Risk | High |
Patch available | YES |
Number of vulnerabilities | 26 |
CVE-ID | CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928 CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933 CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937 CVE-2017-2938 CVE-2017-2982 CVE-2017-2984 CVE-2017-2985 CVE-2017-2986 CVE-2017-2987 CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992 CVE-2017-2993 CVE-2017-2994 CVE-2017-2995 CVE-2017-2996 |
CWE-ID | CWE-119 CWE-125 CWE-416 CWE-122 CWE-200 CWE-190 CWE-704 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #16 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #19 is available. Public exploit code for vulnerability #22 is available. |
Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system |
Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 26 vulnerabilities.
EUVDB-ID: #VU4096
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2925
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU4097
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2926
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU4092
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2927
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU4098
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2928
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU4099
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2930
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU4100
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2931
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU4089
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU4093
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2933
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing thumbnails within .swf files. A remote attacker can create a specially crafted.thumbnail, trick the victim into opening it using Flash Player, cause heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU4094
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2934
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when decompressing planar block within .swf files. A remote attacker can create a specially crafted. atf file, trick the victim into opening it using Flash Player, cause heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU4095
Risk: High
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2935
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing AVC header slicing within .swf files. A remote attacker can create a specially crafted. flv file, trick the victim into opening it using Flash Player, cause heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU4090
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU4091
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2937
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU4088
Risk: Low
CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2938
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive data.
The vulnerability exists due to unknown error when handling .swf files. A remote attacker can create a specially crafted web page, trick the victim into visiting it and obtain potentially sensitive information. MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5801
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2982
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system. MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5805
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2984
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5802
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2985
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system. MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU5806
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2986
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU5800
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2987
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system. MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5808
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2988
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU5809
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2990
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5810
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2991
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5807
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2992
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU5803
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2993
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system. MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5804
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2994
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error in Adobe Flash Player when processing PSDKEvent objects. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system. MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5799
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2995
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in Adobe Flash Player when processing data passed within MessageChannel objects. A remote attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU5811
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Adobe Flash Player when processing malformed .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 24.0.0.221
Gentoo Linux: All versions
External linkshttp://security.gentoo.org/glsa/201702-20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.