CVE-2017-2937

Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution.

Published: Jan 11, 2017
Updated: May 9, 2024
CVE: CVE-2017-2937
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
adobe / flash_player	-	24.0.0.186.x

http://rhn.redhat.com/errata/RHSA-2017-0057.html
http://www.securityfocus.com/bid/95342
http://www.securitytracker.com/id/1037570
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
https://security.gentoo.org/glsa/201702-20

Vulnerability Database

290,020

CVE-2017-2937