Adobe Monthly Security Update (Dec 2016)
Last Update Date:
14 Dec 2016 10:57
Release Date:
14 Dec 2016
4556
Views
RISK: Extremely High Risk
TYPE: Clients - Productivity Products
Adobe has released monthly security update for their products:
| Vulnerable Product | Severity | Impacts | Notes | Details (including CVE) |
| Flash Player |  Extremely Critical | Remote Code Execution Security Restriction Bypass | Exploits in the wild | APSB16-39 |
| Animate |  Moderately Critical | Remote Code Execution | APSB16-38 | |
| Experience Manager Forms | Moderately Critical | Cross-site Scripting | APSB16-40 | |
| DNG Converter | Moderately Critical | Remote Code Execution | APSB16-41 | |
| Experience Manager | Moderately Critical | Cross-site Scripting | APSB16-42 | |
| InDesign | Moderately Critical | Remote Code Execution | APSB16-43 | |
| ColdFusion Builder | Moderately Critical | Information Disclosure | APSB16-44 | |
| Digital Editions | Moderately Critical | Information Disclosure | APSB16-45 | |
| RoboHelp | Moderately Critical | Cross-site Scripting | APSB16-46 |
Note for Adobe Flash Player:
An exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows.
Number of 'Extremely Critical' product(s): 1
Number of 'Highly Critical' product(s): 0
Number of 'Moderately Critical' product(s): 8
Evaluation of overall 'Criticality Level': Extremely Critical
Impact
- Cross-Site Scripting
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Adobe Animate 15.2.1.95 and earlier versions
- Adobe Flash Player 23.0.0.207 and earlier
- Adobe Flash Player for Google Chrome 23.0.0.207 and earlier
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.207 and earlier
- Adobe Flash Player for Linux 11.2.202.644 and earlier
- Adobe Experience Manager Forms 6.0, 6.1, 6.2
- Adobe LiveCycle 10.0.4, 11.0.1
- Adobe DNG Converter 9.7 and earlier versions
- Adobe Experience Manager 6.0, 6.1, 6.2
- Adobe InDesign 11.4.1 and earlier versions
- Adobe InDesign Server 11.0.0 and earlier versions
- Adobe ColdFusion Builder 2016 Update 2 and earlier versions
- Adobe ColdFusion Builder 3.0.3 and earlier versions
- Adobe Digital Editions 4.5.2 and earlier versions
- Adobe RoboHelp 2015.0.3 and earlier versions
- Adobe RoboHelp 11 and earlier versions
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued security updates for the products. Please refer to 'Details' column in the above table for details of individual product update or run software update.
Vulnerability Identifier
Source
Related Link
Share with