Heap-based buffer overflow in Adobe Flash Player and Adobe Flash Player for Linux - CVE-2017-2934
Published: January 10, 2017 / Updated: March 16, 2017
Vulnerability identifier: #VU4094
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2017-2934
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Adobe
Affected software:
Adobe Flash Player
Adobe Flash Player for Linux
Adobe Flash Player
Adobe Flash Player for Linux
Detailed vulnerability description
The vulnerability allow a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when decompressing planar block within .swf files. A remote attacker can create a specially crafted. atf file, trick the victim into opening it using Flash Player, cause heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2017-2934
Install the latest version of Adobe Flash Player 24.0.0.194.