| Vulnerability Name: | CVE-2017-3083 (CCN-126960) | ||||||||||||||||
| Assigned: | 2016-12-02 | ||||||||||||||||
| Published: | 2017-06-13 | ||||||||||||||||
| Updated: | 2018-01-05 | ||||||||||||||||
| Summary: | Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution. | ||||||||||||||||
| CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-416 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-3083 Source: BID Type: Third Party Advisory, VDB Entry 99023 Source: CCN Type: BID-99023 Adobe Flash Player APSB17-17 Multiple Use After Free Remote Code Execution Vulnerabilities Source: SECTRACK Type: UNKNOWN 1038655 Source: REDHAT Type: UNKNOWN RHSA-2017:1439 Source: XF Type: UNKNOWN adobe-flash-cve20173083-code-exec(126960) Source: CCN Type: Adobe Security Bulletin APSB17-17 Security updates available for Adobe Flash Player Source: CONFIRM Type: Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb17-17.html Source: GENTOO Type: UNKNOWN GLSA-201707-15 Source: CCN Type: WhiteSource Vulnerability Database CVE-2017-3083 Source: CCN Type: ZDI-17-406 Adobe Flash Profile Use-After-Free Remote Code Execution Vulnerability | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||