CVE-2017-2986

HIGH

Adobe Flash Player < 24.0.0.194 - Remote Code Execution via FLV Codec Heap Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2986. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a heap overflow vulnerability in YUVPlane decoding within Adobe Flash Player. The provided FLV file triggers the overflow when loaded via a crafted SWF file, leading to potential remote code execution.

Description

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/41423

View Code ZIP pw:eip

This exploit leverages a heap overflow vulnerability in YUVPlane decoding within Adobe Flash Player. The provided FLV file triggers the overflow when loaded via a crafted SWF file, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe Flash Player (versions affected by CVE-2017-2986)

No auth needed

Prerequisites: Hosting the provided SWF and FLV files on a server · Victim visits the crafted URL

MITRE ATT&CK