Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-28


Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code
Severity Rating: High
Systems Affected:
  • Adobe Flash Player Desktop Runtime versions 24.0.0.194 and earlier for Windows, Macintosh and Linux
  • Adobe Flash Player for Google Chrome versions 24.0.0.194 and earlier for Windows, Macintosh, Linux and Chrome OS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 24.0.0.194 and earlier for Windows 10 and 8.1
Description
Multiple vulnerabilities have been reported in Adobe Flash Player and they can be exploited by remote attackers to cause execution of arbitrary code on the affected systems. The vulnerabilities reported are as follows:
 
·         A type confusion vulnerability occurs that could lead to code execution
·         An integer overflow vulnerability occurs that could lead to code execution
·         A use-after-free vulnerability occurs that could lead to code execution
·         Several heap buffer overflow vulnerabilities occur that could lead to code execution
·         Multiple memory corruption vulnerabilities occur that could lead to code execution
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
CVE Information
 
 
Vendor Information
Adobe
  
References
Security Tracker
 
Adobe
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis