Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 16.0.0.235 Multiple Vulnerabilities (APSB14-27)

High

Synopsis

The remote host has a browser plugin that is affected by multiple vulnerabilities.

Description

Versions of Flash player earlier than 16.0.0.235 are unpatched for the following vulnerabilities:

- A security bypass vulnerability that allows an attacker to bypass the same-origin policy. (CVE-2014-0580)

- Multiple memory corruption vulnerabilities that allow an attacker to execute arbitrary code. (CVE-2014-0587, CVE-2014-9164)

- A use-after-free vulnerability that can result in arbitrary code execution. (CVE-2014-8443)

- An unspecified information disclosure vulnerability. (CVE-2014-9162)

- A stack-based buffer overflow vulnerability that can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-9163)

Solution

Install Microsoft KB3008925, or update to Flash 16.0.0.235 from the vendor's website.