CVE-2017-2986

Published: Feb 15, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.

Affected (4)

Products: Adobe: Flash Player, Flash Player Desktop Runtime

Adobe

2 products

Flash Player

Flash Player Desktop Runtime

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 24.0.0.194

Running on/with	Platform Versions
Google Chrome Os	All versions

Configuration B

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 24.0.0.194
Adobe Flash Player	Up to 24.0.0.194

Running on/with	Platform Versions
Microsoft Windows 10	All versions
Microsoft Windows 8.1	All versions

Configuration C

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Adobe Flash Player Desktop Runtime	Up to 24.0.0.194

Running on/with	Platform Versions
Apple Mac Os X	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (12)

http://rhn.redhat.com/errata/RHSA-2017-0275.html

Source: psirt@adobe.com

Third Party Advisory

http://www.securityfocus.com/bid/96193

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1037815

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/flash-player/apsb17-04.html

Source: psirt@adobe.com

PatchVendor Advisory

https://security.gentoo.org/glsa/201702-20

Source: psirt@adobe.com

Third Party Advisory

https://www.exploit-db.com/exploits/41423/

Source: psirt@adobe.com

ExploitThird Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2017-0275.html