Flash Player < 126.96.36.199 Multiple RCE (APSB17-28)
High Nessus Network Monitor Plugin ID 700425
SynopsisThe remote host is running an outdated version of Adobe Flash Player that is affected by multiple remote code execution (RCE) attack vectors.
DescriptionVersions of Adobe Flash Player prior to 188.8.131.52 are unpatched, and therefore affected by multiple vulnerabilities :
- An unspecified memory corruption flaw exists that is caused by input not being properly validated. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing specially crafted Flash content, to to corrupt memory and potentially execute arbitrary code. (CVE-2017-11281, CVE-2017-11282)
SolutionUpgrade to Adobe Flash Player version 184.108.40.206 or later.