FreeBSD : linux-flashplugin -- XSS vulnerability (57573136-920e-11e0-bdc9-001b2134ef46)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Adobe Product Security Incident Response Team reports :

An important vulnerability has been identified in Adobe Flash Player
10.3.181.16 and earlier versions for Windows, Macintosh, Linux and
Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for
Android. This universal cross-site scripting vulnerability
(CVE-2011-2107) could be used to take actions on a user's behalf on
any website or webmail provider, if the user visits a malicious
website. There are reports that this vulnerability is being exploited
in the wild in active targeted attacks designed to trick the user into
clicking on a malicious link delivered in an email message.

See also :

http://www.adobe.com/support/security/bulletins/apsb11-13.html
http://www.nessus.org/u?f33cc4e3

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 55009 ()

Bugtraq ID:

CVE ID: CVE-2011-2107

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now