Lucene search

[email protected]CVE-2017-3106

HistoryAug 11, 2017 - 7:29 p.m.

CVE-2017-3106

2017-08-1119:29:02

CWE-704

[email protected]

web.nvd.nist.gov

adobe

flash player

type confusion

swf

parsing

vulnerability

cve-2017-3106

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.312 Low

EPSS

Percentile

97.0%

JSON

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

Affected configurations

Vulners

NVD

Node

adobe_systems_incorporatedflash_playerRange≤26.0.0.137

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq6.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq6.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq6.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	6.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	6.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	6.0

CNA Affected

[
  {
    "product": "Flash Player",
    "vendor": "Adobe Systems Incorporated",
    "versions": [
      {
        "status": "affected",
        "version": "26.0.0.137 and earlier."
      }
    ]
  }
]