vendor:
Flash Player
by:
Project Zero
8,8
CVSS
HIGH
Out-of-Bounds Read
125
CWE
Product Name: Flash Player
Affected Version From: Adobe Flash Player version 25.0.0.127 and earlier
Affected Version To: Adobe Flash Player version 26.0.0.137
Patch Exists: YES
Related CWE: CVE-2017-11292
CPE: o:adobe:flash_player:25.0.0.127
Metasploit:
https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/msft-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/flash_player-cve-2017-11292/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2017
The attached swf triggers an out-of-bounds read in AVC deblocking.
A vulnerability in the AVC deblocking filter of the Adobe Flash Player allows an attacker to read out-of-bounds memory. This vulnerability is triggered when a specially crafted SWF file is loaded by the Adobe Flash Player. The vulnerability can be exploited to read out-of-bounds memory, which can lead to information disclosure.
Mitigation:
Upgrade to Adobe Flash Player version 26.0.0.137 or later.
