CVE-2017-3106

CVE Database · CVE-2017-3106

CVE-2017-3106

· HIGHModified

CVSS v3.1

8.8

EPSS

22.31%

Published

Aug 11, 2017

Modified

May 12, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBAdobe Flash - Invoke Accesses Trait Out-of-Bounds TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-704

Affected Products (16)

redhat · enterprise_linuxvulnerable

redhat · enterprise_linux_desktopvulnerable

redhat · enterprise_linux_workstationvulnerable

adobe · flash_player_desktop_runtimevulnerable

apple · mac_os_x

linux · linux_kernel

microsoft · windows

adobe · flash_playervulnerable

microsoft · windows_10

microsoft · windows_8.1

· flash_player

References (12)

http://www.securityfocus.com/bid/100190

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039088

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:2457

Third Party Advisory

https://helpx.adobe.com/security/products/flash-player/apsb17-23.html

PatchVendor Advisory

https://security.gentoo.org/glsa/201709-16

Third Party Advisory

https://www.exploit-db.com/exploits/42480/

KEV Catalog EPSS Scores Vendors All CVEs