Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities (APSB10-26)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a browser plug-in that is affected
by multiple vulnerabilities.

Description :

The remote Windows host contains a version of Adobe Flash Player 9.x
before 9.0.289 or 10.x earlier than 10.1.102.64. Such versions are
potentially affected by multiple vulnerabilities :

- A memory corruption vulnerability exists that could lead
to code execution. Note that there are reports that
this is being actively exploited in the wild.
(CVE-2010-3654)

- An input validation issue exists that could lead to a
bypass of cross-domain policy file restrictions with
certain server encodings. (CVE-2010-3636)

- A memory corruption vulnerability exists in the ActiveX
component. (CVE-2010-3637)

- An unspecified issue exists which could lead to a
denial of service or potentially arbitrary code
execution. (CVE-2010-3639)

- Multiple memory corruption issues exist that could lead
to arbitrary code execution. (CVE-2010-3640,
CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,
CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,
CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,
CVE-2010-3650, CVE-2010-3652)

- A library-loading vulnerability could lead to code
execution. (CVE-2010-3976)

See also :

http://www.adobe.com/support/security/bulletins/apsb10-26.html

Solution :

Upgrade to Flash Player 10.1.102.64 / 9.0.289 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now