SB2016051002 - Microsoft Security Update for Adobe Flash Player
Published: May 10, 2016 Updated: February 14, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 25 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2016-1096)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.2) “Use-after-free” error (CVE-ID: CVE-2016-1097)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.3) Memory corruption (CVE-ID: CVE-2016-1098)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.4) Memory corruption (CVE-ID: CVE-2016-1099)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.5) Memory corruption (CVE-ID: CVE-2016-1100)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.6) Heap-based buffer overflow (CVE-ID: CVE-2016-1101)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.7) Memory corruption (CVE-ID: CVE-2016-1102)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.8) Buffer overflow (CVE-ID: CVE-2016-1103)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.9) Memory corruption (CVE-ID: CVE-2016-1104)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.10) Type confusion (CVE-ID: CVE-2016-1105)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.11) “Use-after-free” error (CVE-ID: CVE-2016-1106)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.12) Use-after-free error (CVE-ID: CVE-2016-1107)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.13) Use-after-free error (CVE-ID: CVE-2016-1108)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.14) Use-after-free error (CVE-ID: CVE-2016-1109)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.15) Use-after-free error (CVE-ID: CVE-2016-1110)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.16) Use-after-free error (CVE-ID: CVE-2016-4108)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.17) Memory corruption (CVE-ID: CVE-2016-4109)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.18) Use-after-free error (CVE-ID: CVE-2016-4110)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.19) Memory corruption (CVE-ID: CVE-2016-4111)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.20) Memory corruption (CVE-ID: CVE-2016-4112)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.21) Memory corruption (CVE-ID: CVE-2016-4113)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.22) Memory corruption (CVE-ID: CVE-2016-4114)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.23) Memory corruption (CVE-ID: CVE-2016-4115)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.24) Untrusted search path (CVE-ID: CVE-2016-4116)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an error in the directory search path used to find resources. A remote attacker can create a specially crafted .swf file, locate it on WebDav or SMB share, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.25) Type confusion (CVE-ID: CVE-2016-4117)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Note: the vulnerability was being actively exploited.
Remediation
Install update from vendor's website.