| Vulnerability Name: | CVE-2017-3081 (CCN-126958) | ||||||||||||||||
| Assigned: | 2016-12-02 | ||||||||||||||||
| Published: | 2017-06-13 | ||||||||||||||||
| Updated: | 2018-01-05 | ||||||||||||||||
| Summary: | Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution. | ||||||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-416 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-3081 Source: BID Type: Third Party Advisory, VDB Entry 99023 Source: CCN Type: BID-99023 Adobe Flash Player APSB17-17 Multiple Use After Free Remote Code Execution Vulnerabilities Source: SECTRACK Type: UNKNOWN 1038655 Source: REDHAT Type: UNKNOWN RHSA-2017:1439 Source: XF Type: UNKNOWN adobe-flash-cve20173081-code-exec(126958) Source: CCN Type: Adobe Security Bulletin APSB17-17 Security updates available for Adobe Flash Player Source: CONFIRM Type: Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb17-17.html Source: GENTOO Type: UNKNOWN GLSA-201707-15 Source: CCN Type: WhiteSource Vulnerability Database CVE-2017-3081 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||