SynopsisThe remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
DescriptionThe version of Adobe Flash Player installed on the remote Windows host is prior or equal to version 126.96.36.199. It is, therefore, affected by multiple vulnerabilities :
- An Address Space Layout Randomization (ASLR) bypass vulnerability exists that allows an attacker to predict memory offsets in the call stack. (CVE-2016-1006)
- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031)
- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)
- A directory search path vulnerability exists that allows an attacker to disclose sensitive resources.
- Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1015, CVE-2016-1019)
- An overflow condition exists that is triggered when handling JPEG-XR compressed image content. An attacker can exploit this to execute arbitrary code.
- An unspecified security bypass vulnerability exists.
SolutionUpgrade to Adobe Flash Player version 188.8.131.52 or later.
Alternatively, Adobe has made version 184.108.40.2063 available for those installations that cannot be upgraded to the latest version.