CVE-2017-3063

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
adobeflash_player
𝑥
≤ 25.0.0.127
adobeflash_player
𝑥
≤ 25.0.0.127
adobeflash_player
𝑥
≤ 25.0.0.127
adobeflash_player
𝑥
≤ 25.0.0.127
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
zesty
Fixed 1:20170509.1-0ubuntu0.17.04.1
released
yakkety
Fixed 1:20170509.1-0ubuntu0.16.10.1
released
xenial
Fixed 1:20170509.1-0ubuntu0.16.04.1
released
trusty
Fixed 1:20170509.1-0ubuntu0.14.04.1
released
precise
ignored
flashplugin-nonfree
zesty
Fixed 25.0.0.171ubuntu0.17.04.1
released
yakkety
Fixed 25.0.0.171ubuntu0.16.10.1
released
xenial
Fixed 25.0.0.171ubuntu0.16.04.1
released
trusty
Fixed 25.0.0.171ubuntu0.14.04.1
released
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97551
http://www.securitytracker.com/id/1038225
https://access.redhat.com/errata/RHSA-2017:0934
https://helpx.adobe.com/security/products/flash-player/apsb17-10.html
https://security.gentoo.org/glsa/201704-04
http://www.zerodayinitiative.com/advisories/ZDI-17-279/
http://www.securityfocus.com/bid/97551
http://www.securitytracker.com/id/1038225
https://access.redhat.com/errata/RHSA-2017:0934
https://helpx.adobe.com/security/products/flash-player/apsb17-10.html
https://security.gentoo.org/glsa/201704-04