Summary
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to execute arbitrary code or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Adobe Flash Player version 10.3.183.10 or later.
For details refer, http://www.adobe.com/downloads/
Insight
The flaws are due to
- Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component, allows remote attackers to execute arbitrary code via unspecified vectors.
- logic error issue, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors.
- security control bypass, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors - logic error vulnerability, allows remote attackers to execute arbitrary code via crafted streaming media.
- Cross-site scripting (XSS) vulnerability, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Affected
Adobe Flash Player versions prior to 10.3.183.10 on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)