Adobe Flash Player <= 23.0.0.185 Arbitrary Code Execution (APSB16-36)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a browser plugin installed that is
affected by an arbitrary code execution vulnerability.

Description :

The version of Adobe Flash Player installed on the remote Windows host
is equal or prior to version 23.0.0.185. It is, therefore, affected by
an arbitrary code execution vulnerability due to a use-after-free
error. An unauthenticated, remote attacker can exploit this, by
convincing a user to visit a website containing specially crafted
Flash content, to dereference already freed memory, resulting in the
execution of arbitrary code in the context of the current user.

See also :

https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
http://www.nessus.org/u?0cb17c10

Solution :

Upgrade to Adobe Flash Player version 23.0.0.205 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 94334 ()

Bugtraq ID: 93861

CVE ID: CVE-2016-7855

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now