VDB
CVE-2017-11282
CVE-2017-11282
PUBLISHED
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
EPSS 20.69% · 95.7th percentile
Risk Scores
EPSS Score
20.69%
95.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | flashplugin-nonfree | 11.2.202.621ubuntu0.16.04.1, 11.2.202.626ubuntu0.16.04.1, 11.2.202.632ubuntu0.16.04.1 |
| Ubuntu:14.04:LTS | flashplugin-nonfree | 11.2.202.429ubuntu0.14.04.1, 11.2.202.438ubuntu0.14.04.1, 11.2.202.442ubuntu0.14.04.1 |
Exploit Intelligence
- https://www.youtube.com/watch?v=6iZnIQbRf5M (nist-nvd)
- https://www.exploit-db.com/exploits/42783/ (nist-nvd)
- CIRCL exploited: CVE-2017-11282 (circl-sighting)
- CIRCL seen: CVE-2017-11282 (circl-sighting)
- CIRCL seen: CVE-2017-11282 (circl-sighting)
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1323 (circl)
- https://helpx.adobe.com/security/products/flash-player/apsb17-28.html (circl)
- RHSA-2017:2702 (circl)
- 1039314 (circl)
- GLSA-201709-16 (circl)
…and 4 more exploits
Timeline
- Sep 13, 2017 CVE Published
- Sep 25, 2017 PoC Published
- Sep 28, 2017 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-11282 third-party-advisory
- https://rhn.redhat.com/errata/RHSA-2017-2702.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-11282 third-party-advisory