Security Alert (A17-01-02): Multiple Vulnerabilities in Adobe Flash Player and Adobe Reader/Acrobat


 

Published on: 11 January 2017

  
  

Description:

Security updates are released for Adobe Flash Player and Adobe Reader/Acrobat to address multiple vulnerabilities caused by heap buffer overflow, use-after-free error, security bypass, memory corruption, and type confusion. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted PDF file, web page, Flash file, or document that supports embedded Flash content. 

 

Affected Systems:

  • Adobe Flash Player Desktop Runtime for Windows and Macintosh 24.0.0.186 and earlier versions
  • Adobe Flash Player for Google Chrome 24.0.0.186 and earlier versions
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 24.0.0.186 and earlier versions
  • Adobe Acrobat DC/Acrobat Reader DC Continuous 15.020.20042 and earlier versions
  • Adobe Acrobat DC/Acrobat Reader DC Classic 15.006.30244 and earlier versions
  • Adobe Acrobat/Reader XI 11.0.18 and earlier versions

Impact:

A successful exploitation could lead to arbitrary code execution, information disclosure, bypass of security restrictions or potentially take control of the affected system. 

 

Recommendation:

Upgrade Adobe Flash Player and Adobe Acrobat and Reader to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Flash Player Desktop Runtime 24.0.0.194 for Windows and Macintosh
    http://www.adobe.com/go/getflash
    http://www.adobe.com/products/players/flash-player-distribution.html

  • Adobe Flash Player 24.0.0.194 for Google Chrome
    http://googlechromereleases.blogspot.com/

  • Adobe Flash Player 24.0.0.194 for Microsoft Edge and Internet Explorer 11
    https://technet.microsoft.com/library/security/MS17-003

  • Adobe Flash Player 24.0.0.194 for Linux
    http://www.adobe.com/go/getflash

  • Adobe Acrobat DC Continuous 15.023.20053, Classic 15.006.30279, Acrobat XI 11.0.19
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac

  • Adobe Acrobat Reader DC Classic 15.006.30279, Reader XI 11.0.19
    http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Mac

  • Adobe Acrobat Reader DC Continuous 15.023.20053
    http://get.adobe.com/reader/

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at
http://www.adobe.com/software/flash/about/

 

More Information:

https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
https://support.microsoft.com/en-us/kb/321462
https://www.hkcert.org/my_url/en/alert/17011102
https://www.us-cert.gov/ncas/current-activity/2017/01/10/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2925 (to CVE2017-2928)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2930 (to CVE2017-2967)



Tag: Adobe , Flash Player , Acrobat , Acrobat Reader , Adobe Reader
Tags