CVE-2017-3085

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References:

100191
100191
1039088
1039088
http://www.zerodayinitiative.com/advisories/ZDI-17-634/
http://www.zerodayinitiative.com/advisories/ZDI-17-634/
RHSA-2017:2457
RHSA-2017:2457
https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/
https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
GLSA-201709-16
GLSA-201709-16

Published: 2017-08-11
Modified: 2024-11-21

CVE-2017-3106

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

100190
100190
1039088
1039088
RHSA-2017:2457
RHSA-2017:2457
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
GLSA-201709-16
GLSA-201709-16
42480
42480

Version: 2.1.0

Package adobe-flash-player-ppapi update in sisyphus on 2017-08-17

ALT-PU-2017-2075-1

Closed vulnerabilities

CVE-2017-3085

CVE-2017-3106