High severity7.4NVD Advisory· Published Aug 11, 2017· Updated May 13, 2026

CVE-2017-3085

Description

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

Affected products

Adobe Inc./Flash Player3 versions
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*+ 2 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*range: <=26.0.0.137
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*range: <=26.0.0.137
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*range: <=26.0.0.137
Adobe Inc./Flash Player Desktop Runtime
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
Range: <=26.0.0.137
Red Hat/Enterprise Linux
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Adobe Systems Incorporated/Flash Playerv5
Range: 26.0.0.137 and earlier.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/flash-player/apsb17-23.htmlnvdPatchVendor Advisory
blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/nvdExploitTechnical DescriptionThird Party Advisory
www.securityfocus.com/bid/100191nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039088nvdBroken LinkThird Party AdvisoryVDB Entry
www.zerodayinitiative.com/advisories/ZDI-17-634/nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2457nvdThird Party Advisory
security.gentoo.org/glsa/201709-16nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.481
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000