Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 15.0.0.152 Multiple Vulnerabilities (APSB14-21)

High

Synopsis

The remote host has a browser plugin that is affected by multiple vulnerabilities.

Description

Versions of Flash player earlier than 15.0.0.152 are unpatched for the following vulnerabilities:

- Unspecified memory corruption issues exist that allow arbitrary code execution. (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555)

- An unspecified error exists that allows cross-origin policy violations. (CVE-2014-0548)

- A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0553)

- An unspecified error exists that allows an unspecified security bypass. (CVE-2014-0554)

- Unspecified errors exist that allow memory leaks leading to easier defeat of memory address randomization. (CVE-2014-0557)

- Heap-based buffer overflow errors exist that allow arbitrary code execution. (CVE-2014-0556, CVE-2014-0559)

Solution

Upgrade to 15.0.0.152 or later. Users of Internet Explorer 10 and 11 should be automatically updated to the latest version.