Security News > 2017 > October > Adobe releases emergency fix for Flash Player zero-day exploited in the wild

Adobe releases emergency fix for Flash Player zero-day exploited in the wild
2017-10-17 16:40

Adobe has released an out-of-band security update for Adobe Flash Player that patches a zero-day remote code execution vulnerability actively exploited in the wild. Kaspersky Lab researchers spotted the live attacks on October 10, 2017, and say that the exploit is delivered through a Microsoft Word document and deploys the most recent version of the FinSpy (aka FinFisher) commercial malware developed by Gamma International. The attack leveraging CVE-2017-11292 The researchers believe that the zero-day is … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ftGWAy6beUM/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-10-22 CVE-2017-11292 Type Confusion vulnerability in multiple products
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index.
network
low complexity
adobe redhat CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 105 47 824 1650 622 3143