Flash Player <= 10.3.183.16 / 11.1.102.63 Multiple Memory Corruption Vulnerabilities (APSB12-07)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a browser plugin that is affected by
multiple memory corruption vulnerabilities.

Description :

According to its version, the instance of Flash Player installed on
the remote Windows host is 10.x equal to or earlier than 10.3.183.16
or 11.x equal to or earlier than 11.1.102.63. It is, therefore,
reportedly affected by several critical memory corruption
vulnerabilities :

- Memory corruption vulnerabilities related to URL
security domain checking. (CVE-2012-0772)

- A flaw in the NetStream Class that could lead to remote
code execution. (CVE-2012-0773)

- Two Flash Player memory corruption vulnerabilities
related to the Google Chrome interface.
(CVE-2012-0724, CVE-2012-0725)

By tricking a victim into visiting a specially crafted page, an
attacker may be able to utilize these vulnerabilities to execute
arbitrary code subject to the users' privileges.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-12-057/
http://www.securityfocus.com/archive/1/522413/30/0/threaded
http://www.adobe.com/support/security/bulletins/apsb12-07.html

Solution :

Upgrade to Adobe Flash version 11.2.202.228 / 10.3.183.18 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 58538 ()

Bugtraq ID: 52748
52914
52916

CVE ID: CVE-2012-0772
CVE-2012-0773
CVE-2012-0724
CVE-2012-0725

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now