tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Adobe Flash Player Could Allow for Remote Code Execution (APSA16-02, APSA16-15)

Multiple Vulnerabilities in Adobe Flash Player Could Allow for Remote Code Execution (APSA16-02, APSA16-15)

MS-ISAC ADVISORY NUMBER:

2016-072

DATE(S) ISSUED:

05/12/2016

OVERVIEW:

A vulnerability has been discovered in Adobe Flash Player which could allow for remote code execution. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Successful exploitation of this vulnerability may allow for remote code execution and allow an attacker to take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full system rights with failed exploit attempts will likely result in denial-of-service conditions.

May 12 - UPDATED OVERVIEW:
Multiple vulnerabilities have been discovered in Adobe Flash Player that could allow for remote code execution.

THREAT INTELLIGENCE:

Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild.

SYSTEMS AFFECTED:

  • Adobe Flash Player 21.0.0.226 and earlier
  • Adobe Flash Player Desktop Runtime prior to 21.0.0.242 for Windows and Macintosh
  • Adobe Flash Player Extended Support Release prior to 18.0.0.352 for Windows and Macintosh
  • Adobe Flash Player for Google Chrome prior to 21.0.0.242 for Windows
  • Macintosh Linux
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 prior to 21.0.0.242 for Windows 8.1 and 10
  • Adobe Flash Player for Linux prior to 11.2.202.621 for Linux
  • AIR Desktop Runtime prior to 21.0.0.215 for Windows and Macintosh
  • AIR SDK prior to 21.0.0.215 for Windows Macintosh Android and iOS
  • AIR SDK & Compiler prior to 21.0.0.215 for Windows Macintosh Android and iOS

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

An unspecified security vulnerability has been discovered in Adobe Flash Player which could allow for remote code execution.

Successful exploitation of this vulnerability may allow for remote code execution and allow an attacker to take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full system rights with failed exploit attempts will likely result in denial-of-service conditions.

May 12 - UPDATED TECHNICAL SUMMARY:
Adobe Flash Player is prone to multiple vulnerabilities that could allow for remote code execution. These vulnerabilities are as follows:
Multiple type confusion vulnerabilities could lead to remote code execution. (CVE-2016-1105, CVE-2016-4117)
Multiple use-after-free vulnerabilities could lead to remote code execution. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110).
A heap buffer overflow vulnerability that could lead to remote code execution. (CVE-2016-1101).
A buffer overflow vulnerability that could lead to remote code execution. (CVE-2016-1103).
Multiple memory corruption vulnerabilities that could lead to remote code execution. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115).
A directory search path vulnerability that could lead to remote code execution. (CVE-2016-4116).
Successful exploitation of these vulnerabilities may allow for remote code execution and allow an attacker to take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full system rights with failed exploit attempts will likely result in denial-of-service conditions.

RECOMENDATIONS:

We recommend the following actions be taken:

Disable Flash functionality until a patch is released by Adobe.

Remind users not to visit websites or follow links provided by unknown or untrusted sources..

Do not open email attachments from unknown or untrusted sources. Limit user account privileges to those required only.

May 12 - UPDATED RECOMMENDATIONS:
We recommend the following actions be taken:
Install the updates provided by Adobe immediately after appropriate testing.

REFERENCES:

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4117 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1096 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1097 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1098 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1099 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1100 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1101 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1102 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1103 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1104 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1105 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1106 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1107 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1108 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1109 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1110 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4108 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4109 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4110 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4111 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4112 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4113 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4114 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4115 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4116

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 7: Email and Web Browser Protections