Flash Player < 10.2.152.26 Multiple Vulnerabilities (APSB11-02)

High Nessus Network Monitor Plugin ID 5781

Synopsis

The remote host contains a browser plugin that is vulnerable to multiple attack vectors.

Description

The remote host has Adobe Flash Player installed. Versions of Flash Player earlier than 10.2.152.26 are potentially affected by multiple vulnerabilities :

- An integer overflow vulnerability exisst that could lead to code execution. (CVE-2011-0558)
- Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)
- A library-loading vulnerability exists that could lead to code execution. (CVE-2011-0575)
- A font-parsing vulnerabiity exists that could lead to code execution. (CVE-2011-0577)

Solution

Upgrade to Flash Player 10.2.152.26 or later.

See Also

http://www.adobe.com/support/security/bulletins/apsb11-02.html

Plugin Details

Severity: High

ID: 5781

File Name: 5781.prm

Family: Web Clients

Published: 2011/02/10

Modified: 2016/01/19

Dependencies: 5783

Nessus ID: 51926

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Patch Publication Date: 2011/02/08

Vulnerability Publication Date: 2011/02/08

Reference Information

CVE: CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608

BID: 46186, 46188, 46189, 46190, 46191, 46192, 46193, 46194, 46195, 46196, 46197, 46282, 46283

OSVDB: 70913, 70914, 70915, 70916, 70917, 70918, 70919, 70920, 70921, 70922, 70923