Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 11.2.202.635 / 18.0.0.375 / 23.0.0.162 Multiple Vulnerabilities (APSB16-29)

Critical

Synopsis

The remote host is running an outdated version of Adobe Flash Player that is affected by multiple vulnerabilities.

Description

Versions of Adobe Flash Player prior to 11.2.202.635, 18.0.0.375, or 23.0.0.162 are affected by the following vulnerabilities :

- An unspecified flaw may allow a context-dependent attacker to bypass security restrictions and gain access to potentially sensitive information. No further details have been provided. (OSVDB 144112, OSVDB 144117, OSVDB 144118) - A use-after-free error may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144113, OSVDB 144126, OSVDB 144128, OSVDB 144130, OSVDB 144131, OSVDB 144132, OSVDB 144133, OSVDB 144134, OSVDB 144135, OSVDB 144136) - A flaw is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144114, OSVDB 144120, OSVDB 144121, OSVDB 144122, OSVDB 144123, OSVDB 144124, OSVDB 144127, OSVDB 144129) - A flaw is triggered as certain input is not properly validated when handling AVC decoding. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144115) - A flaw is triggered as certain input is not properly validated when handling SWF data. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144116) - A use-after-free condition is triggered when handling 'TextFormat' objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (OSVDB 144119) - An integer overflow condition is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (OSVDB 144125) - A flaw is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 144138)

Solution

Upgrade to Adobe Flash Player version 23.0.0.162 or later. If 23.x cannot be obtained, versions 18.0.0.375 and 11.2.202.635 have also been patched for these vulnerabilities.