Detections
Analytics
Flash Player for Mac <= 10.3.183.14 / 11.1.102.62 Multiple Vulnerabilities (APSB12-03)
critical Nessus Plugin ID 58002
Language:
Synopsis
The remote Mac OS X host has a browser plugin that is affected by multiple vulnerabilities.Description
According to its version, the instance of Flash Player installed on the remote Mac OS X host is 10.x equal to or earlier than 10.3.183.14 or 11.x equal to or earlier than 11.1.102.62. It is, therefore, reportedly affected by several critical vulnerabilities :- An unspecified memory corruption issue exists that could lead to code execution. (CVE-2012-0754)
- An unspecified type confusion memory corruption vulnerability exists that could lead to code execution.
(CVE-2012-0752)
- An MP4 parsing memory corruption issue exists that could lead to code execution. (CVE-2012-0753)
- Multiple unspecified security bypass vulnerabilities exist that could lead to code execution. (CVE-2012-0755, CVE-2012-0756)
- A universal cross-site scripting issue exists that could be used to take actions on a user's behalf on any website or webmail provider. (CVE-2012-0767)
Solution
Upgrade to Adobe Flash version 10.3.183.15 / 11.1.102.62 or later.See Also
http://www.zerodayinitiative.com/advisories/ZDI-12-080/
http://seclists.org/fulldisclosure/2012/Jun/67
http://www.adobe.com/support/security/bulletins/apsb12-03.html
Plugin Details
Severity: Critical
ID: 58002
File Name: macosx_flash_player_11_1_102_62.nasl
Version: 1.16
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 2/17/2012
Updated: 6/8/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2012-0756
Vulnerability Information
CPE: cpe:/a:adobe:flash_player
Required KB Items: MacOSX/Flash_Player/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/15/2012
Vulnerability Publication Date: 2/15/2012
CISA Known Exploited Vulnerability Due Dates: 6/22/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Adobe Flash Player MP4 "cprt" Overflow)
Reference Information
CVE: CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767
BID: 52032, 52033, 52034, 52035, 52036, 52040
ZDI: ZDI-12-080