GLSA-201309-06 : Adobe Flash Player: Multiple vulnerabilities

critical Nessus Plugin ID 69889

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201309-06 (Adobe Flash Player: Multiple vulnerabilities)

Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.
Impact :

A remote attacker could entice a user to open specially crafted SWF content, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass access restrictions.
Workaround :

There is no known workaround at this time.

Solution

All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-11.2.202.310'

See Also

https://security.gentoo.org/glsa/201309-06

Plugin Details

Severity: Critical

ID: 69889

File Name: gentoo_GLSA-201309-06.nasl

Version: 1.17

Type: local

Published: 9/14/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:adobe-flash, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/14/2013

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Adobe Flash Player Regular Expression Heap Overflow)

Reference Information

CVE: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272, CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280, CVE-2012-5676, CVE-2012-5677, CVE-2012-5678, CVE-2013-0504, CVE-2013-0630, CVE-2013-0633, CVE-2013-0634, CVE-2013-0637, CVE-2013-0638, CVE-2013-0639, CVE-2013-0642, CVE-2013-0643, CVE-2013-0644, CVE-2013-0645, CVE-2013-0646, CVE-2013-0647, CVE-2013-0648, CVE-2013-0649, CVE-2013-0650, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1371, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374, CVE-2013-1375, CVE-2013-1378, CVE-2013-1379, CVE-2013-1380, CVE-2013-2555, CVE-2013-2728, CVE-2013-3343, CVE-2013-3344, CVE-2013-3345, CVE-2013-3347, CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324

GLSA: 201309-06