http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html

48732

http://www.adobe.com/support/security/bulletins/apsb12-07.html

http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

MISC

oval:org.mitre.oval:def:14628

The remote Solaris system is missing necessary patches to address security updates :

  - Adobe Flash Player before 11.2.202.229 in Google Chrome     before 18.0.1025.151 allow attackers to cause a denial     of service (memory corruption) or possibly have     unspecified other impact via unknown vectors, a     different vulnerability than CVE-2012-0725.
    (CVE-2012-0724)

  - Adobe Flash Player before 11.2.202.229 in Google Chrome     before 18.0.1025.151 allow attackers to cause a denial     of service (memory corruption) or possibly have     unspecified other impact via unknown vectors, a     different vulnerability than CVE-2012-0724.
    (CVE-2012-0725)

  - The Matrix3D component in Adobe Flash Player before     10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac     OS X, Linux, and Solaris; before 11.1.111.7 on Android     2.x and 3.x; and before 11.1.115.7 on Android 4.x allows     attackers to execute arbitrary code or cause a denial of     service (memory corruption) via unspecified vectors.
    (CVE-2012-0768)

  - Adobe Flash Player before 10.3.183.16 and 11.x before     11.1.102.63 on Windows, Mac OS X, Linux, and Solaris;
    before 11.1.111.7 on Android 2.x and 3.x; and before     11.1.115.7 on Android 4.x does not properly handle     integers, which allows attackers to obtain sensitive     information via unspecified vectors. (CVE-2012-0769)

  - An unspecified ActiveX control in Adobe Flash Player     before 10.3.183.18 and 11.x before 11.2.202.228, and AIR     before 3.2.0.2070, on Windows does not properly perform     URL security domain checking, which allow attackers to     execute arbitrary code or cause a denial of service     (memory corruption) via unknown vectors. (CVE-2012-0772)

  - The NetStream class in Adobe Flash Player before     10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac     OS X, and Linux; Flash Player before 10.3.183.18 and     11.x before 11.2.202.223 on Solaris; Flash Player before     11.1.111.8 on Android 2.x and 3.x; and AIR before     3.2.0.2070 allows attackers to execute arbitrary code or     cause a denial of service (memory corruption) via     unspecified vectors. (CVE-2012-0773)

The remote host has Adobe Flash Player installed. 

Versions of Flash Player 10.x equal to or earlier than 10.3.183.16 or 11.x equal to or ealier than 11.1.102.63 are potentially affected by several critical memory corruption vulnerabilities : 

  - Memory corruption vulnerabilities related to URL security domain checking. (CVE-2012-0772)

  - A flaw in the NetStream Class that could lead to remote code execution. (CVE-2012-0773)

  - Two Flash Player memory corruption vulnerabilities related to the Google Chrome interface. (CVE-2012-0724, CVE-2012-0725)

By tricking a victim into visiting a specially crafted page, an attacker may be able to utilize these vulnerabilities to execute arbitrary code subject to the users' privileges

 

Versions of Google Chrome earlier than 18.0.1025.151 are potentially affected by the following vulnerabilities :

  - An out-of-bounds read issue exists related to 'Skia' clipping. (CVE-2011-3066)

  - An error exists related to cross-origin iframe replacement. (CVE-2011-3067)

  - Use-after-free errors exist related to 'run-in' handling, line box editing, v8 JavaScript engine bindings, 'HTMLMediaElemet', SVG resource handling, media handling, style command application, and focus handling. (CVE-2011-3068, CVE-2011-3069, CVE-2011-3070, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3076)

  - A cross-origin violation error exists related to pop-up windows. (CVE-2011-3072)

  - A read-after-free error exists related to script binding. (CVE-2011-3077)\
  - The bundled Adobe Flash Player is vulnerable to several memory corruption issues that can lead to arbitrary code execution. (CVE-2012-0724, CVE-2012-0725)

The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1.3 or 9.5.1. It is, therefore, affected by the following vulnerabilities :

  - An integer overflow condition exists that allows an     attacker to execute arbitrary code via a crafted True     Type Font (TFF). (CVE-2012-0774)

  - A memory corruption issue exists in JavaScript handling     that allows an attacker to execute arbitrary code.
    (CVE-2012-0775)

  - A security bypass vulnerability exists in the Adobe     Reader installer that allows an attacker to execute     arbitrary code. (CVE-2012-0776)

  - A memory corruption issue exists in the JavaScript API     that allows an attacker to execute arbitrary code or     cause a denial of service. (CVE-2012-0777)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Adobe reports :

Multiple Priority 2 vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

The version of Google Chrome installed on the remote host is earlier than 18.0.1025.151 and is, therefore, affected by the following vulnerabilities :

  - An out-of-bounds read issue exists related to 'Skia'     clipping. (CVE-2011-3066)

  - An error exists related to cross-origin iframe     replacement. (CVE-2011-3067)

  - Use-after-free errors exist related to 'run-in'     handling, line box editing, v8 JavaScript engine     bindings, 'HTMLMediaElement', SVG resource handling,     media handling, style command application, and focus     handling. (CVE-2011-3068, CVE-2011-3069, CVE-2011-3070,     CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,     CVE-2011-3075, CVE-2011-3076)

  - A cross-origin violation error exists related to pop-up     windows. (CVE-2011-3072)

  - A read-after-free error exists related to script     binding. (CVE-2011-3077)

  - The bundled Adobe Flash Player is vulnerable to several     memory corruption issues that can lead to arbitrary     code execution. (CVE-2012-0724, CVE-2012-0725)

According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.16 or 11.x equal to or earlier than 11.1.102.63.  It is, therefore, reportedly affected by several critical memory corruption vulnerabilities :

  - Memory corruption vulnerabilities related to URL     security domain checking. (CVE-2012-0772)

  - A flaw in the NetStream Class that could lead to remote     code execution. (CVE-2012-0773)

  - Two Flash Player memory corruption vulnerabilities     related to the Google Chrome interface.     (CVE-2012-0724, CVE-2012-0725)  

By tricking a victim into visiting a specially crafted page, an attacker may be able to utilize these vulnerabilities to execute arbitrary code subject to the users' privileges.

ID	Name	Product	Family	Severity
80612	Oracle Solaris Third-Party Patch Update : flash (multiple_vulnerabilities_in_adobe_flashplayer6)	Nessus	Solaris Local Security Checks	critical
6802	Flash Player <= 10.3.183.16 / 11.1.102.63 Multiple Memory Corruption Vulnerabilities (APSB12-07)	Nessus Network Monitor	Web Clients	high
800927	Google Chrome < 18.0.1025.151 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6403	Google Chrome < 18.0.1025.151 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
58684	Adobe Reader < 10.1.3 / 9.5.1 Multiple Vulnerabilities (APSB12-03, APSB12-05, APSB12-07, APSB12-08) (Mac OS X)	Nessus	MacOS X Local Security Checks	high
58646	FreeBSD : linux-flashplugin -- multiple vulnerabilities (20923a0d-82ba-11e1-8d7b-003067b2972c)	Nessus	FreeBSD Local Security Checks	critical
58644	Google Chrome < 18.0.1025.151 Multiple Vulnerabilities	Nessus	Windows	high
58538	Flash Player <= 10.3.183.16 / 11.1.102.63 Multiple Memory Corruption Vulnerabilities (APSB12-07)	Nessus	Windows	high

CVE-2012-0725

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Tenable Plugins

critical

high

high

high

high

critical

high

high