SynopsisThe remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
DescriptionAccording to its version, the instance of Flash Player installed on the remote Windows host is 10.3.183.7 or earlier. It is, therefore, reportedly affected by several critical vulnerabilities :
- Multiple AVM stack overflow vulnerabilities could lead to code execution. (CVE-2011-2426, CVE-2011-2427)
- A logic error issue could lead to code execution or a browser crash. (CVE-2011-2428)
- A Flash Player security control bypass vulnerability could lead to information disclosure. (CVE-2011-2429)
- A streaming media logic error vulnerability could lead to code execution. (CVE-2011-2430)
- A universal cross-site scripting vulnerability could be abused to take actions on a user's behalf on any website if the user is tricked into visiting a malicious website. Note that this issue is reportedly being actively exploited in targeted attacks. (CVE-2011-2444)
SolutionUpgrade to Adobe Flash version 10.3.183.10 or later.