Summary
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service (memory corruption) via unspecified vectors.
Impact Level: System/Application
Solution
Update to Adobe Flash Player version 10.3.183.20 or 11.3.300.257 or later, For the updates refer, http://get.adobe.com/flashplayer
Insight
Multiple errors are caused,
- When parsing ActionScript.
- Within NPSWF32.dll when parsing certain tags.
- In the 'SoundMixer.computeSpectrum()' method, which can be exploited to bypass the same-origin policy.
- In the installer allows planting a binary file.
Affected
Adobe Flash Player version before 10.3.183.20 and 11.x through 11.2.202.235 on Windows.
References
Severity
Classification
-
CVE CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)