Flash Player < 126.96.36.199 Multiple Vulnerabilities (APSB14-24)
High Nessus Network Monitor Plugin ID 8566
SynopsisThe remote host has a browser plugin that is affected by multiple vulnerabilities.
DescriptionVersions of Flash player earlier than 188.8.131.52 are unpatched for the following vulnerabilities :
- Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in arbitrary code execution. (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in arbitrary code execution. (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-0583, CVE-2014-0582, CVE-2014-0589)
- A permission issue that allows a remote attacker to gain elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited to disclose secret session tokens. (CVE-2014-8437)
SolutionUpgrade to 184.108.40.206 or later, either via the browser update prompt or by visiting the Adobe Flash Player Download Center. Users of the Adobe Flash Player Extended Support Release should update to version 220.127.116.11.