CVE-2017-11213
Description
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player 27.0.0.183 and earlier has an integer overflow leading to out-of-bounds read, exposing sensitive data.
Vulnerability
An integer overflow in the bitmap image creation abstraction of Adobe Flash Player versions 27.0.0.183 and earlier causes the software to read data past the end of the target buffer, resulting in an out-of-bounds read [1]. This flaw affects the computation that creates arbitrarily sized transparent or opaque bitmap images.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious SWF file and convincing a user to load the file in a browser with Adobe Flash Player installed [1]. No authentication or special network position is required; the user only needs to visit a page hosting the malicious SWF.
Impact
Successful exploitation allows an attacker to read sensitive data from memory, potentially leading to disclosure of confidential information [1]. The out-of-bounds read can expose internal data structures and user data.
Mitigation
Adobe has released Flash Player version 27.0.0.187, which fixes this vulnerability [1][2]. Users should upgrade to this version or later. There is no known workaround [2].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=27.0.0.183+ 1 more
- (no CPE)range: <=27.0.0.183
- (no CPE)range: <=27.0.0.183
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- helpx.adobe.com/security/products/flash-player/apsb17-33.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/101837nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039778nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:3222nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201711-13nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.