Vulnerability Details CVE-2017-2997
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable buffer overflow / underflow vulnerability in the Primetime TVSDK that supports customizing ad information. Successful exploitation could lead to arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.055
EPSS Ranking 90.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.3
References
- http://rhn.redhat.com/errata/RHSA-2017-0526.html
- http://www.securityfocus.com/bid/96860
- http://www.securitytracker.com/id/1037994
- https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
- https://security.gentoo.org/glsa/201703-02
- http://rhn.redhat.com/errata/RHSA-2017-0526.html
- http://www.securityfocus.com/bid/96860
- http://www.securitytracker.com/id/1037994
- https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
- https://security.gentoo.org/glsa/201703-02
Products affected by CVE-2017-2997
-
cpe:2.3:a:adobe:flash_player:16.0.0.287
-
cpe:2.3:a:adobe:flash_player:18.0
-
cpe:2.3:a:adobe:flash_player:18.0.0.203
-
cpe:2.3:a:adobe:flash_player:18.0.0.204
-
cpe:2.3:a:adobe:flash_player:19.0.0.245
-
cpe:2.3:a:adobe:flash_player:20.0.0.228
-
cpe:2.3:a:adobe:flash_player:20.0.0.306
-
cpe:2.3:a:adobe:flash_player:21.0.0.216
-
cpe:2.3:a:adobe:flash_player:21.0.0.241
-
cpe:2.3:a:adobe:flash_player:21.0.0.242
-
cpe:2.3:a:adobe:flash_player:21.0.0.97
-
cpe:2.3:a:adobe:flash_player:22.0.0.192
-
cpe:2.3:a:adobe:flash_player:22.0.0.211
-
cpe:2.3:a:adobe:flash_player:23.0
-
cpe:2.3:a:adobe:flash_player:23.0.0.162
-
cpe:2.3:a:adobe:flash_player:23.0.0.185
-
cpe:2.3:a:adobe:flash_player:23.0.0.205
-
cpe:2.3:a:adobe:flash_player:23.0.0.207
-
cpe:2.3:a:adobe:flash_player:23.0.0.257
-
cpe:2.3:a:adobe:flash_player:24.0.0.186
-
cpe:2.3:a:adobe:flash_player:24.0.0.194
-
cpe:2.3:a:adobe:flash_player:24.0.0.221
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:google:chrome_os:-
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_8.1:-