CVE-2017-2930 : Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory co

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.

Published 2017-01-11 04:59:00

Updated 2022-11-17 17:47:22

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2017-2930

Adobe » Flash Player
Versions up to, including, (<=) 24.0.0.186
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » For Chrome
Versions up to, including, (<=) 24.0.0.186
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Google » Chrome Os » Version: N/A
When used together with: Linux » Linux Kernel » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » For Edge
Versions up to, including, (<=) 24.0.0.186
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 8.1 » Version: N/A
Adobe » Flash Player » For Internet Explorer
Versions up to, including, (<=) 24.0.0.186
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 8.1 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-2930

EPSS FAQ

73.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-2930

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-2930

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-2930

http://packetstormsecurity.com/files/140463/Adobe-Flash-24.0.0.186-Code-Execution.html

Adobe Flash 24.0.0.186 Code Execution ≈ Packet Storm
Third Party Advisory;VDB Entry
https://cosig.gouv.qc.ca/en/cosig-2017-01-en/

COSIG-2017-01 – COSIG
Broken Link
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/41012/

Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2)
Exploit;Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2017-0057.html

RHSA-2017:0057 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/41008/

Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (1)
Exploit;Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/95350

Adobe Flash Player APSB17-02 Memory Corruption Vulnerabilities
Broken Link;Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securitytracker.com/id/1037570

Adobe Flash Player Multiple Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry

CVEs referencing this url
https://security.gentoo.org/glsa/201702-20

Adobe Flash Player: Multiple vulnerabilities (GLSA 201702-20) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-2930

Products affected by CVE-2017-2930

Exploit prediction scoring system (EPSS) score for CVE-2017-2930

CVSS scores for CVE-2017-2930

CWE ids for CVE-2017-2930

References for CVE-2017-2930