Flash Player < 18.104.22.168 Multiple RCE (APSB17-28)
High Nessus Network Monitor Plugin ID 700425
SynopsisThe remote host is running an outdated version of Adobe Flash Player that is affected by multiple remote code execution (RCE) attack vectors.
DescriptionVersions of Adobe Flash Player prior to 22.214.171.124 are unpatched, and therefore affected by multiple vulnerabilities :
- An unspecified memory corruption flaw exists that is caused by input not being properly validated. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to to corrupt memory and potentially execute arbitrary code. (CVE-2017-11281, CVE-2017-11282)
SolutionUpgrade to Adobe Flash Player version 126.96.36.199 or later.