.0.130
Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 27.0.0.130
Adobe ≫ Flash Player SwPlatformchrome Version <= 27.0.0.159
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Workstation Version6.0
03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Adobe Flash Player Type Confusion Vulnerability
SchwachstelleAdobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
BeschreibungThe impacted product is end-of-life and should be disconnected if still in use.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.15% | 0.932 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.