KLA10898 Code execution vulnerabilities in Adobe Flash Player

2016-11-08T00:00:00
ID KLA10898
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-06-18T00:00:00

Description

Detect date:

11/08/2016

Severity:

Critical

Description:

Multiple type confusion and use-after-free vulnerabilities were found in Adobe Flash Player. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely.

Affected products:

Adobe Flash Player versions earlier than 23.0.0.207
Adobe Flash Player for Linux versions earlier than 11.2.202.644

Solution:

Update to the latest version. If you have Flash Player ESR migrate to the current Flash Player release.
Adobe Flash Player download page

Original advisories:

Adobe advisory
Adobe Flash Player ESR end of support announcement

Impacts:

ACE

Related products:

Adobe Flash Player ActiveX

CVE-IDS:

CVE-2016-78659.3Critical
CVE-2016-78649.3Critical
CVE-2016-78639.3Critical
CVE-2016-78629.3Critical
CVE-2016-78619.3Critical
CVE-2016-78609.3Critical
CVE-2016-78599.3Critical
CVE-2016-78589.3Critical
CVE-2016-78579.3Critical

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.