Flash Player < 22.214.171.124 Multiple Vulnerabilities (APSB14-27)
High Nessus Network Monitor Plugin ID 8603
SynopsisThe remote host has a browser plugin that is affected by multiple vulnerabilities.
DescriptionVersions of Flash player earlier than 126.96.36.199 are unpatched for the following vulnerabilities:
- A security bypass vulnerability that allows an attacker to bypass the same-origin policy. (CVE-2014-0580)
- Multiple memory corruption vulnerabilities that allow an attacker to execute arbitrary code. (CVE-2014-0587, CVE-2014-9164)
- A use-after-free vulnerability that can result in arbitrary code execution. (CVE-2014-8443)
- An unspecified information disclosure vulnerability. (CVE-2014-9162)
- A stack-based buffer overflow vulnerability that can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-9163)
SolutionInstall Microsoft KB3008925, or update to Flash 188.8.131.52 from the vendor's website.