Microsoft Windows update for Adobe Flash Player

Published: 2017-08-08 21:52:25 | Updated: 2017-08-08 21:53:11
Severity High
Patch available YES
Number of vulnerabilities 2
CVSSv2 3.2 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
6.9 (AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 3.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-3085
CVE-2017-3106
CWE ID CWE-200
CWE-843
Exploitation vector Network
Public exploit Not available
Vulnerable software Adobe Flash Player
Vulnerable software versions Adobe Flash Player on Windows 10 Version 1703 for x64-based Systems
Adobe Flash Player on Windows 10 Version 1703 for 32-bit Systems
Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems
Show more
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to unknown error when processing .swf files. A remote attacker can create a specially crafted file, trick the victim into opening it, bypass certain security restrictions and gain access to potentially sensitive information.

Remediation

Install updates from Microsoft website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170010

2) Type confusion error

Description

The vulnerability allows a remote attacker to compromise vulnerable system

The vulnerability exists due to a type confusion error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install updates from Microsoft website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170010

Back to List