CVE-2017-3078

CRITICAL

Adobe Flash Player <= 25.0.0.171 - Memory Corruption in ATF Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-3078. PoCs published by Google Security Research, homjxi0e.

AI-analyzed exploit summary This exploit leverages a heap corruption vulnerability in the ATF parser of Adobe Flash Player. The PoC involves loading a maliciously crafted ATF file via a SWF file, leading to potential remote code execution.

Description

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/42249

This exploit leverages a heap corruption vulnerability in the ATF parser of Adobe Flash Player. The PoC involves loading a maliciously crafted ATF file via a SWF file, leading to potential remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe Flash Player
No auth needed
Prerequisites: Access to a web server to host the malicious files · Victim must visit the crafted URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by homjxi0e · poc
https://github.com/homjxi0e/CVE-2017-3078

This repository contains a README file describing CVE-2017-3078, a memory corruption vulnerability in Adobe Flash Player's ATF module. It lists vulnerable versions and platforms but does not include exploit code or technical details.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Adobe Flash Player versions 25.0.0.171 and earlier
No auth needed
Prerequisites: Vulnerable Adobe Flash Player installation · User interaction (e.g., visiting a malicious webpage)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99025
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038655
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42249/
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1439
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201707-15

Scores

CVSS v3 9.8
EPSS 0.3089
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
adobe/flash_player < 25.0.0.171 (4 CPE variants)
n/a/Adobe Flash Player 25.0.0.171 and earlier. Adobe Flash Player 25.0.0.171 and earlier.
Published Jun 20, 2017
Tracked Since Feb 18, 2026