Flash Player < 11.2.202.616 / 18.0.0.343 / 21.0.0.213 Multiple Vulnerabilities (APSB16-10)

critical Nessus Network Monitor Plugin ID 9276

Synopsis

The remote host is running an outdated version of Adobe Flash Player that is affected by multiple vulnerabilities.

Description

Versions of Adobe Flash Player prior to 11.2.202.616, 18.0.0.343, or 21.0.0.213 are outdated and thus unpatched for the following vulnerabilities :

- A JIT Spraying Attack vulnerability exists that may allow a context-dependent attacker to disable the Address Space Layout Randomization (ASLR) feature, potentially allowing them to more easily conduct more severe attacks. (CVE-2016-1006)
- A use-after-free error exists, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1011)
- An unspecified flaw exists that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1012)
- An unspecified use-after-free error exists, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1013)
- An unspecified flaw exists in the handling of directory search paths that may allow a context-dependent attacker to gain unauthorized access to potentially sensitive resources. (CVE-2016-1014)
- A type confusion flaw exists that is triggered when handling AS2 NetConnection objects. This may allow a context-dependent attacker to execute arbitrary code. (CVE-2016-1015)
- A use-after-free error exists that is triggered when setting a special callback on the 'flash.geom.Matrix object'. This may allow a context-dependent attacker to dereference already freed memory and execute arbitrary code. (CVE-2016-1016)
- A use-after-free error exists that is triggered during 'LoadVars.decode' handling. This may allow a context-dependent attacker to dereference already freed memory and execute arbitrary code. (CVE-2016-1017)
- An overflow condition exists that is triggered when handling JPEG-XR compressed image content. The issue lies in the failure to properly check that an index is within the bounds of a buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. (CVE-2016-1018)
- A type confusion flaw exists in the ASnative API that may allow a context-dependent attacker to potentially execute arbitrary code. Adobe states that this issue is being actively exploited against systems running Windows. Current exploits only target version 20.0.0.306 and earlier due to a mitigation implemented in version 21.0.0.182 and later. (CVE-2016-1019)
- A number of unspecified flaws exists that are triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)
- An unspecified flaw exists that may allow a context-dependent attacker to bypass security features. No further details have been provided by the vendor. (CVE-2016-1030)
- A use-after-free error exists, which may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. No further details have been provided by the vendor.(CVE-2016-1031)

Solution

Upgrade to Adobe Flash Player version 21.0.0.213 or later. If 21.x cannot be obtained, versions 18.0.0.343 and 11.2.202.616 have also been patched for these vulnerabilities.

See Also

https://helpx.adobe.com/security/products/flash-player/apsa16-01.html

https://helpx.adobe.com/security/products/flash-player/apsb16-10.html

https://technet.microsoft.com/library/security/ms16-050

Plugin Details

Severity: Critical

ID: 9276

Family: Web Clients

Published: 5/20/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Patch Publication Date: 4/7/2016

Vulnerability Publication Date: 3/16/2016

Reference Information

CVE: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033