Adobe Patches Multiple Vulnerabilities

Tuesday, May 9, 2017 @ 06:05 PM gHale


Adobe released updates for Flash Player and Experience Manager, patching multiple vulnerabilities.

Flash Player 25.0.0.171 addresses seven holes which can end up leveraged to take control of vulnerable systems.

RELATED STORIES
Adobe Issues ColdFusion Hotfix
Across the Board Fixes for Adobe
Adobe Fixes Flash, Shockwave Holes
Microsoft Issues Flash Patches

The security holes have been described as use-after-free and other memory corruption vulnerabilities that can lead to arbitrary code execution, Adobe said in an advisory.

A majority of the weaknesses came to Adobe via Jihui Lu of Tencent KeenLab. One also ended up discovered by Google Project Zero researchers.

The Flash Player vulnerabilities are CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073 and CVE-2017-3074.

Adobe has not found any of the vulnerabilities undergoing exploitation.

In addition, Adobe published a separate advisory for a hole in the Forms feature of the Experience Manager enterprise content management solution.

Versions 6.0 through 6.2 suffer from the information disclosure vulnerability discovered by Ruben Reusser of headwire.com and tracked as CVE-2017-3067.

The flaw is in relation to the abuse of the pre-population service in Experience Manager Forms.

“This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form,” Adobe said in its advisory.



Leave a Reply

You must be logged in to post a comment.