Adobe published a new version of Flash player in the middle of this week covering the Security issues under CVE-2017-3085 that affects all the platforms of windows(Windows XP, Vista, 7, 8.x and 10).
This flaw was identified by Security researcher Ruytenberg and it was derived from the old vulnerability(CVE-2016-4271) which Adobe patched on September 2016.
The previous flaw occurs in handling the input validation which leads to exfiltrate data and disclose them through SMB, and Adobe fixed the same with version 23 by dropping local-with-file-system sandbox and rejects UNC and File-style paths schemes (\\10.0.0.1\some\file.txt file://///10.0.0.1/some/file.txt.).
Read More at GBHackers On Security
No comments:
Post a Comment