Kaspersky LabKLA10839KLA10839 Multiple vulnerabilities in Adobe Flash Player
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.867 High
EPSS
Percentile
98.6%
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and possibly cause denial of service.
Below is a complete list of vulnerabilities
- Race condition and lack of restrictions vulnerabilities could be exploited remotely to obtain sensitive information;
- Type confusion, heap buffer overflow, use-after-free and memory corruption vulnerabilities could be exploited remotely to execute arbitrary code;
- Memory leak vulnerability can be exploited remotely to cause denial of service.
Technical details
To update Adobe Flash Player ActiveX (detected as Flash.ocx) on Windows 8 and higher, install latest updates from Control Panel
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2016-4217 critical
CVE-2016-4218 critical
CVE-2016-4219 critical
CVE-2016-4220 critical
CVE-2016-4221 critical
CVE-2016-4222 high
CVE-2016-4223 high
CVE-2016-4224 high
CVE-2016-4225 high
CVE-2016-4226 critical
CVE-2016-4227 critical
CVE-2016-4228 critical
CVE-2016-4229 critical
CVE-2016-4230 critical
CVE-2016-4231 critical
CVE-2016-4232 warning
CVE-2016-4233 critical
CVE-2016-4234 critical
CVE-2016-4235 critical
CVE-2016-4236 critical
CVE-2016-4237 critical
CVE-2016-4238 critical
CVE-2016-4239 critical
CVE-2016-4249 critical
CVE-2016-4248 critical
CVE-2016-4247 warning
CVE-2016-4246 critical
CVE-2016-4245 critical
CVE-2016-4244 critical
CVE-2016-4243 critical
CVE-2016-4242 critical
CVE-2016-4241 critical
CVE-2016-4240 critical
CVE-2016-4172 critical
CVE-2016-4173 critical
CVE-2016-4174 critical
CVE-2016-4175 critical
CVE-2016-4176 critical
CVE-2016-4177 critical
CVE-2016-4178 warning
CVE-2016-4179 critical
CVE-2016-4180 critical
CVE-2016-4181 critical
CVE-2016-4182 critical
CVE-2016-4183 critical
CVE-2016-4184 critical
CVE-2016-4185 critical
CVE-2016-4186 critical
CVE-2016-4187 critical
CVE-2016-4188 critical
CVE-2016-4189 critical
CVE-2016-4190 critical
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Adobe Flash Player versions earlier than 22.0.0.209Adobe Flash Player for Linux versions earlier than 11.2.202.623Adobe Flash Player Extended Support Release versions earlier than 18.0.0.366
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.867 High
EPSS
Percentile
98.6%