CVE-2017-3060

CRITICAL

Adobe Flash Player < 25.0.0.127 - Out-of-Bounds Read

Title source: rule

Description

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-17-247/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201704-04

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038225

Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsb17-10.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97557

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2017:0934

Scores

CVSS v3 9.8

EPSS 0.0991

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (2)

adobe/flash_player < 25.0.0.127 (4 CPE variants)

n/a/Adobe Flash Player 25.0.0.127 and earlier. Adobe Flash Player 25.0.0.127 and earlier.

Published Apr 12, 2017

Tracked Since Feb 18, 2026