OpenSUSE Linux update for flash-player



Risk Critical
Patch available YES
Number of vulnerabilities 36
CVE-ID CVE-2016-4122
CVE-2016-4123
CVE-2016-4124
CVE-2016-4125
CVE-2016-4127
CVE-2016-4128
CVE-2016-4129
CVE-2016-4130
CVE-2016-4131
CVE-2016-4132
CVE-2016-4133
CVE-2016-4134
CVE-2016-4135
CVE-2016-4136
CVE-2016-4137
CVE-2016-4138
CVE-2016-4139
CVE-2016-4140
CVE-2016-4141
CVE-2016-4142
CVE-2016-4143
CVE-2016-4144
CVE-2016-4145
CVE-2016-4146
CVE-2016-4147
CVE-2016-4148
CVE-2016-4149
CVE-2016-4150
CVE-2016-4151
CVE-2016-4152
CVE-2016-4153
CVE-2016-4154
CVE-2016-4155
CVE-2016-4156
CVE-2016-4166
CVE-2016-4171
CWE-ID CWE-119
CWE-200
CWE-22
CWE-843
Exploitation vector Network
Public exploit Public exploit code for vulnerability #13 is available.
Public exploit code for vulnerability #14 is available.
Public exploit code for vulnerability #15 is available.
Public exploit code for vulnerability #16 is available.
Vulnerability #36 is being exploited in the wild.
Vulnerable software
Subscribe
Adobe Flash Player
Client/Desktop applications / Plugins for browsers, ActiveX components

Adobe Flash Player Extended Support Release
Client/Desktop applications / Multimedia software

Adobe Flash Player for Linux
Client/Desktop applications / Multimedia software

Vendor Adobe

Security Bulletin

This security bulletin contains information about 36 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU5688

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4122

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory corruption

EUVDB-ID: #VU5689

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4123

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

EUVDB-ID: #VU5690

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4124

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU5691

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4125

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

EUVDB-ID: #VU5692

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4127

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory corruption

EUVDB-ID: #VU5693

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4128

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory corruption

EUVDB-ID: #VU5694

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4129

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory corruption

EUVDB-ID: #VU5695

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4130

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory corruption

EUVDB-ID: #VU5696

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4131

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory corruption

EUVDB-ID: #VU5697

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4132

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory corruption

EUVDB-ID: #VU5698

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4133

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory corruption

EUVDB-ID: #VU5699

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4134

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Heap-based buffer overflow

EUVDB-ID: #VU5717

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-4135

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

14) Heap-based buffer overflow

EUVDB-ID: #VU5718

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-4136

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

15) Memory corruption

EUVDB-ID: #VU5700

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-4137

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

16) Heap-based buffer overflow

EUVDB-ID: #VU5719

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-4138

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

17) Information disclosure

EUVDB-ID: #VU5721

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4139

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to input validation error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass the same-origin-policy and gain access to potentially sensitive data.

Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Path traversal

EUVDB-ID: #VU5720

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4140

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error in the directory search path used to find resources when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory corruption

EUVDB-ID: #VU3676

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4141

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) “Use-after-free” error

EUVDB-ID: #VU5711

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4142

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) “Use-after-free” error

EUVDB-ID: #VU5712

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4143

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Type confusion

EUVDB-ID: #VU5709

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4144

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confussion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) “Use-after-free” error

EUVDB-ID: #VU5713

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4145

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) “Use-after-free” error

EUVDB-ID: #VU5714

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4146

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) “Use-after-free” error

EUVDB-ID: #VU5715

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4147

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) “Use-after-free” error

EUVDB-ID: #VU5716

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4148

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Type confusion

EUVDB-ID: #VU5710

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4149

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confussion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Memory corruption

EUVDB-ID: #VU5701

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4150

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Memory corruption

EUVDB-ID: #VU5702

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4151

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Memory corruption

EUVDB-ID: #VU5703

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4152

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Memory corruption

EUVDB-ID: #VU5704

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4153

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory corruption

EUVDB-ID: #VU5705

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4154

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Memory corruption

EUVDB-ID: #VU5706

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4155

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Memory corruption

EUVDB-ID: #VU5707

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4156

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Memory corruption

EUVDB-ID: #VU5708

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4166

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.360

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Memory corruption

EUVDB-ID: #VU3

Risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2016-4171

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.


Mitigation

Update the affected packages.

Vulnerable software versions

Adobe Flash Player: 21.0.0.182 - 22.0.0.192

Adobe Flash Player Extended Support Release: 18.0.0.268 - 18.0.0.375

Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.626

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###