Flash Player (Internet Explorer) <= 11.9.900.170 Multiple Vulnerabilities (APSB14-02)

High

Synopsis

The remote host contains a browser plug-in that is affected by multiple vulnerabilities.

Description

Versions of Flash equal or earlier than 11.9.900.170 are potentially affected by the following vulnerabilities:

- An unspecified vulnerability exists that can be used to bypass Flash Player security protections. (CVE-2014-0491)

- An unspecified vulnerability exists that can be used to bypass memory address layout randomization. (CVE-2014-0492)

Solution

Upgrade to Flash Player 12.0.0.38 or later, or install KB2929825, which contains the update for Adobe Flash Player in Internet Explorer.