Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
Weakness
The product does not correctly convert an object, resource, or structure from one type to a different type.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_desktop | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_workstation | Redhat | 6.0 (including) | 6.0 (including) |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | flash-plugin-0:26.0.0.151-1.el6_9 | * |
| Adobe-flashplugin | Ubuntu | devel | * |
| Adobe-flashplugin | Ubuntu | trusty | * |
| Adobe-flashplugin | Ubuntu | upstream | * |
| Adobe-flashplugin | Ubuntu | xenial | * |
| Adobe-flashplugin | Ubuntu | zesty | * |
| Flashplugin-nonfree | Ubuntu | devel | * |
| Flashplugin-nonfree | Ubuntu | esm-apps/xenial | * |
| Flashplugin-nonfree | Ubuntu | trusty | * |
| Flashplugin-nonfree | Ubuntu | upstream | * |
| Flashplugin-nonfree | Ubuntu | xenial | * |
| Flashplugin-nonfree | Ubuntu | zesty | * |
References
- http://www.securityfocus.com/bid/100190
- http://www.securitytracker.com/id/1039088
- https://access.redhat.com/errata/RHSA-2017:2457
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
- https://security.gentoo.org/glsa/201709-16
- https://www.exploit-db.com/exploits/42480/
- http://www.securityfocus.com/bid/100190
- http://www.securitytracker.com/id/1039088
- https://access.redhat.com/errata/RHSA-2017:2457
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
- https://security.gentoo.org/glsa/201709-16
- https://www.exploit-db.com/exploits/42480/