icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Flash Player <= 11.4.402.264 Multiple Vulnerabilities (APSB12-19)

High

Synopsis

The remote host contains a browser plugin that is affected by multiple vulnerabilities

Description

Versions of Flash Player equal to or earlier than 11.4.402.264 are affected by multiple vulnerabilities :

- Multiple memory corruption vulnerabilities could lead to code execution. (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166) - An integer overflow vulnerability exists that could lead to code execution. (CVE-2012-4167) - A cross-domain information leak vulnerability exists. (CVE-2012-4168) - An integer overflow condition affects the Matrix3D class. The copyRawDataTo method in the Matrix3D class fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted argument, a context-dependent attacker can potentially execute arbitrary code. (CVE-2012-5054)

Solution

Upgrade to Flash Player 11.4.402.265 or later.