Summary
This host is installed with Adobe Flash Player and is prone to code execution and denial of service vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.
Solution
Update to Adobe Flash Player version 10.3.183.18 or 11.2.202.228 or later, For updates refer to http://get.adobe.com/flashplayer
Insight
The flaws are due to
- An error within an ActiveX Control when checking the URL security domain.
- An unspecified error within the NetStream class.
Affected
Adobe Flash Player version prior to 10.3.183.18 and 11.x to 11.1.102.63 on MAC OS X
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2012-0724, CVE-2012-0725, CVE-2012-0772, CVE-2012-0773 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)