Beschreibung
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or execute arbitrary code.
Below is a complete list of vulnerabilities:
- Vulnerability related to handling TCP connections can be exploited remotely to bypass security restrictions;
- Use-after-free vulnerabilities in the ActionScript MovieClip and FileReference classes (when using class inheritance) can be exploited remotely to execute arbitrary code;
- Heap buffer overflow vulnerabilities occuring while processing Adobe Texture Format files or Flash Video container file format can be exploited remotely to execute arbitrary code;
- Heap buffer overflow vulnerability related to texture compression can be exploited remotely to execute arbitrary code;
- Memory corruption vulnerability in the JPEG XR codec can be exploited remotely to execute arbitrary code;
- Memory corruption vulnerabilities related to processing of atoms of MP4 files, setting visual mode effects and parsing metadata can be exploited remotely to execute arbitrary code;
- Memory corruption vulnerability occuring while manipulating a display list because of a concurrency error can be exploited remotely to execute arbitrary code.
Technical details
To update Adobe Flash Player ActiveX (detected as Flash.ocx) on Windows 8 and higher, install latest updates from Control Panel
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-2925 critical
- CVE-2017-2926 critical
- CVE-2017-2927 critical
- CVE-2017-2928 critical
- CVE-2017-2930 critical
- CVE-2017-2931 critical
- CVE-2017-2932 critical
- CVE-2017-2933 critical
- CVE-2017-2934 critical
- CVE-2017-2935 critical
- CVE-2017-2936 critical
- CVE-2017-2937 critical
- CVE-2017-2938 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!