BlackBerry < Multiple Flash Player Code Execution Vulnerabilities

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The version of BlackBerry 10 OS is affected by multiple remote code
execution vulnerabilities.

Description :

The mobile device uses a version of BlackBerry 10 OS that is prior to It is, therefore, affected by the following
vulnerabilities in the version of Flash Player supplied with it :

- Multiple memory corruption issues exist that allow an
unauthenticated, remote attacker to cause a denial of
service or to execute arbitrary code. (CVE-2013-1378,
CVE-2013-1379, CVE-2013-1380)

- An integer overflow condition exists that allows an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2013-2555)

Note that this plugin has relied solely on the version of the
installed OS and has not attempted to verify whether Flash content is
disabled in the device's browser.

See also :

Solution :

Upgrade to BlackBerry version or later. Alternatively,
refer to the vendor's advisory to disable Flash content.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true

Family: Mobile Devices

Nessus Plugin ID: 71992 ()

Bugtraq ID: 58396

CVE ID: CVE-2013-1378

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now