Flash Player for Mac < 10.3.181.26 Remote Memory Corruption (APSB11-18)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host has a browser plugin that is affected by a
remote memory corruption vulnerability.

Description :

According to its version, the instance of Flash Player installed on
the remote Mac OS X host is earlier than 10.3.181.26. This version of
Flash Player has a critical vulnerability. By tricking a user on the
affected system into opening a specially crafted document with Flash
content, an attacker could leverage the vulnerability to execute
arbitrary code remotely on the system subject to the user's
privileges.

This issue is reportedly being exploited in the wild in targeted
attacks as of June 2011.

See also :

http://www.adobe.com/support/security/bulletins/apsb11-18.html

Solution :

Upgrade to Adobe Flash for Mac version 10.3.181.26 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 55141 ()

Bugtraq ID: 48268

CVE ID: CVE-2011-2110