Flash Player < 11.3.300.271 Code Execution (APSB12-18)

High Nessus Network Monitor Plugin ID 6544

Synopsis

The remote host contains a browser plugin that is affected by code execution vulnerability

Description

Versions of Flash Player earlier than 11.3.300.270 is affected by an unspecified remoted code execution vulnerability :

- Note that this vulnerability is reportedly being actively exploited in the wild. Also note the vendor states 10.x versions are not affected by this vulnerability and the branch was not updated.

Solution

Upgrade to Flash Player 11.3.300.271 or later.

See Also

http://www.adobe.com/support/security/bulletins/apsb12-18.html

http://forums.adobe.com/thread/1049526

Plugin Details

Severity: High

ID: 6544

File Name: 6544.prm

Family: Web Clients

Published: 2011/08/17

Modified: 2016/01/19

Dependencies: 5783

Nessus ID: 61550, 61551

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Patch Publication Date: 2012/08/14

Vulnerability Publication Date: 2012/08/14

Exploitable With

CANVAS (CANVAS)

Metasploit (windows/browser/adobe_flash_otf_font.rb)

Reference Information

CVE: CVE-2012-1535

BID: 55009