ByteOS Network

NVD Vulnerability Details :

CVE-2017-11225

Deferred

Source-psirt@adobe.com

Published At-09 Dec, 2017 | 06:29

Updated At-20 Apr, 2025 | 01:37

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Red Hat, Inc.

>>enterprise_linux_desktop>>6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_server>>6.0

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>Versions up to 27.0.0.183(inclusive)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Apple Inc.

>>macos>>-

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>-

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>Versions up to 27.0.0.183(inclusive)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

Apple Inc.

>>macos>>-

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Google LLC

>>chrome_os>>-

cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>-

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>Versions up to 27.0.0.183(inclusive)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*

Adobe Inc.

>>flash_player>>Versions up to 27.0.0.183(inclusive)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:intenet_explorer_11:*:*

Microsoft Corporation

>>windows_10>>-

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>-

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-416	Primary	nvd@nist.gov

CWE ID: CWE-416

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/101837	psirt@adobe.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039778	psirt@adobe.com	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3222	psirt@adobe.com	Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html	psirt@adobe.com	Patch Vendor Advisory
https://security.gentoo.org/glsa/201711-13	psirt@adobe.com	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101837	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039778	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3222	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://security.gentoo.org/glsa/201711-13	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry