An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
http://www.securityfocus.com/bid/101837
http://www.securitytracker.com/id/1039778
https://access.redhat.com/errata/RHSA-2017:3222
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
Source: MITRE
Published: 2017-12-09
Updated: 2017-12-21
Type: CWE-416
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
AND
OR
OR
cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
AND
OR
OR
cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
AND
OR
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:intenet_explorer_11:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
700427 | Flash Player < 27.0.0.187 Multiple Vulnerabilities (APSB17-33) | Nessus Network Monitor | Web Clients | critical |
108436 | openSUSE Security Update : Chromium (openSUSE-2018-264) | Nessus | SuSE Local Security Checks | critical |
107243 | FreeBSD : chromium -- vulnerability (555af074-22b9-11e8-9799-54ee754af08e) | Nessus | FreeBSD Local Security Checks | critical |
107221 | Google Chrome < 65.0.3325.146 Multiple Vulnerabilities (macOS) | Nessus | MacOS X Local Security Checks | critical |
107220 | Google Chrome < 65.0.3325.146 Multiple Vulnerabilities | Nessus | Windows | critical |
104694 | GLSA-201711-13 : Adobe Flash Player: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
104647 | FreeBSD : Flash Player -- multiple vulnerabilities (52f10525-caff-11e7-b590-6451062f0f7a) | Nessus | FreeBSD Local Security Checks | critical |
104622 | RHEL 6 : flash-plugin (RHSA-2017:3222) | Nessus | Red Hat Local Security Checks | critical |
104547 | KB4048951: Security update for Adobe Flash Player (November 2017) | Nessus | Windows : Microsoft Bulletins | critical |
104545 | Adobe Flash Player for Mac <= 27.0.0.183 (APSB17-33) | Nessus | MacOS X Local Security Checks | critical |
104544 | Adobe Flash Player <= 27.0.0.183 (APSB17-33) | Nessus | Windows | critical |