CVE-2017-11281

CRITICAL

Adobe Flash Player < 26.0.0.151 - Memory Corruption in Text Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-11281. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a fuzzed MP4 file to trigger an out-of-bounds memory access in Adobe Flash, leading to potential remote code execution. The PoC is a binary file (MP4) designed to exploit CVE-2017-11281.

Description

Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/42782

This exploit leverages a fuzzed MP4 file to trigger an out-of-bounds memory access in Adobe Flash, leading to potential remote code execution. The PoC is a binary file (MP4) designed to exploit CVE-2017-11281.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player
No auth needed
Prerequisites: Victim must open the malicious MP4 file in a vulnerable version of Adobe Flash Player
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/42781

This exploit leverages a malformed MP4 file to trigger an out-of-bounds memory access in Adobe Flash Player, leading to potential remote code execution. The PoC is a binary file (MP4) designed to exploit CVE-2017-11281.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player (versions prior to fix for CVE-2017-11281)
No auth needed
Prerequisites: Victim must open the malicious MP4 file in a vulnerable version of Flash Player
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100710
Third Party Advisory, VDB Entry vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201709-16
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42782/
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42781/
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=CvmnUeza9zw
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2702
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039314

Scores

CVSS v3 9.8
EPSS 0.3388
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (5)
adobe/flash_player < 26.0.0.151 (4 CPE variants)
n/a/Adobe Flash Player 26.0.0.151 and earlier versions Adobe Flash Player 26.0.0.151 and earlier versions
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 6.0
Published Dec 01, 2017
Tracked Since Feb 18, 2026