Kaspersky LabKLA10758KLA10758 Obsolete Adobe Flash Player for Windows
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.93 High
EPSS
Percentile
99.1%
Microsoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10757.
Technical details
To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from running on Internet Explorer via Group Policy, prevent Adobe FP from running in Office 2010, prevent ActiveX controls from running in Office 2007 & 2010, set security zones settings to “High” to block kind of content, configure IE to prompt before running kind of content, use IE Trusted sites zone. For further instructions you can read original Microsoft advisory listed below.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2016-0985 critical
CVE-2016-0983 critical
CVE-2016-0984 critical
CVE-2016-0981 critical
CVE-2016-0982 critical
CVE-2016-0964 critical
CVE-2016-0965 critical
CVE-2016-0966 critical
CVE-2016-0967 critical
CVE-2016-0968 critical
CVE-2016-0969 critical
CVE-2016-0970 critical
CVE-2016-0972 critical
CVE-2016-0971 critical
CVE-2016-0976 critical
CVE-2016-0975 critical
CVE-2016-0974 critical
CVE-2016-0973 critical
CVE-2016-0980 critical
CVE-2016-0979 critical
CVE-2016-0978 critical
CVE-2016-0977 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Windows 8 for 32-bit SystemsWindows 8 for 64-bit SystemsWindows Server 2012Windows RTWindows 8.1 for 32-bit SystemsWindows 8.1 for 64-bit SystemsWindows Server 2012 R2Windows RT 8.1Windows 10 for 32-bit SystemsWindows 10 for 64-bit Systems
References
support.microsoft.com/kb/3135782
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0964
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0965
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0966
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0967
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0968
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0969
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0970
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0971
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0972
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0973
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0974
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0975
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0976
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0977
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0978
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0979
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0980
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0981
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0982
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0983
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0984
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0985
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.93 High
EPSS
Percentile
99.1%