#VU9200 Out-of-bounds read in Adobe Flash Player


Published: 2017-11-14

Vulnerability identifier: #VU9200

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3114

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Adobe Flash Player
Client/Desktop applications / Plugins for browsers, ActiveX components

Vendor: Adobe

Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to out-of-bounds read. A remote attacker can gain access to arbitrary data.

Mitigation
Update to version 27.0.0.187.

Vulnerable software versions

Adobe Flash Player: 27.0.0.130 - 27.0.0.183

External links
http://helpx.adobe.com/security/products/flash-player/apsb17-33.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for Adobe Flash Player
Red Hat update for Adobe Flash Player
Arch Linux update for flashplugin
Arch Linux update for lib32-flashplugin
Microsoft Windows update for Adobe Flash
Multiple vulnerabilities in Adobe Flash Player