What is CVE-2017-11225?

CVE-2017-11225 is a vulnerability in Adobe Flash Player 27.0.0.183 and earlier versions that allows an attacker to gain unintended memory access.

What is the severity of CVE-2017-11225?

CVE-2017-11225 has a severity rating of 9.8, which is considered critical.

Which software is affected by CVE-2017-11225?

Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, and Redhat Enterprise Linux Workstation running version 6.0 as well as Adobe Flash Player up to version 27.0.0.183 are affected by CVE-2017-11225.

How can I fix CVE-2017-11225?

To fix CVE-2017-11225, update Adobe Flash Player to a version later than 27.0.0.183 or apply the relevant security patch provided by your software vendor.

Where can I find more information about CVE-2017-11225?

You can find more information about CVE-2017-11225 on the following websites: [Security Focus](http://www.securityfocus.com/bid/101837), [Security Tracker](http://www.securitytracker.com/id/1039778), [Red Hat Advisory](https://access.redhat.com/errata/RHSA-2017:3222).

Vulnerability/
CVE-2017-11225

critical

CWE

416

9/12/2017

8/9/2021

CVE-2017-11225: Use After Free

First published: Sat Dec 09 2017(Updated: )

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.

Credit: psirt@adobe.com

Affected Software	Affected Version	How to fix
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Workstation	=6.0
Adobe Flash Player	<=27.0.0.183
Apple macOS
Linux Linux kernel
Microsoft Windows
Adobe Flash Player	<=27.0.0.183
Google Chrome OS
Adobe Flash Player	<=27.0.0.183
Adobe Flash Player	<=27.0.0.183
Microsoft Windows 10
Microsoft Windows 8.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-11225?
CVE-2017-11225 is a vulnerability in Adobe Flash Player 27.0.0.183 and earlier versions that allows an attacker to gain unintended memory access.
What is the severity of CVE-2017-11225?
CVE-2017-11225 has a severity rating of 9.8, which is considered critical.
Which software is affected by CVE-2017-11225?
Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, and Redhat Enterprise Linux Workstation running version 6.0 as well as Adobe Flash Player up to version 27.0.0.183 are affected by CVE-2017-11225.
How can I fix CVE-2017-11225?
To fix CVE-2017-11225, update Adobe Flash Player to a version later than 27.0.0.183 or apply the relevant security patch provided by your software vendor.
Where can I find more information about CVE-2017-11225?
You can find more information about CVE-2017-11225 on the following websites: [Security Focus](http://www.securityfocus.com/bid/101837), [Security Tracker](http://www.securitytracker.com/id/1039778), [Red Hat Advisory](https://access.redhat.com/errata/RHSA-2017:3222).

collector/nvd-index
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
vendor/adobe
canonical/adobe flash player
version/adobe flash player/27.0.0.183
vendor/apple
canonical/apple macos
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows
vendor/google
canonical/google chrome os
canonical/microsoft windows 10
canonical/microsoft windows 8.1