Candidate: CVE-2017-3002
PublicDate: 2017-03-14 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3002
 https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
Description:
 Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use
 after free vulnerability in the ActionScript2 TextField object related to
 the variable property. Successful exploitation could lead to arbitrary code
 execution.
Ubuntu-Description:
Notes:
Bugs:
Priority: high
Discovered-by: Yuki Chen
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_adobe-flashplugin:
upstream_adobe-flashplugin: needs-triage
precise_adobe-flashplugin: released (25.0.0.127ubuntu0.12.04.1)
trusty_adobe-flashplugin: released (25.0.0.127ubuntu0.14.04.1)
trusty/esm_adobe-flashplugin: DNE (trusty was released [25.0.0.127ubuntu0.14.04.1])
vivid/stable-phone-overlay_adobe-flashplugin: DNE
vivid/ubuntu-core_adobe-flashplugin: DNE
xenial_adobe-flashplugin: released (25.0.0.127ubuntu0.16.04.1)
yakkety_adobe-flashplugin: released (25.0.0.127ubuntu0.16.10.1)
devel_adobe-flashplugin: not-affected