English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

⚠️ CISA Known Exploited Vulnerability

Active Threat

This vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.

View CISA KEV Catalog

CVE-2017-11292

High CISA KEV
Low Medium High Critical
8.8
CVSS Score
Published: Oct 22, 2017
Last Modified: Oct 22, 2025

Vulnerability Description

Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H

Known Affected Software

13 configuration(s) from 2 vendor(s)

flash_player_desktop_runtime
Version:
16.0.0.287
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:16.0.0.287:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
26.0.0.137
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.137:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
27.0.0.130
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:27.0.0.130:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
26.0.0.151
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.151:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
21.0.0.226
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:21.0.0.226:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
27.0.0.159
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:27.0.0.159:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
18.0
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
26.0.0.131
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:26.0.0.131:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
23.0.0.162
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:23.0.0.162:*:*:*:*:*:*:*
flash_player_desktop_runtime
Version:
18.0.0.203
CPE:
cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
enterprise_linux_server
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:x86:*
enterprise_linux_desktop
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:x64:*
enterprise_linux_workstation
Version:
6.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:x86:*
This vulnerability affects 13 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

8.8
out of 10.0
High

CISA KEV Status

Active Exploitation

Listed in CISA's Known Exploited Vulnerabilities catalog

View on CISA KEV

Key Information

Published Date
October 22, 2017

External Resources

NIST
NIST NVD
National Vulnerability Database
CD
CVE Details
Detailed vulnerability info
MT
MITRE CVE
Official CVE record