Google Chrome < 32.0.1700.107 RCE

High Nessus Network Monitor Plugin ID 8107

Synopsis

The remote host contains a web browser that is affected by a remote code execution vulnerability via its built-in Flash plugin.

Description

The remote host has Google Chrome browser installed. The previous version of Google Chrome (that is, prior to 32.0.1700.107) contain a plugin for Flash Player 12.0.0.41, which is vulnerable to remote code execution. Chrome 32.0.1700.107 has been released with an updated version of Flash, which patches this vulnerability.

Solution

Upgrade to Google Chrome 32.0.1700.107 or later.

See Also

http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

http://www.cnnvd.org.cn/vulnerability/show/cv_id/2014020035

http://www.securelist.com/en/blog/8177/CVE_2014_0497_a_0_day_vulnerability

https://www.corelan.be/index.php/2014/02/05/corelan-team-reply-to-false-allegation-made-by-kaspersky

Plugin Details

Severity: High

ID: 8107

Family: Web Clients

Published: 2014/02/11

Updated: 2019/03/06

Dependencies: 4645

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSS v3.0

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2014/02/03

Vulnerability Publication Date: 2014/02/03

Exploitable With

Metasploit (windows/browser/adobe_flash_avm2.rb)

Reference Information

CVE: CVE-2014-0497

BID: 65327