Google Chrome < 43.0.2357.134 Multiple RCE Vulnerabilities

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple remote code execution vulnerabilities.

Description :

The version of Google Chrome installed on the remote Windows host is
prior to 43.0.2357.134. It is, therefore, affected by multiple remote
code execution vulnerabilities in the bundled version of Adobe Flash :

- A use-after-free error exists in the opaqueBackground
class in the ActionScript 3 (AS3) implementation. A
remote attacker, via specially crafted Flash content,
can dereference already freed memory, resulting in the
execution of arbitrary code. (CVE-2015-5122)

- A use-after-free error exists in the BitmapData class in
the ActionScript 3 (AS3) implementation. A remote
attacker, via specially crafted Flash content, can
dereference already freed memory, resulting in the
execution of arbitrary code. (CVE-2015-5123)

See also :

https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
http://www.nessus.org/u?8156ecbe

Solution :

Upgrade to Google Chrome 43.0.2357.134 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 84731 ()

Bugtraq ID: 75710
75712

CVE ID: CVE-2015-5122
CVE-2015-5123

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now