Kaspersky LabKLA10772KLA10772 Multiple vulnerabilities in Adobe Flash Player & AIR
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.2%
Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.
Below is a complete list of vulnerabilities
- Integer overflow vulnerability can be exploited to execute arbitrary code;
- An unknown vulnerability can be exploited via a specially designed MPEG-4 data to cause denial of service or execute arbitrary code;
- An unknown vulnerability can be exploited to cause denial of service or execute arbitrary code;
- Buffer overflow vulnerability can be exploited to cause denial of service or execute arbitrary code;
- Use-after-free vulnerability can be exploited to execute arbitrary code.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2016-0995 critical
CVE-2016-0996 critical
CVE-2016-0997 critical
CVE-2016-0998 critical
CVE-2016-0991 critical
CVE-2016-0992 critical
CVE-2016-0993 critical
CVE-2016-0994 critical
CVE-2016-0989 critical
CVE-2016-0990 critical
CVE-2016-0988 critical
CVE-2016-0987 critical
CVE-2016-0986 critical
CVE-2016-0963 critical
CVE-2016-0962 critical
CVE-2016-0961 critical
CVE-2016-0960 critical
CVE-2016-1002 critical
CVE-2016-1001 high
CVE-2016-1010 critical
CVE-2016-1005 critical
CVE-2016-1000 critical
CVE-2016-0999 critical
Solution
Update to the latest versionGet AIR
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Adobe Flash Player versions earlier than 21.0.0.182Adobe Flash Player ESR versions earlier than 18.0.0.333Adobe Flash Player for Linux versions earlier than 11.2.202.577Adobe AIR versions earlier than 21.0.0.176
References
helpx.adobe.com/security/products/flash-player/apsb16-08.html
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Adobe-AIR/
threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/
threats.kaspersky.com/en/product/Adobe-Flash-Player-NPAPI/
threats.kaspersky.com/en/product/Adobe-Flash-Player-PPAPI/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.2%