CVE-2017-11282

CRITICAL

Adobe Flash Player < 26.0.0.151 - Memory Corruption in MP4 Atom Parser

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11282. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit demonstrates an out-of-bounds read vulnerability in TextFormat.applyToRange, triggered by a fuzzed file. It is a proof-of-concept for CVE-2017-11282, which affects certain software versions.

Description

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/42783

View Code ZIP pw:eip

The exploit demonstrates an out-of-bounds read vulnerability in TextFormat.applyToRange, triggered by a fuzzed file. It is a proof-of-concept for CVE-2017-11282, which affects certain software versions.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Software using TextFormat.applyToRange (specific version not specified)

No auth needed

Prerequisites: Access to the target system to deliver the fuzzed file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/144332/Adobe-Flash-appleToRange-Out-Of-Bounds-Read.html

Third Party Advisory x_refsource_misc

https://bugs.chromium.org/p/project-zero/issues/detail?id=1323

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100716

Exploit, Third Party Advisory x_refsource_misc

https://www.youtube.com/watch?v=6iZnIQbRf5M

Third Party Advisory, VDB Entry vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201709-16

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42783/

Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsb17-28.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2017:2702

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039314

Scores

CVSS v3 9.8

EPSS 0.3485

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (5)

adobe/flash_player < 26.0.0.151 (4 CPE variants)

n/a/Adobe Flash Player 26.0.0.151 and earlier versions Adobe Flash Player 26.0.0.151 and earlier versions

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

Published Dec 01, 2017

Tracked Since Feb 18, 2026