Korean

<< Back VID 50100 Severity 40 Port 139,445 Protocol TCP Class SMB Detailed Description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 22.0.0.211. It is, therefore, affected by multiple vulnerabilities : - Multiple security bypass vulnerabilities exist that allow an unauthenticated, remote attacker to disclose sensitive information. (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278) - Multiple use-after-free errors exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932) - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924) - An integer overflow condition exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-4287) * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts. * References: https://helpx.adobe.com/security/products/flash-player/apsb16-29.html https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html * Platforms Affected: Adobe Flash Player prior to 22.0.0.211 Apple Mac OS X Any version Linux Any version Microsoft Windows Any version Recommendation Upgrade to the latest version of Adobe Flash Player (22.0.0.211 later), available from the Adobe Web site at http://get.adobe.com/flashplayer/ Related URL CVE-2016-4271,CVE-2016-4272,CVE-2016-4274,CVE-2016-4275,CVE-2016-4276,CVE-2016-4277,CVE-2016-4278,CVE-2016-4279,CVE-2016-4280,CVE-2016-4281 (CVE) Related URL (SecurityFocus) Related URL (ISS)