Adobe Flash Player <= 184.108.40.206 Multiple Vulnerabilities (APSB15-06)
High Nessus Plugin ID 82782
SynopsisThe remote Mac OS X host has a browser plugin installed that is affected by multiple vulnerabilities.
DescriptionThe version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 220.127.116.11. It is, therefore, affected by multiple vulnerabilities :
- Multiple double-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-0346, CVE-2015-0359)
- Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.
(CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)
- A unspecified buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
- Multiple unspecified use-after-free errors exist that allow an attacker to execute arbitrary code.
(CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039)
- An unspecified type confusion flaw exists that allows an attacker to execute arbitrary code. (CVE-2015-0356)
- Multiple unspecified memory leaks exist that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-0357, CVE-2015-3040)
- An unspecified security bypass flaw exists that allows an attacker to disclose information. (CVE-2015-3044)
SolutionUpgrade to Adobe Flash Player version 18.104.22.168 or later.
Alternatively, Adobe has made version 22.214.171.1241 and 126.96.36.1997 available for those installations that cannot be upgraded to 17.x.