CVE-2017-3073: Use After Free
First published: Tue May 09 2017(Updated: )
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Flash Player | <=25.0.0.163 | |
| Apple iOS and macOS | ||
| Macromedia Flash Player | <=25.0.0.148 | |
| Macromedia Flash Player | <=25.0.0.148 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 8.1 | ||
| Macromedia Flash Player | <=25.0.0.148 | |
| Chrome OS | ||
| Linux Kernel | ||
| Microsoft Windows | ||
| Adobe Flash Player | <=25.0.0.148 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-3073?
CVE-2017-3073 is classified as a critical severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2017-3073?
To fix CVE-2017-3073, upgrade Adobe Flash Player to version 25.0.0.163 or later.
Which versions of Adobe Flash Player are affected by CVE-2017-3073?
CVE-2017-3073 affects Adobe Flash Player versions 25.0.0.148 and earlier.
What can happen if CVE-2017-3073 is exploited?
Exploitation of CVE-2017-3073 may lead to memory corruption and allow attackers to execute arbitrary code.
Is my operating system vulnerable to CVE-2017-3073?
Only specific versions of Adobe Flash Player running on compatible operating systems may be vulnerable to CVE-2017-3073.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe flash player
- version/adobe flash player/25.0.0.163
- vendor/apple
- canonical/apple ios and macos
- canonical/macromedia flash player
- version/macromedia flash player/25.0.0.148
- vendor/microsoft
- canonical/microsoft windows 10
- canonical/microsoft windows 8.1
- vendor/google
- canonical/chrome os
- vendor/linux
- canonical/linux kernel
- canonical/microsoft windows
- version/adobe flash player/25.0.0.148
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0