{"id":"CVE-2017-3085","details":"Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.","modified":"2026-03-15T22:15:50.344563Z","published":"2017-08-11T19:29:02.210Z","related":["MGASA-2017-0314"],"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039088"},{"type":"ADVISORY","url":"http://www.zerodayinitiative.com/advisories/ZDI-17-634/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2457"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201709-16"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/100191"},{"type":"FIX","url":"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"},{"type":"EVIDENCE","url":"https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"26.0.0.137"}]},{"events":[{"introduced":"0"},{"last_affected":"26.0.0.137"}]},{"events":[{"introduced":"0"},{"last_affected":"26.0.0.137"}]},{"events":[{"introduced":"0"},{"last_affected":"26.0.0.137"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3085.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N"}]}