Multiple vulnerabilities in Adobe Flash Player

Published: 2016-12-13 19:07:52
Severity Critical
Patch available YES
Number of vulnerabilities 17
CVE ID CVE-2016-7890
CVE-2016-7876
CVE-2016-7875
CVE-2016-7874
CVE-2016-7873
CVE-2016-7871
CVE-2016-7870
CVE-2016-7869
CVE-2016-7868
CVE-2016-7867
CVE-2016-7892
CVE-2016-7881
CVE-2016-7880
CVE-2016-7879
CVE-2016-7878
CVE-2016-7877
CVE-2016-7872
CVSSv3 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
9.2 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-119
CWE-416
Exploitation vector Network
Public exploit Vulnerability #11 is being exploited in the wild.
Vulnerable software Adobe Flash Player
Adobe Flash Player for Linux
Vulnerable software versions Adobe Flash Player 21.0.0.226
Adobe Flash Player 21.0.0.213
Adobe Flash Player 21.0.0.197

Show more

Adobe Flash Player for Linux 11.2.202.632
Adobe Flash Player for Linux 11.2.202.644
Adobe Flash Player for Linux 11.2.202.643

Show more

Vendor URL Adobe

Security Advisory

This security bulletin describes 17 vulnerabilities in Adobe Flash, including 1 zero-day vulnerability.

1) Security restrictions bypass

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to unknown error processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it and bypass implemented security mechanisms.

Successful exploitation of the vulnerability results in unauthorized access to restricted information.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

2) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

3) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

4) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

5) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

6) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

7) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

8) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

9) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

10) Buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

11) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

12) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

13) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

14) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

15) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

16) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

17) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Remediation

Install the latest version 24.0.0.186 from vendor's website for Windows, Macintosh and Linux.

External links

https://helpx.adobe.com/security/products/flash-player/apsb16-39.html

Back to List