| VID |
50094 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 22.0.0.192. It is, therefore, affected by multiple Vulnerabilities :
- Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246)
- Multiple use-after-free errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4248)
- Multiple stack corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-4176, CVE-2016-4177)
- A security bypass vulnerability exists that allows a remote attacker to disclose sensitive information. (CVE-2016-4178)
- Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225)
- An unspecified memory leak issue exists that allows an attacker to have an unspecified impact. (CVE-2016-4232)
- A race condition exists that allows a remote attacker to disclose sensitive information. (CVE-2016-4247)
- A heap buffer overflow condition exists that allows a remote attacker to execute arbitrary code. (CVE-2016-4249)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
* Platforms Affected:
Adobe Flash Player equal or prior to 22.0.0.192
Apple Mac OS X Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Adobe Flash Player (22.0.0.192 later), available from the Adobe Web site at http://get.adobe.com/flashplayer/ |
| Related URL |
CVE-2016-4172,CVE-2016-4173,CVE-2016-4174,CVE-2016-4175,CVE-2016-4176,CVE-2016-4177,CVE-2016-4178,CVE-2016-4179,CVE-2016-4180,CVE-2016-4181 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
