vendor:
Flash Player
by:
Project Zero
8,8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Flash Player
Affected Version From: Adobe Flash Player 28.0.0.137
Affected Version To: Adobe Flash Player 28.0.0.161
Patch Exists: YES
Related CWE: CVE-2017-11292
CPE: o:adobe:flash_player
Metasploit:
https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/msft-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2017-11292/, https://www.rapid7.com/db/vulnerabilities/flash_player-cve-2017-11292/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2017
Buffer Overflow in MP4 AMF Parsing
A buffer overflow vulnerability exists in the MP4 AMF parsing of Adobe Flash Player. An attacker can exploit this vulnerability by convincing a user to visit a malicious website hosting a specially crafted SWF file. The vulnerability can be triggered by visiting a malicious website hosting a specially crafted SWF file.
Mitigation:
Upgrade to the latest version of Adobe Flash Player.
