MS KB3049508: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
High Nessus Plugin ID 82823
SynopsisThe remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
DescriptionThe remote Windows host is missing KB3049508. It is, therefore, affected by the following vulnerabilities :
- Multiple double-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-0346, CVE-2015-0359)
- Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.
(CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)
- A unspecified buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
- Multiple unspecified use-after-free errors exist that allow an attacker to execute arbitrary code.
(CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039)
- An unspecified type confusion flaw exists that allows an attacker to execute arbitrary code. (CVE-2015-0356)
- Multiple unspecified memory leaks exist that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-0357, CVE-2015-3040)
- An unspecified security bypass flaw exists that allows an attacker to disclose information. (CVE-2015-3044)
SolutionInstall Microsoft KB3049508.