Home > Vulnerability Database > CVE-2017-2936

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2017-2936

Date: January 10, 2017

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution.

Language: Unix

Severity Score

7.6

Related Resources (9)

Url: https://helpx.adobe.com/security/products/flash-player/apsb17-02.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2936

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-2936

Url: https://access.redhat.com/security/cve/CVE-2017-2936

Url: http://www.securitytracker.com/id/1037570

Url: http://rhn.redhat.com/errata/RHSA-2017-0057.html

Url: https://security.gentoo.org/glsa/201702-20

Url: http://www.securityfocus.com/bid/95342

Url: https://www.mend.io/vulnerability-database/CVE-2017-2936

Severity Score

7.6

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3

Base Score:	7.6
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE

CVSS v2

Base Score:	5.3
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us