MS KB3021953: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
High Nessus Plugin ID 81209
SynopsisThe remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
DescriptionThe remote host is missing KB3021953. It is, therefore, affected by the following vulnerabilities :
- Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322)
- Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330)
- Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319)
- Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327)
- A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324)
- Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328)
- A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code.
SolutionInstall Microsoft KB3021953.