Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player <= 11.4.402.264 Multiple Vulnerabilities (APSB12-19)

High

Synopsis

The remote host contains a browser plugin that is affected by multiple vulnerabilities

Description

Versions of Flash Player equal to or earlier than 11.4.402.264 are affected by multiple vulnerabilities :

- Multiple memory corruption vulnerabilities could lead to code execution. (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166) - An integer overflow vulnerability exists that could lead to code execution. (CVE-2012-4167) - A cross-domain information leak vulnerability exists. (CVE-2012-4168) - An integer overflow condition affects the Matrix3D class. The copyRawDataTo method in the Matrix3D class fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted argument, a context-dependent attacker can potentially execute arbitrary code. (CVE-2012-5054)

Solution

Upgrade to Flash Player 11.4.402.265 or later.