Published on: 15 February 2017
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by integer overflow, heap buffer overflow, use-after-free error, memory corruption, and type confusion. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted Flash file, web page or document that supports embedded Flash content.
A successful exploitation could lead to arbitrary code execution or potentially take control of the affected system.
Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
Currently, the patch for Adobe Flash Player 24.0.0.221 for Microsoft Edge and Internet Explorer 11 is still pending from the product vendor. Since the vulnerability could be exploited by simply opening a malicious Flash file or viewing a malicious website, as an interim measure as well as security best practices, users are reminded not to visit suspicious websites, open Flash file from doubtful origins, nor follow URL links from un-trusted sources or emails such as spam, and to keep the virus signature as well as detection and repair engine up-to-date.
If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
https://www.hkcert.org/my_url/en/alert/17021501
https://www.us-cert.gov/ncas/current-activity/2017/02/14/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2984 (to CVE2017-2988)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2990 (to CVE2017-2996)