Summary
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service (memory corruption) via unspecified vectors.
Impact Level: System/Application
Solution
Update to Adobe Flash Player version 10.3.183.20 or 11.3.300.257 or later, For the updates refer, http://get.adobe.com/flashplayer
Insight
Multiple errors are caused,
- When parsing ActionScript.
- Within NPSWF32.dll when parsing certain tags.
- In the 'SoundMixer.computeSpectrum()' method, which can be exploited to bypass the same-origin policy.
- In the installer allows planting a binary file.
Affected
Adobe Flash Player version before 10.3.183.20 and 11.x through 11.2.202.235 on Mac OS X.
References
Severity
Classification
-
CVE CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe Flash Media Server multiple vulnerabilities
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)