Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-04


Vulnerability in Adobe Flash Player
Severity Rating: High
System Affected:  
  • Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier 
 
A vulnerability has been identified in Adobe Flash Player that could allow an unauthenticated, remote attacker to cause arbitrary code to be executed on the target user's system.
 
The vulnerability exists due to improper handling of regular expressions by the affected software. An attacker could exploit this vulnerability by using misleading language and persuading a user to open a malicious web page that contains crafted Flash content.
 
A successful exploitation of this vulnerability could trigger a stack-based buffer overflow condition in the RegExp class for specific search strategies, which the attacker could use to execute arbitrary code in the context of the current process.
 
Source:
Solution
Users are advised to apply updates.
More information is available on:
Cisco
 
Vendor Information
Adobe
 
CVE Information
 
References
Cisco
 
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis