Multiple vulnerabilities in Adobe Flash Player

Published: 2017-08-08 18:11:37
Severity High
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2017-3085
CVE-2017-3106
CVSSv3 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-200
CWE-843
Exploitation vector Network
Public exploit Not available
Vulnerable software Adobe Flash Player
Vulnerable software versions Adobe Flash Player 26.0.0.137
Adobe Flash Player 26.0.0.131
Adobe Flash Player 26.0.0.126
Adobe Flash Player 26.0.0.120
Vendor URL Adobe

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to unknown error when processing .swf files. A remote attacker can create a specially crafted file, trick the victim into opening it, bypass certain security restrictions and gain access to potentially sensitive information.

Remediation

Update to version 26.0.0.151

External links

https://helpx.adobe.com//security/products/flash-player/apsb17-23.html

2) Type confusion error

Description

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to a type confusion error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Update to version 26.0.0.151

External links

https://helpx.adobe.com//security/products/flash-player/apsb17-23.html

Back to List