Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Flash Player by Adobe Systems Incorporated

    CVE-2017-3106 (GCVE-0-2017-3106)

    Vulnerability from nvd – Published: 2017-08-11 19:00 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Type Confusion
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/42480/ exploitx_refsource_EXPLOIT-DB
    http://www.securitytracker.com/id/1039088 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/100190 vdb-entryx_refsource_BID
    https://security.gentoo.org/glsa/201709-16 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:2457 vendor-advisoryx_refsource_REDHAT
    https://helpx.adobe.com/security/products/flash-p… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Adobe Systems Incorporated Flash Player Affected: 26.0.0.137 and earlier.
    Create a notification for this product.
    Date Public
    2017-08-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:27.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42480",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42480/"
              },
              {
                "name": "1039088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039088"
              },
              {
                "name": "100190",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100190"
              },
              {
                "name": "GLSA-201709-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201709-16"
              },
              {
                "name": "RHSA-2017:2457",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2457"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Flash Player",
              "vendor": "Adobe Systems Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "26.0.0.137 and earlier."
                }
              ]
            }
          ],
          "datePublic": "2017-08-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Type Confusion",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "name": "42480",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42480/"
            },
            {
              "name": "1039088",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039088"
            },
            {
              "name": "100190",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100190"
            },
            {
              "name": "GLSA-201709-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201709-16"
            },
            {
              "name": "RHSA-2017:2457",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2457"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "DATE_PUBLIC": "2017-08-08T00:00:00",
              "ID": "CVE-2017-3106",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Flash Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "26.0.0.137 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adobe Systems Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Type Confusion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42480",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42480/"
                },
                {
                  "name": "1039088",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039088"
                },
                {
                  "name": "100190",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100190"
                },
                {
                  "name": "GLSA-201709-16",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201709-16"
                },
                {
                  "name": "RHSA-2017:2457",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2457"
                },
                {
                  "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2017-3106",
        "datePublished": "2017-08-11T19:00:00.000Z",
        "dateReserved": "2016-12-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:04.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3085 (GCVE-0-2017-3085)

    Vulnerability from nvd – Published: 2017-08-11 19:00 – Updated: 2024-09-16 18:23
    VLAI
    Summary
    Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
    Severity
    No CVSS data available.
    CWE
    • Security Bypass
    Assigner
    Impacted products
    Vendor Product Version
    Adobe Systems Incorporated Flash Player Affected: 26.0.0.137 and earlier.
    Create a notification for this product.
    Date Public
    2017-08-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:27.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039088"
              },
              {
                "name": "GLSA-201709-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201709-16"
              },
              {
                "name": "RHSA-2017:2457",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2457"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-634/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/"
              },
              {
                "name": "100191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100191"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Flash Player",
              "vendor": "Adobe Systems Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "26.0.0.137 and earlier."
                }
              ]
            }
          ],
          "datePublic": "2017-08-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "name": "1039088",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039088"
            },
            {
              "name": "GLSA-201709-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201709-16"
            },
            {
              "name": "RHSA-2017:2457",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2457"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-634/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/"
            },
            {
              "name": "100191",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100191"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "DATE_PUBLIC": "2017-08-08T00:00:00",
              "ID": "CVE-2017-3085",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Flash Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "26.0.0.137 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adobe Systems Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039088",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039088"
                },
                {
                  "name": "GLSA-201709-16",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201709-16"
                },
                {
                  "name": "RHSA-2017:2457",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2457"
                },
                {
                  "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-634/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-634/"
                },
                {
                  "name": "https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/",
                  "refsource": "MISC",
                  "url": "https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/"
                },
                {
                  "name": "100191",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100191"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2017-3085",
        "datePublished": "2017-08-11T19:00:00.000Z",
        "dateReserved": "2016-12-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:23:18.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3106 (GCVE-0-2017-3106)

    Vulnerability from cvelistv5 – Published: 2017-08-11 19:00 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Type Confusion
    Assigner
    References
    URL Tags
    https://www.exploit-db.com/exploits/42480/ exploitx_refsource_EXPLOIT-DB
    http://www.securitytracker.com/id/1039088 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/100190 vdb-entryx_refsource_BID
    https://security.gentoo.org/glsa/201709-16 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2017:2457 vendor-advisoryx_refsource_REDHAT
    https://helpx.adobe.com/security/products/flash-p… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Adobe Systems Incorporated Flash Player Affected: 26.0.0.137 and earlier.
    Create a notification for this product.
    Date Public
    2017-08-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:27.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42480",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42480/"
              },
              {
                "name": "1039088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039088"
              },
              {
                "name": "100190",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100190"
              },
              {
                "name": "GLSA-201709-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201709-16"
              },
              {
                "name": "RHSA-2017:2457",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2457"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Flash Player",
              "vendor": "Adobe Systems Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "26.0.0.137 and earlier."
                }
              ]
            }
          ],
          "datePublic": "2017-08-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Type Confusion",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "name": "42480",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42480/"
            },
            {
              "name": "1039088",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039088"
            },
            {
              "name": "100190",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100190"
            },
            {
              "name": "GLSA-201709-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201709-16"
            },
            {
              "name": "RHSA-2017:2457",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2457"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "DATE_PUBLIC": "2017-08-08T00:00:00",
              "ID": "CVE-2017-3106",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Flash Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "26.0.0.137 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adobe Systems Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Type Confusion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42480",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42480/"
                },
                {
                  "name": "1039088",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039088"
                },
                {
                  "name": "100190",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100190"
                },
                {
                  "name": "GLSA-201709-16",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201709-16"
                },
                {
                  "name": "RHSA-2017:2457",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2457"
                },
                {
                  "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2017-3106",
        "datePublished": "2017-08-11T19:00:00.000Z",
        "dateReserved": "2016-12-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:04.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3085 (GCVE-0-2017-3085)

    Vulnerability from cvelistv5 – Published: 2017-08-11 19:00 – Updated: 2024-09-16 18:23
    VLAI
    Summary
    Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
    Severity
    No CVSS data available.
    CWE
    • Security Bypass
    Assigner
    Impacted products
    Vendor Product Version
    Adobe Systems Incorporated Flash Player Affected: 26.0.0.137 and earlier.
    Create a notification for this product.
    Date Public
    2017-08-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:27.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039088"
              },
              {
                "name": "GLSA-201709-16",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201709-16"
              },
              {
                "name": "RHSA-2017:2457",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2457"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-634/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/"
              },
              {
                "name": "100191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100191"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Flash Player",
              "vendor": "Adobe Systems Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "26.0.0.137 and earlier."
                }
              ]
            }
          ],
          "datePublic": "2017-08-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "name": "1039088",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039088"
            },
            {
              "name": "GLSA-201709-16",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201709-16"
            },
            {
              "name": "RHSA-2017:2457",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2457"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-634/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/"
            },
            {
              "name": "100191",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100191"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "DATE_PUBLIC": "2017-08-08T00:00:00",
              "ID": "CVE-2017-3085",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Flash Player",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "26.0.0.137 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adobe Systems Incorporated"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039088",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039088"
                },
                {
                  "name": "GLSA-201709-16",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201709-16"
                },
                {
                  "name": "RHSA-2017:2457",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2457"
                },
                {
                  "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-634/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-634/"
                },
                {
                  "name": "https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/",
                  "refsource": "MISC",
                  "url": "https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/"
                },
                {
                  "name": "100191",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100191"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2017-3085",
        "datePublished": "2017-08-11T19:00:00.000Z",
        "dateReserved": "2016-12-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:23:18.694Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }