Flash Player for Mac <= 10.3.183.18 / 11.2.202.233 Object Confusion Vulnerability (APSB12-09)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host has a browser plugin that is affected by a
code execution vulnerability.

Description :

According to its version, the instance of Flash Player installed on
the remote Mac OS X host is 10.x equal to or earlier than 10.3.183.18
or 11.x equal to or earlier than 11.2.202.233. It is, therefore,
reportedly affected by an object confusion vulnerability that could
allow an attacker to crash the application or potentially take control
of the target system.

By tricking a victim into visiting a specially crafted page, an
attacker may be able to utilize this vulnerability to execute
arbitrary code subject to the users' privileges.

See also :

http://www.adobe.com/support/security/bulletins/apsb12-09.html
http://www.nessus.org/u?ba4bc112

Solution :

Upgrade to Adobe Flash Player version 10.3.183.19 / 11.2.202.235 or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 58995 ()

Bugtraq ID: 53395

CVE ID: CVE-2012-0779