First published: Tue Mar 14 2017(Updated: )
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Macromedia Flash Player | <=24.0.0.221 | |
Apple iOS and macOS | ||
Chrome OS | ||
Linux Kernel | ||
Microsoft Windows Operating System | ||
Macromedia Flash Player | <=24.0.0.221 | |
Macromedia Flash Player | <=24.0.0.221 | |
Windows 10 | ||
Microsoft Windows | ||
Adobe Flash Player | <=24.0.0.221 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-3001 is classified as a critical vulnerability that could lead to arbitrary code execution.
To fix CVE-2017-3001, users should upgrade to Adobe Flash Player version 24.0.0.222 or later.
CVE-2017-3001 affects Adobe Flash Player versions 24.0.0.221 and earlier.
Yes, CVE-2017-3001 can be exploited remotely by attackers through crafted Flash content.
Exploitation of CVE-2017-3001 may allow an attacker to execute arbitrary code on a user's system.