Type Confusion Vulnerability in Adobe Flash Player: Arbitrary Code Execution via MessageChannel Class

Type Confusion Vulnerability in Adobe Flash Player: Arbitrary Code Execution via MessageChannel Class

CVE-2017-2995 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.

Learn more about our Web Application Penetration Testing UK.