Vulnerability Details CVE-2017-3085
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/100191
- http://www.securitytracker.com/id/1039088
- http://www.zerodayinitiative.com/advisories/ZDI-17-634/
- https://access.redhat.com/errata/RHSA-2017:2457
- https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
- https://security.gentoo.org/glsa/201709-16
- http://www.securityfocus.com/bid/100191
- http://www.securitytracker.com/id/1039088
- http://www.zerodayinitiative.com/advisories/ZDI-17-634/
- https://access.redhat.com/errata/RHSA-2017:2457
- https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
- https://security.gentoo.org/glsa/201709-16
Products affected by CVE-2017-3085
-
cpe:2.3:a:adobe:flash_player:16.0.0.287
-
cpe:2.3:a:adobe:flash_player:18.0
-
cpe:2.3:a:adobe:flash_player:18.0.0.203
-
cpe:2.3:a:adobe:flash_player:18.0.0.204
-
cpe:2.3:a:adobe:flash_player:19.0.0.245
-
cpe:2.3:a:adobe:flash_player:20.0.0.228
-
cpe:2.3:a:adobe:flash_player:20.0.0.306
-
cpe:2.3:a:adobe:flash_player:21.0.0.216
-
cpe:2.3:a:adobe:flash_player:21.0.0.241
-
cpe:2.3:a:adobe:flash_player:21.0.0.242
-
cpe:2.3:a:adobe:flash_player:21.0.0.97
-
cpe:2.3:a:adobe:flash_player:22.0.0.192
-
cpe:2.3:a:adobe:flash_player:22.0.0.211
-
cpe:2.3:a:adobe:flash_player:23.0
-
cpe:2.3:a:adobe:flash_player:23.0.0.162
-
cpe:2.3:a:adobe:flash_player:23.0.0.185
-
cpe:2.3:a:adobe:flash_player:23.0.0.205
-
cpe:2.3:a:adobe:flash_player:23.0.0.207
-
cpe:2.3:a:adobe:flash_player:23.0.0.257
-
cpe:2.3:a:adobe:flash_player:24.0.0.186
-
cpe:2.3:a:adobe:flash_player:24.0.0.194
-
cpe:2.3:a:adobe:flash_player:24.0.0.221
-
cpe:2.3:a:adobe:flash_player:25.0.0.127
-
cpe:2.3:a:adobe:flash_player:25.0.0.148
-
cpe:2.3:a:adobe:flash_player:25.0.0.163
-
cpe:2.3:a:adobe:flash_player:25.0.0.171
-
cpe:2.3:a:adobe:flash_player:26.0.0.120
-
cpe:2.3:a:adobe:flash_player:26.0.0.126
-
cpe:2.3:a:adobe:flash_player:26.0.0.131
-
cpe:2.3:a:adobe:flash_player:26.0.0.137
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.131
-
cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.137
-
cpe:2.3:o:apple:mac_os_x:-
-
cpe:2.3:o:google:chrome_os:-
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0