Summary
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to execute arbitrary code or cause a denial of service.
Impact Level: iSystem/Application
Solution
Upgrade to Adobe Flash Player version 10.3.183.10 or later.
For details refer, http://www.adobe.com/downloads/
Insight
The flaws are due to
- Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component, allows remote attackers to execute arbitrary code via unspecified vectors.
- security control bypass, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors - logic error vulnerability, allows remote attackers to cause a denial of service (browser crash) via unspecified vectors or execute arbitrary via crafted streaming media.
- Cross-site scripting (XSS) vulnerability, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Affected
Adobe Flash Player versions prior to 10.3.183.10 on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities - Windows