CVE-2017-3080

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
adobeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
adobeflash_player_desktop_runtime
𝑥
≤ 26.0.0.131
adobeflash_player
𝑥
≤ 26.0.0.120
adobeflash_player
𝑥
≤ 26.0.0.120
adobeflash_player
𝑥
≤ 26.0.0.131
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
zesty
Fixed 1:20170711.1-0ubuntu0.17.04.1
released
yakkety
Fixed 1:20170711.1-0ubuntu0.16.10.1
released
xenial
Fixed 1:20170711.1-0ubuntu0.16.04.1
released
trusty
Fixed 1:20170711.1-0ubuntu0.14.04.1
released
flashplugin-nonfree
zesty
Fixed 26.0.0.137ubuntu0.17.04.1
released
yakkety
ignored
xenial
Fixed 26.0.0.137ubuntu0.16.04.1
released
trusty
Fixed 26.0.0.137ubuntu0.14.04.1
released
References
http://www.securityfocus.com/bid/99519
http://www.securitytracker.com/id/1038845
https://access.redhat.com/errata/RHSA-2017:1731
https://helpx.adobe.com/security/products/flash-player/apsb17-21.html
https://security.gentoo.org/glsa/201707-15
http://www.securityfocus.com/bid/99519
http://www.securitytracker.com/id/1038845
https://access.redhat.com/errata/RHSA-2017:1731
https://helpx.adobe.com/security/products/flash-player/apsb17-21.html
https://security.gentoo.org/glsa/201707-15