CVE-2017-3085

EPSS 4.5%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 4.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

11 Aug 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Affected products

Adobe Systems Incorporated · Flash Player

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2017:2457 https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/https://helpx.adobe.com/security/products/flash-player/apsb17-23.html https://security.gentoo.org/glsa/201709-16 http://www.securityfocus.com/bid/100191 http://www.securitytracker.com/id/1039088 http://www.zerodayinitiative.com/advisories/ZDI-17-634/