CVE-2017-11305 - OpenCVE

A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Flash Player Flash Player Desktop Runtime
Apple	Mac Os X
Google	Chrome Os
Linux	Linux Kernel
Microsoft	Windows Windows 10 Windows 8.1
Redhat	Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation Rhel Extras

Configuration 1 [-]

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:google:chrome_os:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:adobe:flash_player::::::edge::*
	cpe:2.3:a:adobe:flash_player::::::internet_explorer::*

OR	cpe:2.3:o:microsoft:windows_10:-:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Supplementary
flash-plugin-0:28.0.0.137-1.el6_9	cpe:/a:redhat:rhel_extras:6	RHSA-2018:0081	2018-01-10T00:00:00Z

References

Link	Providers
http://www.securityfocus.com/bid/102139
http://www.securitytracker.com/id/1039986
https://access.redhat.com/errata/RHSA-2018:0081
https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
https://nvd.nist.gov/vuln/detail/CVE-2017-11305
https://www.cve.org/CVERecord?id=CVE-2017-11305

History

No history.

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2017-12-13T21:00:00

Updated: 2024-08-05T18:05:30.567Z

Reserved: 2017-07-13T00:00:00

Link: CVE-2017-11305

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-12-13T21:29:00.230

Modified: 2023-01-27T19:24:25.790

Link: CVE-2017-11305

Redhat

Severity : Moderate

Publid Date: 2017-12-12T00:00:00Z

Links: CVE-2017-11305 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object