MS16-022: Security Update for Adobe Flash Player (3135782)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a browser plugin installed that is
affected by multiple vulnerabilities.

Description :

The remote Windows host is missing KB3135782. It is, therefore,
affected by multiple vulnerabilities :

- A type confusion error exists that allows a remote
attacker to execute arbitrary code. (CVE-2016-0985)

- Multiple use-after-free errors exist that allow a remote
attacker to execute arbitrary code. (CVE-2016-0973,
CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,
CVE-2016-0983, CVE-2016-0984)

- A heap buffer overflow condition exist that allows an
attacker to execute arbitrary code. (CVE-2016-0971)

- Multiple memory corruption issues exist that allow a
remote attacker to execute arbitrary code.
(CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,
CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,
CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,
CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,
CVE-2016-0980, CVE-2016-0981)

See also :

https://technet.microsoft.com/library/security/MS16-022
https://helpx.adobe.com/security/products/flash-player/apsb16-04.html

Solution :

Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,
2012 R2, and 10.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true