CVE-2017-3068
Adobe Flash - AVC Deblocking Out-of-Bounds Read
Severity Score
Exploit Likelihood
Affected Versions
14Public Exploits
2Exploited in Wild
-Decision
Descriptions
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en el motor de Codificación de Vídeo Avanzada. La explotación con éxito podría conllevar a la ejecución de código arbitraria.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.171. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-02 CVE Reserved
- 2017-05-09 CVE Published
- 2017-05-17 First Exploit
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/142542 | 2017-05-17 | |
| https://www.exploit-db.com/exploits/42017 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:1219 | 2023-01-27 | |
| https://security.gentoo.org/glsa/201705-12 | 2023-01-27 | |
| https://access.redhat.com/security/cve/CVE-2017-3068 | 2017-05-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1449340 | 2017-05-09 |