High severity8.1NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2017-3201
CVE-2017-3201
Description
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=2.2.0+ 1 more
- (no CPE)range: =2.2.0
- (no CPE)range: 2.2.0
Patches
Vulnerability mechanics
References
4- codewhitesec.blogspot.com/2017/04/amf.htmlnvdExploitThird Party Advisory
- www.securityfocus.com/bid/97380nvdThird Party AdvisoryVDB Entry
- www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-executionnvdThird Party Advisory
- www.kb.cert.org/vuls/id/307983nvdThird Party Advisory
News mentions
0No linked articles in our index yet.