SB2016091323 - Security Update for Adobe Flash Player

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016091323

SB2016091323 - Security Update for Adobe Flash Player

Published: September 13, 2016 Updated: November 25, 2018

Security Bulletin ID SB2016091323
CSH Severity
High
Patch available
YES
Number of vulnerabilities 26
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 88% Low 12%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 26 vulnerabilities.


1) Security bypass (CVE-ID: CVE-2016-4271)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


2) “Use-after-free” error (CVE-ID: CVE-2016-4272)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

3) Memory corruption (CVE-ID: CVE-2016-4274)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

4) Memory corruption (CVE-ID: CVE-2016-4275)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

5) Memory corruption (CVE-ID: CVE-2016-4276)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

6) Security bypass (CVE-ID: CVE-2016-4277)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


7) Security bypass (CVE-ID: CVE-2016-4278)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


8) “Use-after-free” error (CVE-ID: CVE-2016-4279)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

9) Memory corruption (CVE-ID: CVE-2016-4280)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

10) Memory corruption (CVE-ID: CVE-2016-4281)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

11) Memory corruption (CVE-ID: CVE-2016-4282)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

12) Memory corruption (CVE-ID: CVE-2016-4283)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

13) Memory corruption (CVE-ID: CVE-2016-4284)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

14) Memory corruption (CVE-ID: CVE-2016-4285)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

15) Integer overflow (CVE-ID: CVE-2016-4287)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

16) “Use-after-free” error (CVE-ID: CVE-2016-6921)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

17) Memory corruption (CVE-ID: CVE-2016-6922)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

18) “Use-after-free” error (CVE-ID: CVE-2016-6923)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

19) Memory corruption (CVE-ID: CVE-2016-6924)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

20) “Use-after-free” error (CVE-ID: CVE-2016-6925)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

21) “Use-after-free” error (CVE-ID: CVE-2016-6926)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

22) “Use-after-free” error (CVE-ID: CVE-2016-6927)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

23) “Use-after-free” error (CVE-ID: CVE-2016-6929)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

24) “Use-after-free” error (CVE-ID: CVE-2016-6930)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

25) “Use-after-free” error (CVE-ID: CVE-2016-6931)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

26) “Use-after-free” error (CVE-ID: CVE-2016-6932)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References