CVE-2017-11292
CVE-2017-11292
In short
Adobe Flash Player has a flaw in how it checks bytecode that allows attackers to use wrong values when calculating array positions, which can lead to running malicious code on your computer.
Technical detail
CVE-2017-11292 involves insufficient bytecode verification in Adobe Flash Player ≤27.0.0.159, permitting untrusted values to be used in array index calculations, resulting in type confusion that can be exploited for arbitrary code execution. Attack vector requires opening a malicious SWF file; no privilege escalation needed.
Summary generated and translated by AI from the official description.
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · Adobe Flash Player version 27.0.0.159 and earlierWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2017:2899https://helpx.adobe.com/security/products/flash-player/apsb17-32.htmlhttps://security.gentoo.org/glsa/201710-22https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11292http://www.securityfocus.com/bid/101286http://www.securitytracker.com/id/1039582