CVE-2017-2987

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2017-0275.html Third Party Advisory
http://www.securityfocus.com/bid/96194 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037815 Broken Link Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html Patch Vendor Advisory
https://security.gentoo.org/glsa/201702-20 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

17 Nov 2022, 20:59

Type Values Removed Values Added
First Time Adobe flash Player Desktop Runtime
CVSS v2 : 10.0
v3 : 9.8
v2 : 9.3
v3 : 8.8
CPE cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
References (SECTRACK) http://www.securitytracker.com/id/1037815 - (SECTRACK) http://www.securitytracker.com/id/1037815 - Broken Link, Third Party Advisory, VDB Entry
References (GENTOO) https://security.gentoo.org/glsa/201702-20 - (GENTOO) https://security.gentoo.org/glsa/201702-20 - Third Party Advisory
References (CONFIRM) https://helpx.adobe.com/security/products/flash-player/apsb17-04.html - Vendor Advisory (CONFIRM) https://helpx.adobe.com/security/products/flash-player/apsb17-04.html - Patch, Vendor Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0275.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0275.html - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/96194 - (BID) http://www.securityfocus.com/bid/96194 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2017-02-15 06:59

Updated : 2023-12-10 12:01


NVD link : CVE-2017-2987

Mitre link : CVE-2017-2987

CVE.ORG link : CVE-2017-2987


JSON object : View

Products Affected

microsoft

  • windows_8.1
  • windows_10
  • windows

adobe

  • flash_player
  • flash_player_desktop_runtime

google

  • chrome_os

linux

  • linux_kernel

apple

  • mac_os_x
CWE
CWE-190

Integer Overflow or Wraparound