cvelistv5 - CVE-2017-11305

CVE-2017-11305 (GCVE-0-2017-11305)

Vulnerability from cvelistv5 – Published: 2017-12-13 21:00 – Updated: 2024-08-05 18:05

Summary

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

Severity ?

No CVSS data available.

CWE

Business Logic Error

Assigner

adobe

References

URL

Tags

	https://helpx.adobe.com/security/products/flash-p…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039986	vdb-entryx_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:0081	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/102139	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Adobe Flash Player 27.0.0.187 and earlier versions	Affected: Adobe Flash Player 27.0.0.187 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:05:30.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
          },
          {
            "name": "1039986",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039986"
          },
          {
            "name": "RHSA-2018:0081",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0081"
          },
          {
            "name": "102139",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102139"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Flash Player 27.0.0.187 and earlier versions",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe Flash Player 27.0.0.187 and earlier versions"
            }
          ]
        }
      ],
      "datePublic": "2017-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Business Logic Error",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-11T10:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
        },
        {
          "name": "1039986",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039986"
        },
        {
          "name": "RHSA-2018:0081",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        },
        {
          "name": "102139",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102139"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2017-11305",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Flash Player 27.0.0.187 and earlier versions",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe Flash Player 27.0.0.187 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Business Logic Error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
            },
            {
              "name": "1039986",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039986"
            },
            {
              "name": "RHSA-2018:0081",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0081"
            },
            {
              "name": "102139",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102139"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2017-11305",
    "datePublished": "2017-12-13T21:00:00",
    "dateReserved": "2017-07-13T00:00:00",
    "dateUpdated": "2024-08-05T18:05:30.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\", \"versionEndIncluding\": \"27.0.0.187\", \"matchCriteriaId\": \"41094F1E-580A-42B1-8EBD-B301172A1F3E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\", \"versionEndIncluding\": \"27.0.0.187\", \"matchCriteriaId\": \"B82891FB-EE85-4440-8F60-5CC8D512D85C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\", \"versionEndIncluding\": \"27.0.0.187\", \"matchCriteriaId\": \"A87C86E3-680F-46F8-B311-9AC901D7CD5C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21540673-614A-4D40-8BD7-3F07723803B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"27.0.0.187\", \"matchCriteriaId\": \"9724D696-B64A-4598-8771-5D49837D8E83\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.\"}, {\"lang\": \"es\", \"value\": \"Una regresi\\u00f3n que afecta a Adobe Flash Player en su versi\\u00f3n 27.0.0.187 (y anteriores) provoca el restablecimiento accidental del archivo de preferencias de configuraciones globales cuando un usuario borra los datos del navegador.\"}]",
      "id": "CVE-2017-11305",
      "lastModified": "2024-11-21T03:07:31.503",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-12-13T21:29:00.230",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102139\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039986\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0081\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102139\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039986\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0081\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-11305\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2017-12-13T21:29:00.230\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.\"},{\"lang\":\"es\",\"value\":\"Una regresi\u00f3n que afecta a Adobe Flash Player en su versi\u00f3n 27.0.0.187 (y anteriores) provoca el restablecimiento accidental del archivo de preferencias de configuraciones globales cuando un usuario borra los datos del navegador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\",\"versionEndIncluding\":\"27.0.0.187\",\"matchCriteriaId\":\"41094F1E-580A-42B1-8EBD-B301172A1F3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\",\"versionEndIncluding\":\"27.0.0.187\",\"matchCriteriaId\":\"B82891FB-EE85-4440-8F60-5CC8D512D85C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*\",\"versionEndIncluding\":\"27.0.0.187\",\"matchCriteriaId\":\"A87C86E3-680F-46F8-B311-9AC901D7CD5C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"27.0.0.187\",\"matchCriteriaId\":\"9724D696-B64A-4598-8771-5D49837D8E83\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102139\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039986\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0081\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-461

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Adobe Flash. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 28.0.0.126 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 28.0.0.126 sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 28.0.0.126 sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 28.0.0.126 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe du 12 décembre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 28.0.0.126 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 28.0.0.126 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 28.0.0.126 sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 28.0.0.126 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11305"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-461",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Adobe Flash. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 12 d\u00e9cembre 2017",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
    }
  ]
}

CERTFR-2017-AVI-461

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Adobe Flash. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions antérieures à 28.0.0.126 sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player pour Google Chrome versions antérieures à 28.0.0.126 sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 28.0.0.126 sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player Desktop Runtime versions antérieures à 28.0.0.126 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe du 12 décembre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player pour Microsoft Edge et Internet Explorer 11 versions ant\u00e9rieures \u00e0 28.0.0.126 sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions ant\u00e9rieures \u00e0 28.0.0.126 sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 28.0.0.126 sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions ant\u00e9rieures \u00e0 28.0.0.126 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-11305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11305"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-461",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Adobe Flash. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 12 d\u00e9cembre 2017",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
    }
  ]
}

RHSA-2018_0081

Vulnerability from csaf_redhat - Published: 2018-01-10 20:56 - Updated: 2024-11-15 02:06

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0081",
        "url": "https://access.redhat.com/errata/RHSA-2018:0081"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
      },
      {
        "category": "external",
        "summary": "1525508",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525508"
      },
      {
        "category": "external",
        "summary": "1532810",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532810"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0081.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-15T02:06:10+00:00",
      "generator": {
        "date": "2024-11-15T02:06:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:0081",
      "initial_release_date": "2018-01-10T20:56:19+00:00",
      "revision_history": [
        {
          "date": "2018-01-10T20:56:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-01-10T20:56:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T02:06:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                "product": {
                  "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                  "product_id": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@28.0.0.137-1.el6_9?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11305",
      "discovery_date": "2017-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1525508"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "RHBZ#1525508",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525508"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-11305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
        }
      ],
      "release_date": "2017-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-01-10T20:56:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)"
    },
    {
      "cve": "CVE-2018-4871",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2018-01-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1532810"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: out-of-bounds read causing information leak (APSB18-01)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "RHBZ#1532810",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532810"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-4871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
        }
      ],
      "release_date": "2018-01-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-01-10T20:56:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "flash-plugin: out-of-bounds read causing information leak (APSB18-01)"
    }
  ]
}

RHSA-2018:0081

Vulnerability from csaf_redhat - Published: 2018-01-10 20:56 - Updated: 2025-11-21 18:03

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0081",
        "url": "https://access.redhat.com/errata/RHSA-2018:0081"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
      },
      {
        "category": "external",
        "summary": "1525508",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525508"
      },
      {
        "category": "external",
        "summary": "1532810",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532810"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0081.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:03:26+00:00",
      "generator": {
        "date": "2025-11-21T18:03:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2018:0081",
      "initial_release_date": "2018-01-10T20:56:19+00:00",
      "revision_history": [
        {
          "date": "2018-01-10T20:56:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-01-10T20:56:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:03:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                "product": {
                  "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                  "product_id": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@28.0.0.137-1.el6_9?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.137-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.137-1.el6_9.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-11305",
      "discovery_date": "2017-12-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1525508"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "RHBZ#1525508",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525508"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-11305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
        }
      ],
      "release_date": "2017-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-01-10T20:56:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)"
    },
    {
      "cve": "CVE-2018-4871",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2018-01-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1532810"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: out-of-bounds read causing information leak (APSB18-01)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "RHBZ#1532810",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1532810"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-4871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4871"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"
        }
      ],
      "release_date": "2018-01-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-01-10T20:56:19+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.137-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "flash-plugin: out-of-bounds read causing information leak (APSB18-01)"
    }
  ]
}

FKIE_CVE-2017-11305

Vulnerability from fkie_nvd - Published: 2017-12-13 21:29 - Updated: 2025-04-20 01:37

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

References

URL	Tags
psirt@adobe.com	http://www.securityfocus.com/bid/102139	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	http://www.securitytracker.com/id/1039986	Broken Link, Third Party Advisory, VDB Entry
psirt@adobe.com	https://access.redhat.com/errata/RHSA-2018:0081	Third Party Advisory
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb17-42.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102139	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039986	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0081	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb17-42.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	flash_player	*
apple	mac_os_x	-
google	chrome_os	-
linux	linux_kernel	-
microsoft	windows	-
adobe	flash_player	*
adobe	flash_player	*
microsoft	windows_10	-
microsoft	windows_8.1	-
adobe	flash_player_desktop_runtime	*
apple	mac_os_x	-
linux	linux_kernel	-
microsoft	windows	-
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "41094F1E-580A-42B1-8EBD-B301172A1F3E",
              "versionEndIncluding": "27.0.0.187",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "B82891FB-EE85-4440-8F60-5CC8D512D85C",
              "versionEndIncluding": "27.0.0.187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
              "matchCriteriaId": "A87C86E3-680F-46F8-B311-9AC901D7CD5C",
              "versionEndIncluding": "27.0.0.187",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9724D696-B64A-4598-8771-5D49837D8E83",
              "versionEndIncluding": "27.0.0.187",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data."
    },
    {
      "lang": "es",
      "value": "Una regresi\u00f3n que afecta a Adobe Flash Player en su versi\u00f3n 27.0.0.187 (y anteriores) provoca el restablecimiento accidental del archivo de preferencias de configuraciones globales cuando un usuario borra los datos del navegador."
    }
  ],
  "id": "CVE-2017-11305",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-13T21:29:00.230",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102139"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039986"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0081"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-11305

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

Aliases

CVE-2017-11305

Aliases

CVE-2017-11305

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-11305",
    "description": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.",
    "id": "GSD-2017-11305",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:0081",
      "https://advisories.mageia.org/CVE-2017-11305.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-11305"
      ],
      "details": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.",
      "id": "GSD-2017-11305",
      "modified": "2023-12-13T01:21:15.735961Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2017-11305",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Flash Player 27.0.0.187 and earlier versions",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Adobe Flash Player 27.0.0.187 and earlier versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Business Logic Error"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
          },
          {
            "name": "1039986",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039986"
          },
          {
            "name": "RHSA-2018:0081",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0081"
          },
          {
            "name": "102139",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102139"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "27.0.0.187",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "27.0.0.187",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "27.0.0.187",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "27.0.0.187",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2017-11305"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
            },
            {
              "name": "1039986",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039986"
            },
            {
              "name": "102139",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102139"
            },
            {
              "name": "RHSA-2018:0081",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0081"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-01-27T19:24Z",
      "publishedDate": "2017-12-13T21:29Z"
    }
  }
}

CNVD-2018-01075

Vulnerability from cnvd - Published: 2018-01-17

Title

Adobe Flash Player未授权操作漏洞

Description

Adobe Flash Player是美国奥多比（Adobe）公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在安全漏洞。远程攻击者可利用该漏洞执行未授权的操作。

Severity

中

Patch Name

Adobe Flash Player未授权操作漏洞的补丁

Patch Description

Adobe Flash Player是美国奥多比（Adobe）公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在安全漏洞。远程攻击者可利用该漏洞执行未授权的操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://helpx.adobe.com/security/products/flash-player/apsb17-42.html

Reference

https://helpx.adobe.com/security/products/flash-player/apsb17-42.html https://www.securityfocus.com/bid/102139

Impacted products

Name
['Adobe Flash Player Desktop Runtime <=27.0.0.187', 'Adobe Flash Player for Google Chrome <=27.0.0.187', 'Adobe Flash Player for Microsoft Edge and Internet Explorer 11 <=11 27.0.0.187']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102139"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-11305"
    }
  },
  "description": "Adobe Flash Player\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u8de8\u5c4f\u5e55\u548c\u6d4f\u89c8\u5668\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u3001\u5185\u5bb9\u548c\u89c6\u9891\u3002\r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Adobe",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb17-42.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-01075",
  "openTime": "2018-01-17",
  "patchDescription": "Adobe Flash Player\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u8de8\u5c4f\u5e55\u548c\u6d4f\u89c8\u5668\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u3001\u5185\u5bb9\u548c\u89c6\u9891\u3002\r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Flash Player Desktop Runtime \u003c=27.0.0.187",
      "Adobe Flash Player for Google Chrome \u003c=27.0.0.187",
      "Adobe Flash Player for Microsoft Edge and Internet Explorer 11 \u003c=11 27.0.0.187"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html\r\nhttps://www.securityfocus.com/bid/102139",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-18",
  "title": "Adobe Flash Player\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e"
}

GHSA-6F97-QC4G-XRJJ

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02

Details

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-11305"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-13T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.",
  "id": "GHSA-6f97-qc4g-xrjj",
  "modified": "2022-05-13T01:02:17Z",
  "published": "2022-05-13T01:02:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11305"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0081"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102139"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039986"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-11305 (GCVE-0-2017-11305)

Solution

Solution

Tags

Sightings

Nomenclature