Arch Linux Security Advisory ASA-201710-21
=========================================
Severity: Critical
Date : 2017-10-16
CVE-ID : CVE-2017-11292
Package : lib32-flashplugin
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-450
Summary
======
The package lib32-flashplugin before version 27.0.0.170-1 is vulnerable
to arbitrary code execution.
Resolution
=========
Upgrade to 27.0.0.170-1.
# pacman -Syu "lib32-flashplugin>=27.0.0.170-1"
The problem has been fixed upstream in version 27.0.0.170.
Workaround
=========
None.
Description
==========
A type confusion vulnerability has been found in Adobe Flash Player <27.0.0.159, leading to arbitrary code execution.
Impact
=====
A remote attacker can execute arbitrary code on the affected host.
Adobe is aware of a report that an exploit exists in the wild, and is
being used in limited, targeted attacks against users running Windows.
References
=========
https://helpx.adobe.com/support/programs/support-options-free-discontinued-apps-services.html
https://security.archlinux.org/CVE-2017-11292