Detections
Analytics
Flash Player for Mac <= 10.3.183.7 Multiple Vulnerabilities (APSB11-26)
high Nessus Plugin ID 56258
Language:
Synopsis
The remote Mac OS X host has a browser plugin that is affected by multiple vulnerabilities.Description
According to its version, the instance of Flash Player installed on the remote Mac OS X host is 10.3.183.7 or earlier. It is therefore reportedly affected by several critical vulnerabilities :- Multiple AVM stack overflow vulnerabilities could lead to code execution. (CVE-2011-2426, CVE-2011-2427)
- A logic error issue could lead to code execution or a browser crash. (CVE-2011-2428)
- A Flash Player security control bypass vulnerability could lead to information disclosure. (CVE-2011-2429)
- A streaming media logic error vulnerability could lead to code execution. (CVE-2011-2430)
- A universal cross-site scripting vulnerability could be abused to take actions on a user's behalf on any website if the user is tricked into visiting a malicious website. Note that this issue is reportedly being actively exploited in targeted attacks. (CVE-2011-2444)
Solution
Upgrade to Adobe Flash for Mac version 10.3.183.10 or later.See Also
http://www.nessus.org/u?bc89ef3e
http://www.adobe.com/support/security/bulletins/apsb11-26.html
Plugin Details
Severity: High
ID: 56258
File Name: macosx_flash_player_10_3_183_10.nasl
Version: 1.8
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 9/22/2011
Updated: 7/14/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:adobe:flash_player
Required KB Items: MacOSX/Flash_Player/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 9/21/2011
Vulnerability Publication Date: 9/21/2011
Reference Information
CVE: CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444