Detections
Analytics

Flash Player < 11.2.202.626 / 18.0.0.360 / 22.0.0.192 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9391

Synopsis

The remote host is running an outdated version of Adobe Flash Player that is affected by multiple vulnerabilities.

Description

Versions of Adobe Flash Player prior to 11.2.202.626, 18.0.0.360, or 22.0.0.192 are outdated and thus unpatched for the following vulnerabilities :

 - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-4144, CVE-2016-4149)
 - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148)
 - Multiple unspecified memory corruption flaws exists that are triggered when user-supplied input is not properly validated. (CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4126, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4133, CVE-2016-4134, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166)
 - Unspecified Heap Buffer Overflow conditions exists when an overflow condition is triggered as user-supplied input and is not properly validated when handling ATF files. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-4135)
 - A double-free flaw exists, which may be triggered as user-supplied input is not properly validated when handling JXR files. This may allow a context-dependent attacker to free already freed memory and potentially execute arbitrary code. (CVE-2016-4136)
 - A heap buffer overflow flaw exists when an overflow condition that is triggered as user-supplied input is not properly validated when handling ATF image packing. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-4138)
 - A flaw is triggered as user-supplied input is not properly validated when handling LMZA property decoding. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4137)
 - An unspecified memory corruption flaw exists, which is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-4141)
 - A flaw is triggered when loading certain dynamic-link libraries. By placing a specially crafted library in the path and tricking a user into opening a file, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program. (CVE-2016-4140)
 - An unspecified flaw exists, which may allow a context-dependent attacker to bypass the same-origin policy and gain access to potentially sensitive information. (CVE-2016-4166)

Solution

Upgrade to Adobe Flash Player version 22.0.0.192 or later. If 22.x cannot be obtained, versions 18.0.0.360 and 11.2.202.626 have also been patched for these vulnerabilities.

See Also

https://helpx.adobe.com/security/products/flash-player/apsb16-18.html

Plugin Details

Severity: Critical

ID: 9391

Family: Web Clients

Published: 6/12/2016

Updated: 3/6/2019

Nessus ID: 91670, 91671

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Patch Publication Date: 6/16/2016

Vulnerability Publication Date: 6/16/2016

Reference Information

CVE: CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4133, CVE-2016-4134, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166