|
Systems Affected
Adobe Flash Player Desktop Runtime versions
27.0.0.159 and earlier for Windows, Macintosh and Linux
Adobe Flash Player for Google Chrome versions 27.0.0.159 and earlier for Windows,
Macintosh, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 27.0.0.159 and
earlier for Windows 10 and 8.1
Threat Level
Overview
The reported vulnerability has the ability to allow an unauthenticated, remote
attacker to execute arbitrary code on the target system.
Description
The vulnerability occurs
due to improper memory operations by the affected software which could trigger a type
confusion error condition. A remote attacker could exploit this vulnerability by
convincing a user to open or visit link that contains specially crafted Flash content.
If the remote attacker is able to successfully exploit the vulnerability it could
allow him to execute arbitrary code with the privileges of currently logged-in user or
could take full control of the affected system.
Adobe has confirmed the vulnerability in a security bulletin and released software
updates.
Impact
Solution/ Workarounds
Users and Administrators should apply appropriate security updates as
mentioned in the Adobe Security Bulletin APSB17-32
Users must not open email messages from suspicious or unrecognized sources.
Administrators should implement an intrusion prevention system (IPS) or intrusion
detection system (IDS) to help detect and prevent attacks that attempt to exploit this
vulnerability.
References
http://www.cert-in.org.in/
https://tools.cisco.com/security/center/viewAlert.x?alertId=55624
Disclaimer
The information provided herein is on "as is" basis, without warranty of any
kind.
|
