CVE-2017-3002

HIGH

Description

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.

References

http://rhn.redhat.com/errata/RHSA-2017-0526.html

http://www.securityfocus.com/bid/96861

http://www.securitytracker.com/id/1037994

https://helpx.adobe.com/security/products/flash-player/apsb17-07.html

https://security.gentoo.org/glsa/201703-02

Details

Source: MITRE

Published: 2017-03-14

Updated: 2018-01-05

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

Configuration 3

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Tenable Plugins

View all (8 total)

ID	Name	Product	Family	Severity
97814	GLSA-201703-02 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
700006	Flash Player < 25.0.0.127 Multiple Vulnerabilities (APSB17-07)	Nessus Network Monitor	Web Clients	high
97788	FreeBSD : Flash Player -- multiple vulnerabilities (4ffb633c-0a3b-11e7-a9f2-0011d823eebd)	Nessus	FreeBSD Local Security Checks	critical
97776	SUSE SLED12 Security Update : flash-player (SUSE-SU-2017:0703-1)	Nessus	SuSE Local Security Checks	critical
97766	RHEL 6 : flash-plugin (RHSA-2017:0526)	Nessus	Red Hat Local Security Checks	critical
97735	MS17-023: Security Update for Adobe Flash Player (4014329)	Nessus	Windows : Microsoft Bulletins	high
97728	Adobe Flash Player for Mac <= 24.0.0.221 Multiple Vulnerabilities (APSB17-07)	Nessus	MacOS X Local Security Checks	high
97727	Adobe Flash Player <= 24.0.0.221 Multiple Vulnerabilities (APSB17-07)	Nessus	Windows	high