Summary
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code in the context of the affected application or cause a denial of service condition.
Impact Level: Application.
Solution
Upgrade to Adobe Flash Player version 10.3.183.15 or 11.1.102.62 or later, For updates refer to http://www.adobe.com/downloads/
Insight
The flaws are due to,
- A memory corruption error in ActiveX control
- A type confusion memory corruption error
- An unspecified error related to MP4 parsing
- Many unspecified erros which allows to bypass certain security restrictions
- Improper validation of user supplied input which allows attackers to execute arbitrary HTML and script code in a user's browser session
Affected
Adobe Flash Player version before 10.3.183.15
Adobe Flash Player version 11.x through 11.1.102.55 on Linux
References
Severity
Classification
-
CVE CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0756, CVE-2012-0757, CVE-2012-0767 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)