MS16-093: Security Update for Adobe Flash Player (3174060)
High Nessus Plugin ID 92024
Synopsis
The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities.
Description
The remote Windows host is missing KB3174060. It is, therefore, affected by multiple vulnerabilities :
- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246)
- Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248, CVE-2016-7020)
- Multiple stack corruption issues exist that allow a remote attacker to execute arbitrary code.
(CVE-2016-4176, CVE-2016-4177)
- A security bypass vulnerability exists that allows a remote attacker to disclose sensitive information.
(CVE-2016-4178)
- Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225)
- An unspecified memory leak issue exists that allows an attacker to have an unspecified impact. (CVE-2016-4232)
- A race condition exists that allows a remote attacker to disclose sensitive information. (CVE-2016-4247)
- A heap buffer overflow condition exists that allows a remote attacker to execute arbitrary code.
(CVE-2016-4249)
Solution
Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10.