ByteOS Network

NVD Vulnerability Details :

CVE-2017-3085

Deferred

Source-psirt@adobe.com

Published At-11 Aug, 2017 | 19:29

Updated At-20 Apr, 2025 | 01:37

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.4	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 7.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Adobe Inc.

>>flash_player_desktop_runtime>>Versions up to 26.0.0.137(inclusive)

cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*

Apple Inc.

>>mac_os_x>>-

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>-

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>Versions up to 26.0.0.137(inclusive)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*

Adobe Inc.

>>flash_player>>Versions up to 26.0.0.137(inclusive)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

Microsoft Corporation

>>windows_10>>-

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>-

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Adobe Inc.

>>flash_player>>Versions up to 26.0.0.137(inclusive)

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

Apple Inc.

>>mac_os_x>>-

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Google LLC

>>chrome_os>>-

cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*

Linux Kernel Organization, Inc

>>linux_kernel>>-

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows>>-

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>6.0

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_desktop>>6.0

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_workstation>>6.0

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-601	Primary	nvd@nist.gov

CWE ID: CWE-601

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/100191	psirt@adobe.com	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039088	psirt@adobe.com	Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-634/	psirt@adobe.com	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2457	psirt@adobe.com	Third Party Advisory
https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/	psirt@adobe.com	Exploit Technical Description Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html	psirt@adobe.com	Patch Vendor Advisory
https://security.gentoo.org/glsa/201709-16	psirt@adobe.com	Third Party Advisory
http://www.securityfocus.com/bid/100191	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039088	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-634/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:2457	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/	af854a3a-2127-422b-91ae-364da2661108	Exploit Technical Description Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://security.gentoo.org/glsa/201709-16	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory