Flash Player <= Multiple Vulnerabilities (APSB11-26)

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has a browser plugin that is affected by
multiple vulnerabilities.

Description :

According to its version, the instance of Flash Player installed on
the remote Windows host is or earlier. It is, therefore,
reportedly affected by several critical vulnerabilities :

- Multiple AVM stack overflow vulnerabilities could lead
to code execution. (CVE-2011-2426, CVE-2011-2427)

- A logic error issue could lead to code execution or
a browser crash. (CVE-2011-2428)

- A Flash Player security control bypass vulnerability
could lead to information disclosure. (CVE-2011-2429)

- A streaming media logic error vulnerability could lead
to code execution. (CVE-2011-2430)

- A universal cross-site scripting vulnerability could be
abused to take actions on a user's behalf on any
website if the user is tricked into visiting a
malicious website. Note that this issue is reportedly
being actively exploited in targeted attacks.

See also :


Solution :

Upgrade to Adobe Flash version or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now