Flash Player < 24.0.0.221 Multiple Vulnerabilities (APSB17-04)

Versions of Adobe Flash Player prior to 24.0.0.221 are unpatched, and therefore affected by the following vulnerabilities :

• An unspecified use-after-free error exists that may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided. (CVE-2017-2982, CVE-2017-2985, CVE-2017-2993)
• An overflow condition that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-2984)
• An overflow condition exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-2986, CVE-2017-2992)
• An unspecified integer overflow condition exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2987)
• A flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996)
• An out-of-bounds access flaw exists that is triggered during the handling of a specially crafted ‘MediaPlayer’ object. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2994)
• A type confusion flaw exists that is triggered during the handling of specially crafted ‘MessageChannel’ objects. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-2995)