CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-11292

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score78.9620%
EPSS Percentile86.60th
Published2017年10月22日
Last Modified2026年4月22日

Vulnerability Description

Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

Affected Platforms (CPE)

📦
Adobe

Flash Player Desktop Runtime

<= 27.0.0.159
📦
Adobe

Flash Player

<= 27.0.0.130
📦
Adobe

Flash Player

<= 27.0.0.130
📦
Adobe

Flash Player

<= 27.0.0.159
💻
Redhat

Enterprise Linux Desktop

= 6.0
💻
Redhat

Enterprise Linux Server

= 6.0
💻
Redhat

Enterprise Linux Workstation

= 6.0

References & Advisories

🔗 http://www.securityfocus.com/bid/101286
🔗 http://www.securitytracker.com/id/1039582
🔗 https://access.redhat.com/errata/RHSA-2017:2899
🔗 https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
🔗 https://security.gentoo.org/glsa/201710-22
🔗 http://www.securityfocus.com/bid/101286
🔗 http://www.securitytracker.com/id/1039582
🔗 https://access.redhat.com/errata/RHSA-2017:2899

関連する脆弱性情報

CVE-2020-96339.8

Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe ...

CVE-2016-09599.8

Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release ...

CVE-2019-70906.5

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...