Multiple vulnerabilities in Adobe Flash Player

Description

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and possibly cause denial of service.

Below is a complete list of vulnerabilities

1. Race condition and lack of restrictions vulnerabilities could be exploited remotely to obtain sensitive information;
2. Type confusion, heap buffer overflow, use-after-free and memory corruption vulnerabilities could be exploited remotely to execute arbitrary code;
3. Memory leak vulnerability can be exploited remotely to cause denial of service.

---

Technical details

To update Adobe Flash Player ActiveX (detected as Flash.ocx) on Windows 8 and higher, install latest updates from Control Panel

Original advisories

• Adobe original advisory

Exploitation

Public exploits exist for this vulnerability.

Related products

• Adobe-Flash-Player-ActiveX
• Adobe-Flash-Player-NPAPI
• Adobe-Flash-Player-PPAPI

CVE list

• CVE-2016-4217
  critical
• CVE-2016-4218
  critical
• CVE-2016-4219
  critical
• CVE-2016-4220
  critical
• CVE-2016-4221
  critical
• CVE-2016-4222
  high
• CVE-2016-4223
  high
• CVE-2016-4224
  high
• CVE-2016-4225
  high
• CVE-2016-4226
  critical
• CVE-2016-4227
  critical
• CVE-2016-4228
  critical
• CVE-2016-4229
  critical
• CVE-2016-4230
  critical
• CVE-2016-4231
  critical
• CVE-2016-4232
  warning
• CVE-2016-4233
  critical
• CVE-2016-4234
  critical
• CVE-2016-4235
  critical
• CVE-2016-4236
  critical
• CVE-2016-4237
  critical
• CVE-2016-4238
  critical
• CVE-2016-4239
  critical
• CVE-2016-4249
  critical
• CVE-2016-4248
  critical
• CVE-2016-4247
  warning
• CVE-2016-4246
  critical
• CVE-2016-4245
  critical
• CVE-2016-4244
  critical
• CVE-2016-4243
  critical
• CVE-2016-4242
  critical
• CVE-2016-4241
  critical
• CVE-2016-4240
  critical
• CVE-2016-4172
  critical
• CVE-2016-4173
  critical
• CVE-2016-4174
  critical
• CVE-2016-4175
  critical
• CVE-2016-4176
  critical
• CVE-2016-4177
  critical
• CVE-2016-4178
  warning
• CVE-2016-4179
  critical
• CVE-2016-4180
  critical
• CVE-2016-4181
  critical
• CVE-2016-4182
  critical
• CVE-2016-4183
  critical
• CVE-2016-4184
  critical
• CVE-2016-4185
  critical
• CVE-2016-4186
  critical
• CVE-2016-4187
  critical
• CVE-2016-4188
  critical
• CVE-2016-4189
  critical
• CVE-2016-4190
  critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com