CVE-2017-3061

EUVD-2017-12202
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
adobeflash_player
𝑥
≤ 25.0.0.127
adobeflash_player
𝑥
≤ 25.0.0.127
adobeflash_player
𝑥
≤ 25.0.0.127
adobeflash_player
𝑥
≤ 25.0.0.127
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
precise
ignored
trusty
Fixed 1:20170509.1-0ubuntu0.14.04.1
released
xenial
Fixed 1:20170509.1-0ubuntu0.16.04.1
released
yakkety
Fixed 1:20170509.1-0ubuntu0.16.10.1
released
zesty
Fixed 1:20170509.1-0ubuntu0.17.04.1
released
flashplugin-nonfree
precise
ignored
trusty
Fixed 25.0.0.171ubuntu0.14.04.1
released
xenial
Fixed 25.0.0.171ubuntu0.16.04.1
released
yakkety
Fixed 25.0.0.171ubuntu0.16.10.1
released
zesty
Fixed 25.0.0.171ubuntu0.17.04.1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97557
http://www.securitytracker.com/id/1038225
https://access.redhat.com/errata/RHSA-2017:0934
https://helpx.adobe.com/security/products/flash-player/apsb17-10.html
https://security.gentoo.org/glsa/201704-04
https://www.exploit-db.com/exploits/42018/
http://www.securityfocus.com/bid/97557
http://www.securitytracker.com/id/1038225
https://access.redhat.com/errata/RHSA-2017:0934
https://helpx.adobe.com/security/products/flash-player/apsb17-10.html
https://security.gentoo.org/glsa/201704-04
https://www.exploit-db.com/exploits/42018/