An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
http://www.securityfocus.com/bid/101837
http://www.securitytracker.com/id/1039778
https://access.redhat.com/errata/RHSA-2017:3222
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
Source: MITRE
Published: 2017-12-09
Updated: 2017-12-21
Type: CWE-125
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
AND
OR
OR
cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
AND
OR
OR
cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
AND
OR
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:intenet_explorer_11:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
700427 | Flash Player < 27.0.0.187 Multiple Vulnerabilities (APSB17-33) | Nessus Network Monitor | Web Clients | critical |
104694 | GLSA-201711-13 : Adobe Flash Player: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
104647 | FreeBSD : Flash Player -- multiple vulnerabilities (52f10525-caff-11e7-b590-6451062f0f7a) | Nessus | FreeBSD Local Security Checks | critical |
104622 | RHEL 6 : flash-plugin (RHSA-2017:3222) | Nessus | Red Hat Local Security Checks | critical |
104547 | KB4048951: Security update for Adobe Flash Player (November 2017) | Nessus | Windows : Microsoft Bulletins | critical |
104545 | Adobe Flash Player for Mac <= 27.0.0.183 (APSB17-33) | Nessus | MacOS X Local Security Checks | critical |
104544 | Adobe Flash Player <= 27.0.0.183 (APSB17-33) | Nessus | Windows | critical |