Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

Versions of Adobe Flash Player prior to 11.2.202.644 and 23.0.0.207 are unpatched, and therefore affected by the following vulnerabilities :

 - A use-after-free error exists when using ActionScript to manipulate the 'AVSegmentedSource' class allowing a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-7857)
 - A use-after-free error exists that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. The issue exists in the 'addCallback' method of the 'ExternalInterface'. (CVE-2016-7858)
 - A use-after-free error exists that is triggered when handling the 'AS2 extends' operator. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-7859)
 - A use-after-free error exists that is triggered when handling AdvertisingMetadata, Metadata, MovieClip, and TextField objects. These may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863)
 - A use-after-free error exists when handling the Selection 'setFovus' method that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-7864, CVE-2016-7865)

The remote host is affected by the vulnerability described in GLSA-201611-18 (Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process.
  Workaround :

    There is no known workaround at this time.

This update to Adobe Flash Player 11.2.202.644 fixes the following security issues :

  - type confusion vulnerabilities that could lead to code     execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865)

  - use-after-free vulnerabilities that could lead to code     execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859,     CVE-2016-7862, CVE-2016-7863, CVE-2016-7864)

This update to Adobe Flash Player 11.2.202.644 fixes the following security issues :

  - type confusion vulnerabilities that could lead to code     execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865)

  - use-after-free vulnerabilities that could lead to code     execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859,     CVE-2016-7862, CVE-2016-7863, CVE-2016-7864)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Adobe reports :

- These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-7860, CVE-2016-7861, CVE-2016-7865).

- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864).

An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update upgrades Flash Player to version 11.2.202.644.

Security Fix(es) :

* This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
(CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865)

The remote Windows host is missing KB3202790. It is, therefore, affected by multiple vulnerabilities :

  - Multiple use-after-free errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code by convincing a user to visit a website containing     specially crafted Flash content. (CVE-2016-7857,     CVE-2016-7858, CVE-2016-7859, CVE-2016-7862,     CVE-2016-7863, CVE-2016-7864)

  - Multiple type confusion errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code by convincing a user to visit a website containing     specially crafted Flash content. (CVE-2016-7860,     CVE-2016-7861, CVE-2016-7865)

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 23.0.0.205. It is, therefore, affected by multiple vulnerabilities :

  - Multiple use-after-free errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code by convincing a user to visit a website containing     specially crafted Flash content. (CVE-2016-7857,     CVE-2016-7858, CVE-2016-7859, CVE-2016-7862,     CVE-2016-7863, CVE-2016-7864)

  - Multiple type confusion errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code by convincing a user to visit a website containing     specially crafted Flash content. (CVE-2016-7860,     CVE-2016-7861, CVE-2016-7865)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 23.0.0.205. It is, therefore, affected by multiple vulnerabilities :

  - Multiple use-after-free errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code by convincing a user to visit a website containing     specially crafted Flash content. (CVE-2016-7857,     CVE-2016-7858, CVE-2016-7859, CVE-2016-7862,     CVE-2016-7863, CVE-2016-7864)

  - Multiple type confusion errors exist that allow an     unauthenticated, remote attacker to execute arbitrary     code by convincing a user to visit a website containing     specially crafted Flash content. (CVE-2016-7860,     CVE-2016-7861, CVE-2016-7865)

ID	Name	Product	Family	Severity
9802	Flash Player < 11.2.202.644 / 23.0.0.207 Multiple Vulnerabilities (APSB16-37)	Nessus Network Monitor	Web Clients	critical
95269	GLSA-201611-18 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
94755	openSUSE Security Update : flash-player (openSUSE-2016-1286)	Nessus	SuSE Local Security Checks	high
94739	SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:2778-1)	Nessus	SuSE Local Security Checks	high
94695	openSUSE Security Update : flash-player (openSUSE-2016-1285)	Nessus	SuSE Local Security Checks	high
94692	FreeBSD : flash -- multiple vulnerabilities (96f6bf10-a731-11e6-95ca-0011d823eebd)	Nessus	FreeBSD Local Security Checks	high
94665	RHEL 5 / 6 : flash-plugin (RHSA-2016:2676)	Nessus	Red Hat Local Security Checks	high
94642	MS16-141: Security Update for Adobe Flash Player (3202790)	Nessus	Windows : Microsoft Bulletins	high
94629	Adobe Flash Player for Mac <= 23.0.0.205 Multiple Vulnerabilities (APSB16-37)	Nessus	MacOS X Local Security Checks	high
94628	Adobe Flash Player <= 23.0.0.205 Multiple Vulnerabilities (APSB16-37)	Nessus	Windows	high

Detections

Analytics

CVE-2016-7862

high

Tenable Plugins

critical

high

high

high

high

high

high

high

high

high