First published: Mon Oct 16 2017(Updated: )
Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
Credit: psirt@adobe.com psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/flash-plugin | <27.0.0.170 | 27.0.0.170 |
Macromedia Flash Player | ||
All of | ||
Adobe Flash Player | <=27.0.0.159 | |
Any of | ||
Apple iOS and macOS | ||
Linux Kernel | ||
Microsoft Windows Operating System | ||
All of | ||
Any of | ||
Macromedia Flash Player | <=27.0.0.130 | |
Macromedia Flash Player | <=27.0.0.130 | |
Any of | ||
Windows 10 | ||
Microsoft Windows | ||
All of | ||
Macromedia Flash Player | <=27.0.0.159 | |
Any of | ||
Apple iOS and macOS | ||
Chrome OS | ||
Linux Kernel | ||
Microsoft Windows Operating System | ||
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Workstation | =6.0 | |
Adobe Flash Player | <=27.0.0.159 | |
Apple iOS and macOS | ||
Linux Kernel | ||
Microsoft Windows Operating System | ||
Macromedia Flash Player | <=27.0.0.130 | |
Macromedia Flash Player | <=27.0.0.130 | |
Windows 10 | ||
Microsoft Windows | ||
Macromedia Flash Player | <=27.0.0.159 | |
Chrome OS |
The impacted product is end-of-life and should be disconnected if still in use.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-11292 is categorized as critical due to its potential for remote code execution.
To fix CVE-2017-11292, upgrade Adobe Flash Player to version 27.0.0.170 or later.
CVE-2017-11292 allows attackers to execute arbitrary code on the user's system.
Versions of Adobe Flash Player prior to 27.0.0.170 are affected by CVE-2017-11292.
Disabling Adobe Flash Player in your web browser can mitigate the risk of CVE-2017-11292.