Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 10.3.183.10 Multiple Vulnerabilities (APSB11-26)

High

Synopsis

The remote host contains a browser plugin that is vulnerable to multiple attack vectors.

Description

Versions of Flash Player earlier than 10.3.183.10 are potentially affected by multiple vulnerabilities : - Multiple AVM stack overflow vulnerabilities could lead to code execution. (CVE-2011-2426, CVE-2011-2427) - A logic error issue could lead to code execution or a browser crash. (CVE-2011-2428) - A Flash Player security control bypass vulnerability could lead to information disclosure. (CVE-2011-2429) - A streaming media logic error vulnerability could lead to code execution. (CVE-2011-2430) - A universal cross-site scripting vulnerability could be abused to take actions on a user's behalf on any website if the user is tricked into visiting a malicious website. Note that this issue is reportedly being actively exploited in targeted attacks. (CVE-2011-2444)

Solution

Upgrade to Flash Player 10.3.183.10 or later.