Flash Player for Mac <= 10.3.183.7 Multiple Vulnerabilities (APSB11-26)

high Nessus Plugin ID 56258

Synopsis

The remote Mac OS X host has a browser plugin that is affected by multiple vulnerabilities.

Description

According to its version, the instance of Flash Player installed on the remote Mac OS X host is 10.3.183.7 or earlier. It is therefore reportedly affected by several critical vulnerabilities :

- Multiple AVM stack overflow vulnerabilities could lead to code execution. (CVE-2011-2426, CVE-2011-2427)

- A logic error issue could lead to code execution or a browser crash. (CVE-2011-2428)

- A Flash Player security control bypass vulnerability could lead to information disclosure. (CVE-2011-2429)

- A streaming media logic error vulnerability could lead to code execution. (CVE-2011-2430)

- A universal cross-site scripting vulnerability could be abused to take actions on a user's behalf on any website if the user is tricked into visiting a malicious website. Note that this issue is reportedly being actively exploited in targeted attacks. (CVE-2011-2444)

Solution

Upgrade to Adobe Flash for Mac version 10.3.183.10 or later.

See Also

http://www.nessus.org/u?bc89ef3e

http://www.adobe.com/support/security/bulletins/apsb11-26.html

Plugin Details

Severity: High

ID: 56258

File Name: macosx_flash_player_10_3_183_10.nasl

Version: 1.8

Type: local

Agent: macosx

Published: 9/22/2011

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Required KB Items: MacOSX/Flash_Player/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/21/2011

Vulnerability Publication Date: 9/21/2011

Reference Information

CVE: CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444

BID: 49710, 49714, 49715, 49716, 49717, 49718