Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 15.0.0.223 Multiple Vulnerabilities (APSB14-24)

High

Synopsis

The remote host has a browser plugin that is affected by multiple vulnerabilities.

Description

Versions of Flash player earlier than 15.0.0.223 are unpatched for the following vulnerabilities :

- Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)

- Multiple use-after-free vulnerabilities could result in arbitrary code execution. (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438, CVE-2014-0574)

- Multiple type confusion vulnerabilities could result in arbitrary code execution. (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)

- Multiple heap-based buffer overflow vulnerabilities can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-0583, CVE-2014-0582, CVE-2014-0589)

- A permission issue that allows a remote attacker to gain elevated privileges. (CVE-2014-8442)

- An information disclosure vulnerability can be exploited to disclose secret session tokens. (CVE-2014-8437)

Solution

Upgrade to 15.0.0.223 or later, either via the browser update prompt or by visiting the Adobe Flash Player Download Center. Users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.252.