FortiClient VulnerabilityMarch Flash Security Update
Description
An attacker exploit these vulnerabilities?
In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website.
Analysis
In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.
Affected Applications
Adobe Flash Player on Windows RT 8.1
Windows 10
Windows 8
Windows Server 2012
Windows Server 2016
Other References
https://portal.msrc.microsoft.com/en-us/security-guidance| ID | 35595 |
| Created | Mar 16, 2017 |
| Description Updated |
May 11, 2017 |
| Risk |
|
| Coverage | FortiClient |
| Application | Adobe Flash Player on Windows RT 8.1 , Windows 10 , Windows 8 , Windows Server 2012 , Windows Server 2016 |