Adobe Security Updates for Febraury 2017

Adobe has released three security updates for Adobe Flash Player (APSB17-04), Adobe Digital Editions (APSB17-05), and Adobe Campaign (APSB17-06) which covers a total of 24 CVEs. These updates for Adobe Flash Player address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. For Digital Editions it resolves a critical heap buffer overflow vulnerability that could lead to code execution and important buffer overflow vulnerabilities that could lead to a memory leak. The security updates resolve a moderate security bypass affecting the Adobe Campaign client console. Detect these vulnerabilities with the help of a vulnerability management tool.

Here are the details of Critical Security Updates and security Advisory:

APSB17-04 (Adobe Flash Player):
– A type confusion vulnerability that could lead to code execution (CVE-2017-2995).
– An integer overflow vulnerability that could lead to code execution (CVE-2017-2987).
– Multiple use-after-free vulnerabilities that could lead to code execution.
(CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, CVE-2017-2994).
– Multiple heap buffer overflow vulnerabilities that could lead to code execution.
(CVE-2017- 2984, CVE-2017-2986, CVE-2017-2992).
– Multiple memory corruption vulnerabilities that could lead to code execution.
(CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2996).

APSB17-05 (Adobe Digital Editions):
– A heap buffer overflow vulnerability that could lead to code execution (CVE-2017-2973).
– Multiple buffer overflow vulnerabilities that could lead to a memory leak.
(CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2978, CVE-2017-2977, CVE-2017-2979,CVE-2017-2980, CVE-2017-2981).

APSB17-06 (Adobe Campaign):
– A moderate security bypass affecting Adobe Campaign that could be exploited by an authenticated user with access to the client console. Successful exploitation could lead to read and write access to the system (CVE-2017-2968).
– A moderate input validation issue that could be used in cross-site scripting attacks (CVE-2017-2969).

Affected Versions:
Adobe Flash Player – 24.0.0.194 and earlier on all platforms.
Adobe Digital Editions – 4.5.3 and earlier versions on all platforms.
Adobe Campaign – 16.8 Build 8724 and earlier versions on Windows and Linux.

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Kashinath T
Security Research Engineer.