CVE-2017-11305
Description
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A regression in Flash Player 27.0.0.187 and earlier resets global settings when clearing browser data, enabling attacker modification via crafted SWF.
Vulnerability
A regression in Adobe Flash Player version 27.0.0.187 and earlier causes the unintended reset of the global settings preference file when a user clears browser data [1]. This allows an attacker to craft a specially crafted SWF file that, when loaded by the victim, can modify these settings after the reset occurs.
Exploitation
An attacker must deliver a malicious SWF file to the victim, who must be using an affected version of Flash Player (up to 27.0.0.187) with Flash enabled [1]. The victim then needs to load a page containing the SWF content. Subsequently, when the user clears browser data (e.g., cookies, cache), the global settings preference file is reset, allowing the attacker's content to influence settings [1].
Impact
Successful exploitation allows an attacker to modify the global settings preference file [1], potentially disabling security features, altering storage settings, or facilitating further attacks. This could lead to disclosure of sensitive information or compromise of the Flash environment [1].
Mitigation
Adobe released Flash Player version 28.0.0.137 to address this vulnerability [1]. Red Hat provided patched packages via RHSA-2018:0081 for Red Hat Enterprise Linux 6 [1]. Users should update to the latest version immediately. If updating is not possible, consider disabling Flash Player or restricting untrusted SWF files.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=27.0.0.187
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- helpx.adobe.com/security/products/flash-player/apsb17-42.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/102139nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039986nvdBroken LinkThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:0081nvdThird Party Advisory
News mentions
0No linked articles in our index yet.