Tech giant Adobe on March 13 released security updates patching up critical and important security holes in its Dreamweaver CC, Adobe Connect and Flash Player products. Dreamweaver CC is used for website creation, Connect is used for web meetings and Flash Player is used for executing and displaying content from a Small Web Format (SWF) file. Five vulnerabilities were patched up in which three are identified as critical.

The tally contains vulnerabilities as critical as Arbitrary Code Execution and Remote Code Execution, which if exploited successfully could allow for arbitrary code execution in the context of the privileges alloted to the current user. Other important vulnerabilities enlisted are Arbitrary file deletion and Information disclosure, which can lead to unintended arbitrary local file removal or forced uninstall of an application using cross-site scripting via an unrestricted SWF file upload vulnerability.


Affected Products:

  • Adobe Dreamweaver CC
  • Adobe Connect
  • Adobe Flash Player

Vulnerability Details:

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Adobe Dreamweaver CC
OS Command Injection Arbitrary Code ExecutionCriticalCVE-2018-4924
Adobe Connect
OS Command InjectionArbitrary file deletionImportantCVE-2018-4923
Unrestricted SWF File UploadInformation disclosureImportantCVE-2018-4921
Adobe Flash Player
Use After FreeRemote Code ExecutionCriticalCVE-2018-4919
Type ConfusionRemote Code ExecutionCriticalCVE-2018-4920

Affected Versions & Solutions:

ProductAffected VersionsUpdated VersionAvailability
Adobe Dreamweaver CC18.0 and earlier versions18.1Windows
Adobe Connect9.7 and earlier versions9.7.5All Platforms
Adobe Flash Player Desktop Runtime28.0.0.161 and earlier versions29.0.0.113Linux, Macintosh and Windows
Adobe Flash Player for Google Chrome28.0.0.161 and earlier versions29.0.0.113Linux, Chrome OS, Macintosh and Windows
Adobe Flash Player for Microsoft Edge and Internet Explorer 1128.0.0.161 and earlier versions29.0.0.113Windows 10 and 8.1

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Adobe Security Updates - Mar18
Article Name
Adobe Security Updates - Mar18
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>