Security Alert (A17-03-04): Multiple Vulnerabilities in Adobe Flash Player


 

Published on: 15 March 2017

  
  

Description:

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by buffer overflow, memory corruption, random number generator flaw and use-after-free error. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted Flash file, web page or document that supports embedded Flash content.

 

Affected Systems:

> Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux 24.0.0.221 and earlier versions
> Adobe Flash Player for Google Chrome 24.0.0.221 and earlier versions
> Adobe Flash Player for Microsoft Edge and Internet Explorer 11 24.0.0.221 and earlier versions 

 

Impact:

A successful exploitation could lead to information disclosure, arbitrary code execution or potentially take control of the affected system.

 

Recommendation:

Upgrade Adobe Flash Player to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

> Adobe Flash Player Desktop Runtime 25.0.0.127 for Windows and Macintosh
   http://www.adobe.com/go/getflash
   http://www.adobe.com/products/players/flash-player-distribution.html 

> Adobe Flash Player 25.0.0.127 for Google Chrome
   http://googlechromereleases.blogspot.com/

> Adobe Flash Player 25.0.0.127 for Microsoft Edge and Internet Explorer 11
   http://www.catalog.update.microsoft.com/Search.aspx?q=KB4014329

> Adobe Flash Player 25.0.0.127 for Linux
   http://www.adobe.com/go/getflash

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at
   > http://www.adobe.com/software/flash/about/

 

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
https://technet.microsoft.com/library/security/MS17-023
https://support.microsoft.com/en-us/help/4014329/ms17-nnn-security-update-for-adobe-flash-player-march-14-2017
https://www.hkcert.org/my_url/en/alert/17031502
https://www.us-cert.gov/ncas/current-activity/2017/03/14/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2997 (to CVE2017-3003) 



Tag: Adobe , Flash Player
Tags