CVE-2017-3106

HIGH

Adobe Flash Player <26.0.0.137 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-3106. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a fuzzed SWF file to trigger an out-of-bounds access in ActionScript object traits, potentially leading to type confusion and exploitable conditions in Adobe Flash Player.

Description

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/42480

View Code ZIP pw:eip

This exploit leverages a fuzzed SWF file to trigger an out-of-bounds access in ActionScript object traits, potentially leading to type confusion and exploitable conditions in Adobe Flash Player.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Flash Player (versions affected by CVE-2017-3106)

No auth needed

Prerequisites: Victim must open the malicious SWF file in a vulnerable version of Adobe Flash Player

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42480/

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039088

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100190

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201709-16

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2017:2457

Patch, Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/flash-player/apsb17-23.html

Scores

CVSS v3 8.8

EPSS 0.2231

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (6)

adobe/flash_player < 26.0.0.137 (3 CPE variants)

adobe/flash_player_desktop_runtime < 26.0.0.137

Adobe Systems Incorporated/Flash Player 26.0.0.137 and earlier.

redhat/enterprise_linux 6.0

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_workstation 6.0

Published Aug 11, 2017

Tracked Since Feb 18, 2026