Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201702-16
HistoryFeb 17, 2017 - 12:00 a.m.

[ASA-201702-16] lib32-flashplugin: arbitrary code execution

2017-02-1700:00:00
security.archlinux.org
7

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.945 High

EPSS

Percentile

99.2%

JSON

Arch Linux Security Advisory ASA-201702-16

Severity: Critical
Date : 2017-02-17
CVE-ID : CVE-2017-2982 CVE-2017-2984 CVE-2017-2985 CVE-2017-2987
CVE-2017-2988 CVE-2017-2990 CVE-2017-2991 CVE-2017-2992
CVE-2017-2993 CVE-2017-2994 CVE-2017-2995 CVE-2017-2996
Package : lib32-flashplugin
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-177

Summary

The package lib32-flashplugin before version 24.0.0.221-1 is vulnerable
to arbitrary code execution.

Resolution

Upgrade to 24.0.0.221-1.

pacman -Syu “lib32-flashplugin>=24.0.0.221-1”

The problems have been fixed upstream in version 24.0.0.221.

Workaround

None.

Description

  • CVE-2017-2982 (arbitrary code execution)

A use-after-free vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2984 (arbitrary code execution)

A heap-based buffer overflow vulnerability possibly leading to code
execution has been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2985 (arbitrary code execution)

A use-after-free vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2987 (arbitrary code execution)

An integer overflow vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2988 (arbitrary code execution)

A memory corruption vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2990 (arbitrary code execution)

A memory corruption vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2991 (arbitrary code execution)

A memory corruption vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2992 (arbitrary code execution)

A heap-based buffer overflow vulnerability possibly leading to code
execution has been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2993 (arbitrary code execution)

A use-after-free vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2994 (arbitrary code execution)

A use-after-free vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2995 (arbitrary code execution)

A type confusion vulnerability possibly leading to code execution has
been found in Adobe Flash Player < 24.0.0.221.

  • CVE-2017-2996 (arbitrary code execution)

A memory corruption vulnerability possibly leading to code execution
has been found in Adobe Flash Player < 24.0.0.221.

Impact

A remote attacker can execute arbitrary code on the affected host.

References

https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
https://security.archlinux.org/CVE-2017-2982
https://security.archlinux.org/CVE-2017-2984
https://security.archlinux.org/CVE-2017-2985
https://security.archlinux.org/CVE-2017-2987
https://security.archlinux.org/CVE-2017-2988
https://security.archlinux.org/CVE-2017-2990
https://security.archlinux.org/CVE-2017-2991
https://security.archlinux.org/CVE-2017-2992
https://security.archlinux.org/CVE-2017-2993
https://security.archlinux.org/CVE-2017-2994
https://security.archlinux.org/CVE-2017-2995
https://security.archlinux.org/CVE-2017-2996

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanylib32-flashplugin< 24.0.0.221-1UNKNOWN

Related

archlinux 1
openvas 8
nessus 10
mageia 1
mscve 1
redhat 2
kaspersky 1
redhatcve 20
altlinux 1
suse 1
gentoo 1
cve 12
checkpoint_advisories 12
ubuntucve 12
zdi 3
prion 12
cvelist 12
nvd 12
seebug 1
zdt 3
symantec 1
archlinux
archlinux
[ASA-201702-15] flashplugin: arbitrary code execution
2017-02-17 00:00:00
openvas
openvas
Microsoft IE And Microsoft Edge Multiple Flash Player Vulnerabilities (4010250)
2017-03-09 00:00:00
Adobe Flash Player Security Update (APSB17-04) - Windows
2017-02-15 00:00:00
Adobe Flash Player Security Update (APSB17-04) - Mac OS X
2017-02-15 00:00:00
nessus
nessus
RHEL 6 : flash-plugin (RHSA-2017:0275)
2017-02-16 00:00:00
MS17-005: Security Update for Adobe Flash Player (4010250)
2017-02-22 00:00:00
Adobe Flash Player <= 24.0.0.194 Multiple Vulnerabilities (APSB17-04)
2017-02-14 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerability
2017-03-12 23:33:36
mscve
mscve
February 2017 Adobe Flash Security Update
2017-02-21 08:00:00
redhat
redhat
(RHSA-2017:0275) Critical: flash-plugin security update
2017-02-15 10:29:10
(RHSA-2017:0526) Critical: flash-plugin security update
2017-03-15 12:06:09
kaspersky
kaspersky
KLA10960 Code execution vulnerabilities in Adobe Flash Player
2017-02-14 00:00:00
redhatcve
redhatcve
CVE-2017-2993
2017-02-14 20:19:14
CVE-2017-2990
2017-02-14 20:19:08
CVE-2017-2986
2017-02-14 20:18:35
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:24-alt0.M70P.3
2017-02-17 00:00:00
suse
suse
Security update for flash-player (important)
2017-02-20 18:09:26
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2017-02-20 00:00:00
cve
cve
CVE-2017-2994
2017-02-15 06:59:00
CVE-2017-2996
2017-02-15 06:59:00
CVE-2017-2993
2017-02-15 06:59:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Use After Free Code Execution (APSB17-04: CVE-2017-2994)
2017-02-14 00:00:00
Adobe Flash Player Heap Buffer Overflow (APSB17-04: CVE-2017-2984)
2017-02-14 00:00:00
Adobe Flash Player Memory Corruption (APSB17-04: CVE-2017-2991)
2017-02-14 00:00:00
ubuntucve
ubuntucve
CVE-2017-2994
2017-02-15 00:00:00
CVE-2017-2991
2017-02-15 00:00:00
CVE-2017-2993
2017-02-15 00:00:00
zdi
zdi
Adobe Flash PSDKEvent Use-After-Free Remote Code Execution Vulnerability
2017-04-19 00:00:00
Adobe Flash Player MediaPlayer Out-Of-Bounds Access Remote Code Execution Vulnerability
2017-02-14 00:00:00
Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Vulnerability
2017-02-14 00:00:00
prion
prion
Design/Logic Flaw
2017-02-15 06:59:00
Memory corruption
2017-02-15 06:59:00
Heap overflow
2017-02-15 06:59:00
cvelist
cvelist
CVE-2017-2996
2017-02-15 06:11:00
CVE-2017-2994
2017-02-15 06:11:00
CVE-2017-2991
2017-02-15 06:11:00
nvd
nvd
CVE-2017-2994
2017-02-15 06:59:00
CVE-2017-2991
2017-02-15 06:59:00
CVE-2017-2984
2017-02-15 06:59:00
seebug
seebug
Adobe Flash: Use-after-free in applying bitmapfilter (CVE-2017-2985)
2017-02-23 00:00:00
zdt
zdt
Adobe Flash - Use-After-Free in Applying Bitmap Filter Exploit
2017-02-22 00:00:00
Adobe Flash - SWF Stack Corruption Exploit
2017-02-22 00:00:00
Adobe Flash - MP4 AMF Parsing Overflow Exploit
2017-02-22 00:00:00
symantec
symantec
Adobe Flash Player CVE-2017-2995 Type Confusion Remote Code Execution Vulnerability
2017-02-14 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.945 High

EPSS

Percentile

99.2%

JSON
Related for ASA-201702-16
archlinux1openvas8nessus10mageia1mscve1redhat2kaspersky1redhatcve20altlinux1suse1gentoo1cve12checkpoint_advisories12ubuntucve12zdi3prion12cvelist12nvd12seebug1zdt3symantec1