Summary
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to execute arbitrary code or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Adobe Flash Player version 10.3.183.10 or later.
For details refer, http://www.adobe.com/downloads/
Insight
The flaws are due to
- Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component, allows remote attackers to execute arbitrary code via unspecified vectors.
- logic error issue, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors.
- security control bypass, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors - logic error vulnerability, allows remote attackers to execute arbitrary code via crafted streaming media
- Cross-site scripting (XSS) vulnerability, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Affected
Adobe Flash Player versions prior to 10.3.183.10 on Mac OS X.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability