KLA10879 Multiple vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.

Below is a complete list of vulnerabilities

1. Type confusion, use-after-free and memory corruption vulnerabilities could be exploited remotely to execute arbitrary code;
2. An unknown vulnerability can be exploited remotely to bypass security restrictions;

Technical details

To update Adobe Flash Player ActiveX (detected as Flash.ocx) on Windows 8 and higher, install latest updates from Control Panel

Original advisories

Adobe bulletin

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Flash-Player-ActiveX

Adobe-Flash-Player-NPAPI

Adobe-Flash-Player-PPAPI

CVE list

CVE-2016-6981 critical

CVE-2016-6982 critical

CVE-2016-6983 critical

CVE-2016-6984 critical

CVE-2016-6985 critical

CVE-2016-6986 critical

CVE-2016-6987 critical

CVE-2016-6989 critical

CVE-2016-6990 critical

CVE-2016-6992 critical

CVE-2016-4273 critical

CVE-2016-4286 critical

Solution

Update to the latest version

Get Adobe Flash Player

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

• Adobe Flash Player versions earlier than 23.0.0.185Adobe Flash Player Extended Support Release versions earlier than 18.0.0.382Adobe Flash Player for Linux versions earlier than 11.2.202.637