Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 11.2.202.637 / 18.0.0.382 / 23.0.0.185 Multiple Vulnerabilities (APSB16-32)

High

Synopsis

The remote host is running an outdated version of Adobe Flash Player that is affected by multiple vulnerabilities.

Description

Versions of Adobe Flash Player prior to 11.2.202.637, 18.0.0.382, or 23.0.0.185 are unpatched, and therefore affected by the following vulnerabilities :

- An unspecified type confusion flaw may allow a context-dependent attacker to execute arbitrary code. No further details have been provided. (OSVDB 145407) - A use-after-free error may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided. (OSVDB 145408, OSVDB 145409) - An unspecified flaw may allow a context-dependent attacker to bypass security restrictions. No further details have been provided. (OSVDB 145410) - A flaw is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (OSVDB 145411, OSVDB 145412, OSVDB 145413, OSVDB 145414, OSVDB 145415, OSVDB 145416, OSVDB 145417, OSVDB 145418)

Solution

Upgrade to Adobe Flash Player version 23.0.0.185 or later. If 23.x cannot be obtained, versions 18.0.0.382 and 11.2.202.637 have also been patched for these vulnerabilities.