Flash Player <= 10.3.183.19 / 11.3.300.256 Multiple Vulnerabilities (APSB12-14)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a browser plugin that is affected by
multiple vulnerabilities.

Description :

According to its version, the instance of Flash Player installed on
the remote Windows host is 10.x equal to or earlier than 10.3.183.19
or 11.x equal to or earlier than 11.3.300.256. It is, therefore,
potentially affected by multiple vulnerabilities :

- Multiple memory corruption vulnerabilities exist that
could lead to code execution. (CVE-2012-2034,
CVE-2012-2037)

- A stack overflow vulnerability exists that could lead to
code execution. (CVE-2012-2035)

- An integer overflow vulnerability exists that could lead
to code execution. (CVE-2012-2036)

- A security bypass vulnerability exists that could lead
to information disclosure. (CVE-2012-2038)

- A null dereference vulnerability exists that could lead
to code execution. (CVE-2012-2039)

- A binary planting vulnerability exists in the Flash
Player installer that could lead to code execution.
(CVE-2012-2040)

See also :

http://www.adobe.com/support/security/bulletins/apsb12-14.html

Solution :

Upgrade to Adobe Flash Player version 10.3.183.20 / 11.3.300.257 or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 59426 ()

Bugtraq ID: 53887

CVE ID: CVE-2012-2034
CVE-2012-2035
CVE-2012-2036
CVE-2012-2037
CVE-2012-2038
CVE-2012-2039
CVE-2012-2040

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now