Vulnerability CVE-2017-2998: Information

Description

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-2998
Published: March 14, 2017
Modified: Jan. 27, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
adobe-flash-player-ppapip925-alt1.S132-alt118ALT-PU-2017-1308-1180549Fixed
adobe-flash-player-ppapip825-alt1.M80P.132-alt118ALT-PU-2017-1315-1180550Fixed
adobe-flash-player-ppapic9f225-alt1.S132-alt115ALT-PU-2017-1308-1180549Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
  • Patch
  • Vendor Advisory
96866
  • Broken Link
  • Third Party Advisory
  • VDB Entry
GLSA-201703-02
  • Third Party Advisory
1037994
  • Broken Link
  • Third Party Advisory
  • VDB Entry
RHSA-2017:0526
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
      Running on/with:
      cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
      cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top