SUSE Linux update for flash-player
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-3058 CVE-2017-3059 CVE-2017-3060 CVE-2017-3061 CVE-2017-3062 CVE-2017-3063 CVE-2017-3064 |
| CWE-ID | CWE-416 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software Subscribe |
Adobe Flash Player Client/Desktop applications / Plugins for browsers, ActiveX components |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Use-after-free error
EUVDB-ID: #VU6195
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3058
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling malicious content. A remote unauthenticated attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
Update the affected packages.
Adobe Flash Player: 25.0.0.127 - 25.0.0.148
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-04/msg00014.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free error
EUVDB-ID: #VU6196
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3059
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling malicious content. A remote unauthenticated attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
Update the affected packages.
Adobe Flash Player: 25.0.0.127 - 25.0.0.148
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-04/msg00014.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU6199
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3060
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malicious content. A remote unauthenticated attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
Update the affected packages.
Adobe Flash Player: 25.0.0.127 - 25.0.0.148
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-04/msg00014.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU6200
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-3061
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malicious content. A remote unauthenticated attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
Update the affected packages.
Adobe Flash Player: 25.0.0.127 - 25.0.0.148
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-04/msg00014.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Use-after-free error
EUVDB-ID: #VU6197
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3062
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling malicious content. A remote unauthenticated attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
Update the affected packages.
Adobe Flash Player: 25.0.0.127 - 25.0.0.148
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-04/msg00014.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free error
EUVDB-ID: #VU6198
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3063
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling malicious content. A remote unauthenticated attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
Update the affected packages.
Adobe Flash Player: 25.0.0.127 - 25.0.0.148
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-04/msg00014.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU6201
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-3064
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malicious content. A remote unauthenticated attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in remote code execution.
Update the affected packages.
Adobe Flash Player: 25.0.0.127 - 25.0.0.148
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-04/msg00014.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
