CVE-2017-2995

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2017-0275.html Third Party Advisory
http://www.securityfocus.com/bid/96191 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037815 Broken Link Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html Patch Vendor Advisory
https://security.gentoo.org/glsa/201702-20 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-02-15 06:59

Updated : 2024-02-04 19:11


NVD link : CVE-2017-2995

Mitre link : CVE-2017-2995

CVE.ORG link : CVE-2017-2995


JSON object : View

Products Affected

microsoft

  • windows
  • windows_8.1
  • windows_10

google

  • chrome_os

adobe

  • flash_player_desktop_runtime
  • flash_player

linux

  • linux_kernel

apple

  • mac_os_x
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')