Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Adobe Flash Player Remote code execution vulnerability

 

Systems Affected


Adobe Flash Player Desktop Runtime versions 27.0.0.159 and earlier for Windows, Macintosh and Linux
Adobe Flash Player for Google Chrome versions 27.0.0.159 and earlier for Windows, Macintosh, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 27.0.0.159 and earlier for Windows 10 and 8.1

Threat Level


High


Overview


The reported vulnerability has the ability to allow an unauthenticated, remote attacker to execute arbitrary code on the target system.


Description


The vulnerability occurs due to improper memory operations by the affected software which could trigger a type confusion error condition. A remote attacker could exploit this vulnerability by convincing a user to open or visit link that contains specially crafted Flash content. If the remote attacker is able to successfully exploit the vulnerability it could allow him to execute arbitrary code with the privileges of currently logged-in user or could take full control of the affected system. Adobe has confirmed the vulnerability in a security bulletin and released software updates.


Impact



Solution/ Workarounds


Users and Administrators should apply appropriate security updates as mentioned in the Adobe Security Bulletin APSB17-32 Users must not open email messages from suspicious or unrecognized sources. Administrators should implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.


References


http://www.cert-in.org.in/
https://tools.cisco.com/security/center/viewAlert.x?alertId=55624


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.