openSUSE update for flash-player



Published: 2016-09-14
Risk High
Patch available YES
Number of vulnerabilities 29
CVE-ID CVE-2016-4182
CVE-2016-4237
CVE-2016-4238
CVE-2016-4271
CVE-2016-4272
CVE-2016-4274
CVE-2016-4275
CVE-2016-4276
CVE-2016-4277
CVE-2016-4278
CVE-2016-4279
CVE-2016-4280
CVE-2016-4281
CVE-2016-4282
CVE-2016-4283
CVE-2016-4284
CVE-2016-4285
CVE-2016-4287
CVE-2016-6921
CVE-2016-6922
CVE-2016-6923
CVE-2016-6924
CVE-2016-6925
CVE-2016-6926
CVE-2016-6927
CVE-2016-6929
CVE-2016-6930
CVE-2016-6931
CVE-2016-6932
CWE-ID CWE-119
CWE-284
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Vulnerable software
Subscribe
Adobe Flash Player Extended Support Release
Client/Desktop applications / Multimedia software

Adobe Flash Player for Linux
Client/Desktop applications / Multimedia software

Adobe Flash Player
Client/Desktop applications / Plugins for browsers, ActiveX components

Vendor Adobe

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU3745

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4182

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632

Adobe Flash Player: 22.0.0.192 - 22.0.0.209


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Memory corruption

EUVDB-ID: #VU3772

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4237

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632

Adobe Flash Player: 22.0.0.192 - 22.0.0.209


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Memory corruption

EUVDB-ID: #VU3773

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4238

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.632

Adobe Flash Player: 22.0.0.192 - 22.0.0.209


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Security bypass

EUVDB-ID: #VU702

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-4271

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) “Use-after-free” error

EUVDB-ID: #VU4764

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4272

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Memory corruption

EUVDB-ID: #VU4765

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4274

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Memory corruption

EUVDB-ID: #VU4766

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4275

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Memory corruption

EUVDB-ID: #VU701

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4276

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote unathenticated user to cause arbitrary code execution on the target system.

The weakness exists due to boundary error. After tricking the victim to visit a web page containing crafted Flash content attackers can cause memory corruption and execute arbitary code.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Security bypass

EUVDB-ID: #VU4768

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-4277

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Security bypass

EUVDB-ID: #VU4769

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-4278

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper access control. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass security limitations and gain access to imprortant data.

Successful exploitation of the vulnerability results in information disclosure or further attacks on the vulnerable system.


Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) “Use-after-free” error

EUVDB-ID: #VU4770

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4279

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Memory corruption

EUVDB-ID: #VU4771

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4280

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Memory corruption

EUVDB-ID: #VU4772

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4281

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Memory corruption

EUVDB-ID: #VU4773

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4282

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Memory corruption

EUVDB-ID: #VU4774

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4283

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Memory corruption

EUVDB-ID: #VU699

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4284

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Memory corruption

EUVDB-ID: #VU4775

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4285

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Integer overflow

EUVDB-ID: #VU4776

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-4287

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) “Use-after-free” error

EUVDB-ID: #VU4777

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6921

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Memory corruption

EUVDB-ID: #VU4778

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6922

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) “Use-after-free” error

EUVDB-ID: #VU4779

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6923

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Memory corruption

EUVDB-ID: #VU4780

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6924

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) “Use-after-free” error

EUVDB-ID: #VU4781

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6925

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) “Use-after-free” error

EUVDB-ID: #VU4782

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6926

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) “Use-after-free” error

EUVDB-ID: #VU4783

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6927

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) “Use-after-free” error

EUVDB-ID: #VU4784

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6929

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) “Use-after-free” error

EUVDB-ID: #VU4785

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6930

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) “Use-after-free” error

EUVDB-ID: #VU4786

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6931

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) “Use-after-free” error

EUVDB-ID: #VU4787

Risk: High

CVSSv3.1:

CVE-ID: CVE-2016-6932

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free when handling a malicious Flash content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code witj privileges of the current user.

Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 11.2.202.540 - 22.0.0.211

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.366

Adobe Flash Player for Linux: 11.2.202.621 - 11.2.202.626


CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###