Flash Player <= 10.3.183.90 / 11.7.700.224 Multiple Vulnerabilities (APSB13-17)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a browser plugin that is affected by
multiple vulnerabilities.

Description :

According to its version, the instance of Flash Player installed on the
remote Windows host is 10.x equal or prior to 10.3.183.90, or 11.x equal
or prior to 11.7.700.224. It is, therefore, potentially affected by
multiple vulnerabilities :

- A heap based buffer overflow vulnerability exists that
could lead to code execution. (CVE-2013-3344)

- A memory corruption vulnerability exists that could lead
to code execution. (CVE-2013-3345)

- An integer overflow exists when resampling a
user-supplied PCM buffer. (CVE-2013-3347)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-177/
http://www.adobe.com/support/security/bulletins/apsb13-17.html

Solution :

Upgrade to Adobe Flash Player version 11.7.700.232 / 11.8.800.94 or
later, or Google Chrome PepperFlash 11.8.800.97 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 67225 ()

Bugtraq ID: 61043
61045
61048

CVE ID: CVE-2013-3344
CVE-2013-3345
CVE-2013-3347

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now