The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Adobe Flash Player: memory corruption via Type Confusion

Synthesis of the vulnerability

An attacker can generate a memory corruption via Type Confusion of Adobe Flash Player, in order to trigger a denial of service, and possibly to run code.
Severity of this weakness: 4/4.
Creation date: 16/10/2017.
Références of this bulletin: ADV170018, APSB17-32, CERTFR-2017-AVI-355, CVE-2017-11292, RHSA-2017:2899-01, VIGILANCE-VUL-24150.

Description of the vulnerability

An attacker can generate a memory corruption via Type Confusion of Adobe Flash Player, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat alert impacts software or systems such as Flash Player, Windows 10, Windows 2012, Windows 2016, Windows 8, Windows RT, RHEL.

Our Vigil@nce team determined that the severity of this weakness announce is critical.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness bulletin.

Solutions for this threat

Adobe Flash Player: version 27.0.0.170.
The version 27.0.0.170 is fixed:
  https://get.adobe.com/flashplayer/

RHEL 6.9: new flash-plugin packages.
New packages are available:
  RHEL 6: flash-plugin 27.0.0.170-1.el6_9

Windows: patch for Adobe Flash.
A patch is available:
  https://support.microsoft.com/en-us/help/4049179/security-update-for-adobe-flash-player-october-17-2017
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerabilities analysis. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.