Vulnerability Description
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 24.0.0.186 |
| Apple | Mac Os X | - |
| Chrome Os | - | |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 8.1 | - |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2017-0057.htmlThird Party Advisory
- http://www.securityfocus.com/bid/95342Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037570Broken LinkThird Party AdvisoryVDB Entry
- https://helpx.adobe.com/security/products/flash-player/apsb17-02.htmlPatchVendor Advisory
- https://security.gentoo.org/glsa/201702-20Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0057.htmlThird Party Advisory
- http://www.securityfocus.com/bid/95342Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037570Broken LinkThird Party AdvisoryVDB Entry
- https://helpx.adobe.com/security/products/flash-player/apsb17-02.htmlPatchVendor Advisory
- https://security.gentoo.org/glsa/201702-20Third Party Advisory
FAQ
What is CVE-2017-2936?
CVE-2017-2936 is a vulnerability with a CVSS score of 8.8 (HIGH). Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execut...
How severe is CVE-2017-2936?
CVE-2017-2936 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2936?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Google Chrome Os, Linux Linux Kernel, Microsoft Windows.