Flash Player < 21.0.0.182 Multiple Vulnerabilities (APSB16-08)

Versions of Adobe Flash Player prior to 21.0.0.182 are outdated and thus unpatched for the following vulnerabilities :

• A flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992)
• An integer overflow condition exists that is triggered as user-supplied input is not properly validated. This may potentially allow a context-dependent attacker to execute arbitrary code. (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010)
• A flaw exists that contains a use-after-free error and is triggered when handling the ‘Sound.setTransform()’ method. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0987)
• A flaw exists that contains a use-after-free error that is triggered when handling the ‘setInterval()’ method. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0988)
• A flaw exists and contains a use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0990, CVE-2016-0991)
• A flaw exists that contains a use-after-free error that is triggered when manipulating arguments passed to the ‘actionCallMethod’ opcode. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0994)
• A flaw exists that contains a use-after-free error that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0995)
• A flaw exists that contains a use-after-free error in the ‘setInterval()’ method that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0996)
• A flaw exists that contains a use-after-free error that is triggered when handling the ‘MovieClip.swapDepths()’ method. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0997)
• A flaw exists that contains a use-after-free error that is triggered when handling the ‘Object.unwatch()’ method. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0998)
• A flaw exists that contains a use-after-free error that is triggered when handling the ‘AsBroadcaster.broadcastMessage()’ method. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-0999)
• A flaw exists that contains a use-after-free error that is triggered when creating sprites. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1000)
• A flaw exists that contains an overflow condition in the ‘zlib codecs’ that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow and potentially execute arbitrary code. (CVE-2016-1001)
• A flaw exists that is triggered as user-supplied input is not properly validated when handling shape rendering. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1002)
• A flaw exists that is triggered when handling a specially crafted MP4 file. This may allow a context-dependent attacker to dereference an uninitialized pointer and potentially execute arbitrary code. (CVE-2016-1005)