9.3

CVE-2017-2998

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeFlash Player SwPlatformchrome Version <= 24.0.0.221
   ApplemacOS X Version-
   GoogleChrome Os Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
AdobeFlash Player SwPlatformedge Version <= 24.0.0.221
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player SwPlatforminternet_explorer Version <= 24.0.0.221
   MicrosoftWindows 10 Version-
   MicrosoftWindows 8.1 Version-
AdobeFlash Player Desktop Runtime Version <= 24.0.0.221
   ApplemacOS X Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.07% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://rhn.redhat.com/errata/RHSA-2017-0526.html
Third Party Advisory
http://www.securitytracker.com/id/1037994
Third Party Advisory
Broken Link
VDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
Patch
Vendor Advisory
https://security.gentoo.org/glsa/201703-02
Third Party Advisory
http://www.securityfocus.com/bid/96866
Third Party Advisory
Broken Link
VDB Entry