Flash Player <= 18.104.22.168 Multiple Vulnerabilities (APSB14-27)
High Nessus Plugin ID 79835
SynopsisThe remote Windows host has a browser plugin that is affected by multiple vulnerabilities.
DescriptionAccording to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 22.214.171.124.
It is, therefore, affected by the following vulnerabilities :
- A security bypass vulnerability that allows an attacker to bypass the same-origin policy. (CVE-2014-0580)
- Multiple memory corruption vulnerabilities that allow an attacker to execute arbitrary code. (CVE-2014-0587, CVE-2014-9164)
- A use-after-free vulnerability that can result in arbitrary code execution. (CVE-2014-8443)
- An unspecified information disclosure vulnerability.
- A stack-based buffer overflow vulnerability that can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-9163)
SolutionUpgrade to Adobe Flash Player version 126.96.36.199 or later.
Alternatively, Adobe has made version 188.8.131.529 available for those installations that cannot be upgraded to 16.x.