SB2016061602 - Multiple vulnerabilities in Adobe Flash Player
Published: June 16, 2016 Updated: February 27, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 37 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2016-4141)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.2) Memory corruption (CVE-ID: CVE-2016-4171)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
3) Information disclosure (CVE-ID: CVE-2016-4139)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to input validation error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass the same-origin-policy and gain access to potentially sensitive data.
4) Path traversal (CVE-ID: CVE-2016-4140)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an error in the directory search path used to find resources when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.5) Heap-based buffer overflow (CVE-ID: CVE-2016-4138)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.6) Heap-based buffer overflow (CVE-ID: CVE-2016-4136)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.7) Heap-based buffer overflow (CVE-ID: CVE-2016-4135)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.8) “Use-after-free” error (CVE-ID: CVE-2016-4148)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.9) “Use-after-free” error (CVE-ID: CVE-2016-4147)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.10) “Use-after-free” error (CVE-ID: CVE-2016-4146)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.11) “Use-after-free” error (CVE-ID: CVE-2016-4145)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.12) “Use-after-free” error (CVE-ID: CVE-2016-4143)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.13) “Use-after-free” error (CVE-ID: CVE-2016-4142)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.14) Type confusion (CVE-ID: CVE-2016-4149)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confussion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.15) Type confusion (CVE-ID: CVE-2016-4144)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confussion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.16) Memory corruption (CVE-ID: CVE-2016-4166)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.17) Memory corruption (CVE-ID: CVE-2016-4156)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.18) Memory corruption (CVE-ID: CVE-2016-4155)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.19) Memory corruption (CVE-ID: CVE-2016-4154)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.20) Memory corruption (CVE-ID: CVE-2016-4153)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.21) Memory corruption (CVE-ID: CVE-2016-4152)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.22) Memory corruption (CVE-ID: CVE-2016-4151)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.23) Memory corruption (CVE-ID: CVE-2016-4150)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.24) Memory corruption (CVE-ID: CVE-2016-4137)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.25) Memory corruption (CVE-ID: CVE-2016-4134)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
26) Memory corruption (CVE-ID: CVE-2016-4133)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
27) Memory corruption (CVE-ID: CVE-2016-4132)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
28) Memory corruption (CVE-ID: CVE-2016-4131)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
29) Memory corruption (CVE-ID: CVE-2016-4130)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
30) Memory corruption (CVE-ID: CVE-2016-4129)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
31) Memory corruption (CVE-ID: CVE-2016-4128)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
32) Memory corruption (CVE-ID: CVE-2016-4127)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
33) Memory corruption (CVE-ID: CVE-2016-4125)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
34) Memory corruption (CVE-ID: CVE-2016-4124)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
35) Memory corruption (CVE-ID: CVE-2016-4123)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
36) Memory corruption (CVE-ID: CVE-2016-4122)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
37) “Use-after-free” error (CVE-ID: CVE-2016-4121)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Remediation
Install update from vendor's website.