Candidate: CVE-2017-2998
PublicDate: 2017-03-14 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2998
 https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
Description:
 Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable
 memory corruption vulnerability in the Primetime TVSDK API functionality
 related to timeline interactions. Successful exploitation could lead to
 arbitrary code execution.
Ubuntu-Description:
Notes:
Bugs:
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_adobe-flashplugin:
upstream_adobe-flashplugin: needs-triage
precise_adobe-flashplugin: released (25.0.0.127ubuntu0.12.04.1)
trusty_adobe-flashplugin: released (25.0.0.127ubuntu0.14.04.1)
trusty/esm_adobe-flashplugin: DNE (trusty was released [25.0.0.127ubuntu0.14.04.1])
vivid/stable-phone-overlay_adobe-flashplugin: DNE
vivid/ubuntu-core_adobe-flashplugin: DNE
xenial_adobe-flashplugin: released (25.0.0.127ubuntu0.16.04.1)
yakkety_adobe-flashplugin: released (25.0.0.127ubuntu0.16.10.1)
devel_adobe-flashplugin: not-affected