CVE-2017-11213: Integer Overflow
First published: Tue Nov 14 2017(Updated: )
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/flash-plugin | <27.0.0.187 | 27.0.0.187 |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Adobe Flash Player | <=27.0.0.183 | |
| Apple macOS | ||
| Linux Linux kernel | ||
| Microsoft Windows | ||
| Adobe Flash Player | <=27.0.0.183 | |
| Google Chrome OS | ||
| Adobe Flash Player | <=27.0.0.183 | |
| Adobe Flash Player | <=27.0.0.183 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/101837
- http://www.securitytracker.com/id/1039778
- https://access.redhat.com/errata/RHSA-2017:3222
- https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
- https://security.gentoo.org/glsa/201711-13
- https://access.redhat.com/security/cve/CVE-2017-3112
- https://access.redhat.com/security/cve/CVE-2017-3114
- https://access.redhat.com/security/cve/CVE-2017-11213
- https://access.redhat.com/security/cve/CVE-2017-11215
- https://access.redhat.com/security/cve/CVE-2017-11225
- https://bugzilla.redhat.com/show_bug.cgi?id=1513132
Frequently Asked Questions
What is CVE-2017-11213?
CVE-2017-11213 is a vulnerability in Adobe Flash Player 27.0.0.183 and earlier versions that allows an attacker to read data past the end of the target buffer due to an integer overflow.
How severe is CVE-2017-11213?
CVE-2017-11213 is classified as a critical vulnerability with a severity rating of 9.8 out of 10.
Which software versions are affected by CVE-2017-11213?
Adobe Flash Player versions up to and including 27.0.0.183 are affected by CVE-2017-11213.
How can I fix CVE-2017-11213?
To fix CVE-2017-11213, update Adobe Flash Player to version 27.0.0.187 or later.
Are Redhat Enterprise Linux Desktop 6.0, Redhat Enterprise Linux Server 6.0, and Redhat Enterprise Linux Workstation 6.0 affected by CVE-2017-11213?
Yes, Redhat Enterprise Linux Desktop 6.0, Redhat Enterprise Linux Server 6.0, and Redhat Enterprise Linux Workstation 6.0 are affected by CVE-2017-11213.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-11213
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- vendor/adobe
- canonical/adobe flash player
- version/adobe flash player/27.0.0.183
- vendor/apple
- canonical/apple macos
- vendor/linux
- canonical/linux linux kernel
- vendor/microsoft
- canonical/microsoft windows
- vendor/google
- canonical/google chrome os
- canonical/microsoft windows 10
- canonical/microsoft windows 8.1
- package-manager/redhat