Oracle Solaris Third-Party Patch Update : flash (multiple_vulnerabilities_in_adobe_flashplayer6)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Adobe Flash Player before 11.2.202.229 in Google Chrome
before 18.0.1025.151 allow attackers to cause a denial
of service (memory corruption) or possibly have
unspecified other impact via unknown vectors, a
different vulnerability than CVE-2012-0725.
(CVE-2012-0724)

- Adobe Flash Player before 11.2.202.229 in Google Chrome
before 18.0.1025.151 allow attackers to cause a denial
of service (memory corruption) or possibly have
unspecified other impact via unknown vectors, a
different vulnerability than CVE-2012-0724.
(CVE-2012-0725)

- The Matrix3D component in Adobe Flash Player before
10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac
OS X, Linux, and Solaris; before 11.1.111.7 on Android
2.x and 3.x; and before 11.1.115.7 on Android 4.x allows
attackers to execute arbitrary code or cause a denial of
service (memory corruption) via unspecified vectors.
(CVE-2012-0768)

- Adobe Flash Player before 10.3.183.16 and 11.x before
11.1.102.63 on Windows, Mac OS X, Linux, and Solaris;
before 11.1.111.7 on Android 2.x and 3.x; and before
11.1.115.7 on Android 4.x does not properly handle
integers, which allows attackers to obtain sensitive
information via unspecified vectors. (CVE-2012-0769)

- An unspecified ActiveX control in Adobe Flash Player
before 10.3.183.18 and 11.x before 11.2.202.228, and AIR
before 3.2.0.2070, on Windows does not properly perform
URL security domain checking, which allow attackers to
execute arbitrary code or cause a denial of service
(memory corruption) via unknown vectors. (CVE-2012-0772)

- The NetStream class in Adobe Flash Player before
10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac
OS X, and Linux; Flash Player before 10.3.183.18 and
11.x before 11.2.202.223 on Solaris; Flash Player before
11.1.111.8 on Android 2.x and 3.x; and AIR before
3.2.0.2070 allows attackers to execute arbitrary code or
cause a denial of service (memory corruption) via
unspecified vectors. (CVE-2012-0773)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?4b061741

Solution :

Upgrade to Solaris 11/11 SRU 7.5.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Solaris Local Security Checks

Nessus Plugin ID: 80612 ()

Bugtraq ID:

CVE ID: CVE-2012-0724
CVE-2012-0725
CVE-2012-0768
CVE-2012-0769
CVE-2012-0772
CVE-2012-0773

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now