CVE-2017-2992
Adobe Flash - MP4 AMF Parsing Overflow
Severity Score
Exploit Likelihood
Affected Versions
11Public Exploits
2Exploited in Wild
-Decision
Descriptions
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de memoria dinámica cuando se analiza una cabecera MP4. La explotación exitosa podría conducir a la ejecución de código arbitrario.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.221. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-02 CVE Reserved
- 2017-02-15 CVE Published
- 2017-02-18 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/141161 | 2017-02-18 | |
| https://www.exploit-db.com/exploits/41420 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0275.html | 2022-11-17 | |
| https://security.gentoo.org/glsa/201702-20 | 2022-11-17 | |
| https://access.redhat.com/security/cve/CVE-2017-2992 | 2017-02-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1422237 | 2017-02-15 |