Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a browser plugin that is affected by
multiple vulnerabilities.

Description :

The remote Windows host contains a version of Adobe Flash Player that
is earlier than 9.0.246.0 / 10.0.32.18. Such versions are reportedly
affected by multiple vulnerabilities :

- A memory corruption vulnerability that could potentially
lead to code execution. (CVE-2009-1862)

- A vulnerability in the Microsoft Active Template Library
(ATL) which could allow an attacker who successfully
exploits the vulnerability to take control of the
affected system. (CVE-2009-0901, CVE-2009-2395,
CVE-2009-2493)

- A privilege escalation vulnerability that could
potentially lead to code execution. (CVE-2009-1863)

- A heap overflow vulnerability that could potentially
lead to code execution. (CVE-2009-1864)

- A NULL pointer vulnerability that could potentially
lead to code execution. (CVE-2009-1865)

- A stack overflow vulnerability that could potentially
lead to code execution. (CVE-2009-1866)

- A clickjacking vulnerability that could allow an
attacker to lure a web browser user into unknowingly
clicking on a link or dialog. (CVE-2009-1867

- A URL parsing heap overflow vulnerability that could
potentially lead to code execution. (CVE-2009-1868)

- An integer overflow vulnerability that could potentially
lead to code execution. (CVE-2009-1869)

- A local sandbox vulnerability that could potentially
lead to information disclosure when SWFs are saved to
the hard drive. CVE-2009-1870)

See also :

http://www.adobe.com/support/security/bulletins/apsb09-10.html

Solution :

Upgrade to version 10.0.32.18 or later. If you are unable to upgrade
to version 10, upgrade to version 9.0.246.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now