CVE-2017-3080
Adobe Flash BrokerCreateFile Broker Method Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
Las versiones 26.0.0.131 y anteriores de Adobe Flash Player, presentan una vulnerabilidad de omisión de seguridad relacionada con la API Flash utilizada por Internet Explorer. Una explotación con éxito conllevaría a la divulgación de información.
This vulnerability allows remote attackers to bypass the Enhanced Protected Mode sandbox of vulnerable installations of Adobe Flash Player and disclose file contents. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the BrokerCreateFile method. An attacker can use this component to read the contents of any file that the current user has access to.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.137. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-02 CVE Reserved
- 2017-07-12 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99519 | Broken Link | |
| http://www.securitytracker.com/id/1038845 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/flash-player/apsb17-21.html | 2023-01-27 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:1731 | 2023-01-27 | |
| https://security.gentoo.org/glsa/201707-15 | 2023-01-27 | |
| https://access.redhat.com/security/cve/CVE-2017-3080 | 2017-07-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1469763 | 2017-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Flash Player Desktop Runtime Search vendor "Adobe" for product "Flash Player Desktop Runtime" | <= 26.0.0.131 Search vendor "Adobe" for product "Flash Player Desktop Runtime" and version " <= 26.0.0.131" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Desktop Runtime Search vendor "Adobe" for product "Flash Player Desktop Runtime" | <= 26.0.0.131 Search vendor "Adobe" for product "Flash Player Desktop Runtime" and version " <= 26.0.0.131" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Desktop Runtime Search vendor "Adobe" for product "Flash Player Desktop Runtime" | <= 26.0.0.131 Search vendor "Adobe" for product "Flash Player Desktop Runtime" and version " <= 26.0.0.131" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 26.0.0.120 Search vendor "Adobe" for product "Flash Player" and version " <= 26.0.0.120" | edge |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 26.0.0.120 Search vendor "Adobe" for product "Flash Player" and version " <= 26.0.0.120" | edge |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 26.0.0.120 Search vendor "Adobe" for product "Flash Player" and version " <= 26.0.0.120" | internet_explorer |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 26.0.0.120 Search vendor "Adobe" for product "Flash Player" and version " <= 26.0.0.120" | internet_explorer |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 26.0.0.131 Search vendor "Adobe" for product "Flash Player" and version " <= 26.0.0.131" | chrome |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 26.0.0.131 Search vendor "Adobe" for product "Flash Player" and version " <= 26.0.0.131" | chrome |
Affected
| in | Google Search vendor "Google" | Chrome Os Search vendor "Google" for product "Chrome Os" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 26.0.0.131 Search vendor "Adobe" for product "Flash Player" and version " <= 26.0.0.131" | chrome |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 26.0.0.131 Search vendor "Adobe" for product "Flash Player" and version " <= 26.0.0.131" | chrome |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|