Summary
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service (memory corruption) via unspecified vectors.
Impact Level: System/Application
Solution
Update to Adobe Flash Player version 10.3.183.20 or 11.2.202.236 or later, For the updates refer, http://get.adobe.com/flashplayer/
Insight
Multiple errors are caused,
- When parsing ActionScript.
- Within NPSWF32.dll when parsing certain tags.
- In the 'SoundMixer.computeSpectrum()' method, which can be exploited to bypass the same-origin policy.
- In the installer allows planting a binary file.
Affected
Adobe Flash Player version before 10.3.183.20,
Adobe Flash Player version 11.x through 11.2.202.235 on Linux.
References
Severity
Classification
-
CVE CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Windows)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)