tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Adobe Products Could Allow for Remote Code Execution (APSB16-03, 04, 05, 07)

Multiple Vulnerabilities in Adobe Products Could Allow for Remote Code Execution (APSB16-03, 04, 05, 07)

MS-ISAC ADVISORY NUMBER:

2016-030

DATE(S) ISSUED:

02/09/2016

OVERVIEW:

Multiple vulnerabilities have been discovered in Adobe Connect, Experience Manager, Flash Player and Photoshop CC that could allow for remote code execution. Adobe Connect is software used to create information and general presentations, online training materials, web conferencing, learning modules, and user desktop sharing. Adobe Experience Manager is a Web Content Management System designed to enable users to create, edit, manage and optimize websites across different digital channels such as web and mobile. Adobe Photoshop CC is a graphics editor program. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Successful exploitation of these vulnerabilities may allow for remote code execution in the context of the current user.Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:

There are no reports of these vulnerabilities being exploited in the wild.

RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
MEDIUM

TECHNICAL SUMMARY:

Adobe Connect, Experience Manager, Flash Player and Photoshop CC are prone to multiple vulnerabilities, the most severe of which could allow for remote code execution. These vulnerabilities are as follows:

A type confusion vulnerability that may lead to code execution (CVE-2016-0985).

Multiple use-after-free vulnerabilities could lead to code execution (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984).

A heap buffer overflow vulnerability that could lead to code execution (CVE-2016-0971).

Multiple memory corruption vulnerabilities that may lead to code execution (CVE-2016-0951, CVE-2016-0952, CVE-2016-0953, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981).

A Java deserialization issue (CVE-2016-0958).

A cross-site scripting vulnerability that could lead to information disclosure (CVE-2016-0955).

An information disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 (CVE-2016-0956).

A URL filter bypass vulnerability that could be used to circumvent dispatcher rules (CVE-2016-0957).

A cross-site request forgery protection feature (CVE-2016-0948).

An input validation vulnerability (CVE-2016-0949).

A content spoofing vulnerability (CVE-2016-0950).

Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the current user.Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMENDATIONS:

We recommend the following actions be taken:

Install the updates provided by Adobe immediately after appropriate testing.

Remind users not to visit websites or follow links provided by unknown or untrusted sources.

Limit user account privileges to those required only.

Do not open email attachments from unknown or untrusted sources.

REFERENCES:

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0948 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0949 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0950 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0951 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0952 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0953 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0955 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0956 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0957 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0958 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0964 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0965 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0966 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0967 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0968 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0969 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0970 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0971 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0972 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0973 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0974 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0975 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0976 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0977 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0978 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0979 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0980 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0981 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0982 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0983 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0984 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0985

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation Arrow CIS Control 7: Email and Web Browser Protections

Information Hub: Advisories