Lucene search

K
archlinuxArchLinuxASA-201610-18
HistoryOct 26, 2016 - 12:00 a.m.

[ASA-201610-18] flashplugin: arbitrary code execution

2016-10-2600:00:00
security.archlinux.org
493

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.133

Percentile

95.7%

Arch Linux Security Advisory ASA-201610-18

Severity: Critical
Date : 2016-10-26
CVE-ID : CVE-2016-7855
Package : flashplugin
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE

Summary

The package flashplugin before version 11.2.202.643-1 is vulnerable to
arbitrary code execution.

Resolution

Upgrade to 11.2.202.643-1.

pacman -Syu β€œflashplugin>=11.2.202.643-1”

The problem has been fixed upstream in version 11.2.202.643.

Workaround

None.

Description

A use-after-free vulnerability leading to code execution has been
found in Adobe Flash Player.

Impact

A remote attacker can execute arbitrary code on the affected host.

References

https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
https://access.redhat.com/security/cve/CVE-2016-7855

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyflashplugin<Β 11.2.202.643-1UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.133

Percentile

95.7%