Summary
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service (memory corruption) via unspecified vectors.
Impact Level: System/Application
Solution
Update to Adobe Flash Player version 10.3.183.20 or 11.3.300.257 or later, For the updates refer, http://get.adobe.com/flashplayer
Insight
Multiple errors are caused,
- When parsing ActionScript.
- Within NPSWF32.dll when parsing certain tags.
- In the 'SoundMixer.computeSpectrum()' method, which can be exploited to bypass the same-origin policy.
- In the installer allows planting a binary file.
Affected
Adobe Flash Player version before 10.3.183.20 and 11.x through 11.2.202.235 on Mac OS X.
References
Severity
Classification
-
CVE CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)