Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 11.7.700.275 / Multiple Vulnerabilities (APSB14-09)



The remote host is running an outdated version of Adobe Flash Player for Internet Explorer that is affected by multiple vulnerabilities.


Versions of Adobe Flash player prior to 11.7.700.275 / are outdated and thus unpatched for the following vulnerabilities :

- A use-after-free error affects the handling of ExternalInterface. With a specially crafted flash object, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2014-0506) - An overflow condition exists which is triggered as user-supplied input is not properly validated when handling ActionScript regular expressions. This may allow a context-dependent attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2014-0507) - An unspecified flaw that may allow a context-dependent attacker to bypass security restrictions and gain access to potentially sensitive information. (CVE-2014-0508) - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the applications do not validate input passed to the 'ExternalInterface.call()' function before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2014-0509)


Upgrade to Adobe Flash Player version or later. If 13.x cannot be obtained, 11.7.700.275 has also been patched for these vulnerabilities.