High severity8.8CISA KEVNVD Advisory· Published Oct 22, 2017· Updated Apr 22, 2026

CVE-2017-11292

Description

Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

Affected products

Adobe Inc./Flash Player3 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*+ 2 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*range: <=27.0.0.159
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*range: <=27.0.0.130
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*range: <=27.0.0.130
Adobe Inc./Flash Player Desktop Runtime
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
Range: <=27.0.0.159
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb17-32.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/101286nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039582nvdBroken LinkThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2899nvdThird Party Advisory
security.gentoo.org/glsa/201710-22nvdThird Party Advisory
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.028
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000