Description
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.
Below is a complete list of vulnerabilities
- An unknown vulnerability at JIT can be exploited to bypass layout randomization;
- Type confusion vulnerability can be exploited to execute arbitrary code;
- Use-after-free vulnerability can be used by malicious users to execute arbitrary code via callback manipulation and other unspecified vector;
- Memory corruption vulnerability can be exploited to execute arbitrary code;
- Stack overflow vulnerability can be exploited to execute arbitrary code;
- An unknown vulnerability at directory search path can be exploited to bypass security restrictions;
- Unknown vulnerability can be exploited to cause denial of service or possibly execute arbitrary code./li>
Technical details
Vulnerability (1) can lead to ASLR bypass.
Vulnerability (2) can be exploited by overriding NetConnection object properties.
Vulnerability (3) can be exploited by flash.geom.Matrix callback and other unspecified vectors.
Vulnerability (5) can be exploited by using crafted JPEG-XR data.
Vulnerability (6) allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
To update Adobe Flash Player ActiveX (detected as Flash.ocx) on Windows 8 and higher, install latest updates from Control Panel
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
- CVE-2016-1013 critical
- CVE-2016-1014 high
- CVE-2016-1029 critical
- CVE-2016-1030 high
- CVE-2016-1031 critical
- CVE-2016-1032 critical
- CVE-2016-1033 critical
- CVE-2016-1012 critical
- CVE-2016-1019 critical
- CVE-2016-1020 critical
- CVE-2016-1016 critical
- CVE-2016-1015 critical
- CVE-2016-1018 critical
- CVE-2016-1017 critical
- CVE-2016-1021 critical
- CVE-2016-1022 critical
- CVE-2016-1023 critical
- CVE-2016-1024 critical
- CVE-2016-1025 critical
- CVE-2016-1026 critical
- CVE-2016-1027 critical
- CVE-2016-1028 critical
- CVE-2016-1006 high
- CVE-2016-1011 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com