Vulnerability Name:

CVE-2017-2985 (CCN-121813)

Assigned:2016-12-02
Published:2017-02-14
Updated:2022-11-17
Summary:Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-416
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2017-2985

Source: CCN
Type: RHSA-2017-0275
Critical: flash-plugin security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2017:0275

Source: BID
Type: Broken Link, Third Party Advisory, VDB Entry
96199

Source: SECTRACK
Type: Broken Link, Third Party Advisory, VDB Entry
1037815

Source: XF
Type: UNKNOWN
adobe-flash-cve20172985-code-exec(121813)

Source: CCN
Type: Adobe Security Bulletin APSB17-04
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html

Source: CCN
Type: Packet Storm Security [02-18-2017]
Adobe Flash Bitmapfilter Use-After-Free

Source: GENTOO
Type: Third Party Advisory
GLSA-201702-20

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [02-21-2017]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
41422

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:chrome:*:* (Version <= 24.0.0.194)
  • AND
  • cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • OR cpe:/o:google:chrome_os:-:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:edge:*:* (Version <= 24.0.0.194)
  • OR cpe:/a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:* (Version <= 24.0.0.194)
  • AND
  • cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* (Version <= 24.0.0.194)
  • AND
  • cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20172985
    V
    		CVE-2017-2985
    2022-05-20
    oval:org.opensuse.security:def:55986
    P
    		Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:47306
    P
    		libIlmImf-Imf_2_1-21-2.1.0-4.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47065
    P
    		libpoppler44-0.24.4-12.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47377
    P
    		libmpfr4-3.1.2-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47149
    P
    		rtkit-0.11_git201205151338-8.14 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48015
    P
    		gdk-pixbuf-loader-rsvg-2.40.20-5.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48069
    P
    		libSDL-1_2-0-1.2.15-15.11.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47211
    P
    		autofs-5.0.9-27.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47275
    P
    		grub2-2.02-2.12 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:11970
    P
    		mailx-12.5-28.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11828
    P
    		gtk2-data-2.24.31-7.11 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11979
    P
    		p7zip-9.20.1-6.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11903
    P
    		libldap-2_4-2-2.4.41-18.25.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11992
    P
    		perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11928
    P
    		libpoppler44-0.24.4-12.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12630
    P
    		libssh4-0.6.3-12.6.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11679
    P
    		openslp-2.0.0-5.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12652
    P
    		libxerces-c-3_1-3.1.1-12.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46481
    P
    		libgc1-7.2d-3.75 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11701
    P
    		python-2.7.9-20.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46613
    P
    		apache-commons-httpclient-3.1-4.498 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11747
    P
    		xorg-x11-7.6_1-14.17 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11671
    P
    		logrotate-3.8.7-3.21 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46704
    P
    		libXinerama1-1.1.3-3.55 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11794
    P
    		e2fsprogs-1.42.11-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46851
    P
    		sysconfig-0.83.8-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11809
    P
    		fuse-2.9.3-5.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:55912
    P
    		Security update for spice-gtk (Important)
    2021-06-08
    oval:org.opensuse.security:def:24660
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53135
    P
    		Security update for libxml2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24461
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24741
    P
    		Security update for cifs-utils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53275
    P
    		Security update for util-linux and shadow (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46156
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:24797
    P
    		Security update for kernel-firmware (Important)
    2020-12-01
    oval:org.opensuse.security:def:53513
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:46169
    P
    		Security update for glib2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25170
    P
    		Security update for git (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53112
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24880
    P
    		Security update for ncurses (Important)
    2020-12-01
    oval:org.opensuse.security:def:53686
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46289
    P
    		Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:25184
    P
    		Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54443
    P
    		cups on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25030
    P
    		Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:53792
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25228
    P
    		Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54517
    P
    		libXcursor1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46155
    P
    		Security update for postgresql10 (Low)
    2020-12-01
    oval:org.opensuse.security:def:25083
    P
    		Security update for LibVNCServer (Critical)
    2020-12-01
    oval:org.opensuse.security:def:53958
    P
    		facter on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25866
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:54555
    P
    		libid3tag0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24471
    P
    		Security update for kernel-source (Important)
    2020-12-01
    oval:org.opensuse.security:def:54243
    P
    		libXinerama1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25901
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:54636
    P
    		ntp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24534
    P
    		Security update for gpg2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53113
    P
    		Security update for python-urllib3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54351
    P
    		perl-32bit on GA media (Moderate)
    2020-12-01
    oval:org.cisecurity:def:1910
    V
    		Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability - CVE-2017-2985
    2017-03-03
    oval:org.opensuse.security:def:78620
    P
    		Security update for flash-player (Important)
    2017-02-20
    oval:com.ubuntu.precise:def:20172985000
    V
    		CVE-2017-2985 on Ubuntu 12.04 LTS (precise) - medium.
    2017-02-15
    oval:com.ubuntu.trusty:def:20172985000
    V
    		CVE-2017-2985 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-02-15
    oval:com.ubuntu.xenial:def:201729850000000
    V
    		CVE-2017-2985 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-02-15
    oval:com.ubuntu.xenial:def:20172985000
    V
    		CVE-2017-2985 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-02-15
    BACK
    adobe flash player *
    microsoft windows -
    apple mac os x -
    google chrome os -
    linux linux kernel -
    adobe flash player *
    adobe flash player *
    microsoft windows 8.1 -
    microsoft windows 10 -
    adobe flash player desktop runtime *
    microsoft windows -
    apple mac os x -
    linux linux kernel -