CVE-2017-2987

HIGH

Adobe Flash Player <= 24.0.0.194 - Remote Code Execution via Integer Overflow

Title source: llm

Description

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.

References (5)

Core 5

Core References

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96194

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201702-20

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2017-0275.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037815

Patch, Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsb17-04.html

Scores

CVSS v3 8.8

EPSS 0.0853

EPSS Percentile 94.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (3)

adobe/flash_player < 24.0.0.194 (3 CPE variants)

adobe/flash_player_desktop_runtime < 24.0.0.194

n/a/Adobe Flash Player 24.0.0.194 and earlier. Adobe Flash Player 24.0.0.194 and earlier.

Published Feb 15, 2017

Tracked Since Feb 18, 2026