Flash Player < 12.0.0.77 Multiple Vulnerabilities (APSB14-08)

Medium Nessus Network Monitor Plugin ID 8157

Synopsis

The remote host has a browser plugin that is affected by multiple vulnerabilities.

Description

Versions of Adobe Flash Player prior to 12.0.0.77 (or 11.7.700.272 for Linux users) are outdated and thus unpatched for the following vulnerabilities :

- A same origin policy bypass vulnerability (CVE-2014-0503).
- Clipboard content access by an unauthorized, context-dependent attacker (CVE-2014-0504).

Solution

Upgrade to 12.0.0.77 (or 11.7.700.272 for users of older versions of Windows or OS X, who cannot upgrade to the latest major version), or later. Users of the Chrome browser should update their browser to version 33.0.1750.149, which will include the latest fix.

See Also

https://helpx.adobe.com/security/products/flash-player/apsb14-08.html

Plugin Details

Severity: Medium

ID: 8157

File Name: 8157.prm

Family: Web Clients

Published: 2013/03/13

Modified: 2016/01/21

Dependencies: 5158

Nessus ID: 72938

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Patch Publication Date: 2014/03/11

Vulnerability Publication Date: 2014/03/11

Reference Information

CVE: CVE-2014-0503, CVE-2014-0504

BID: 66122, 66127

OSVDB: 104318, 104319