Flash Player <= 188.8.131.52 Multiple Vulnerabilities (APSB14-21)
High Nessus Plugin ID 77577
SynopsisThe remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
DescriptionAccording to its version, the installation of Flash Player installed on the remote Windows host is equal or prior to 184.108.40.206. It is, therefore, affected by the following vulnerabilities :
- Unspecified memory corruption issues exist that allow arbitrary code execution. (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555)
- An unspecified error exists that allows cross-origin policy violations. (CVE-2014-0548)
- A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0553)
- An unspecified error exists that allows an unspecified security bypass. (CVE-2014-0554)
- Unspecified errors exist that allow memory leaks leading to easier defeat of memory address randomization.
- Heap-based buffer overflow errors exist that allow arbitrary code execution. (CVE-2014-0556, CVE-2014-0559)
SolutionUpgrade to Adobe Flash Player version 220.127.116.11 or later.
Alternatively, Adobe has made version 18.104.22.168 available for those installations that cannot be upgraded to 15.x.