Flash Player < 10.2.159.1 ActionScript Predefined Class Prototype Addition Remote Code Execution (APSB11-07)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a browser plug-in that allows
arbitrary code execution.

Description :

The remote Windows host contains a version of Adobe Flash Player
earlier than 10.2.159.1. Such versions are reportedly affected by a
memory corruption vulnerability.

By tricking a user on the affected system into opening a specially
crafted document with Flash content, such as a SWF file embedded in a
Microsoft Word document, an attacker can potentially leverage this
issue to execute arbitrary code remotely on the system subject to the
user's privileges.

Note that there are reports that this issue is being exploited in the
wild as of April 2011.

See also :

http://www.nessus.org/u?9ee82b34
http://www.adobe.com/support/security/bulletins/apsb11-07.html

Solution :

Upgrade to Adobe Flash Player 10.2.159.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 53472 ()

Bugtraq ID: 47314

CVE ID: CVE-2011-0611

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now