Flash Player < 11.3.300.271 Code Execution (APSB12-18)

high Nessus Network Monitor Plugin ID 6544

Synopsis

The remote host contains a browser plugin that is affected by code execution vulnerability

Description

Versions of Flash Player earlier than 11.3.300.270 is affected by an unspecified remoted code execution vulnerability :

- Note that this vulnerability is reportedly being actively exploited in the wild. Also note the vendor states 10.x versions are not affected by this vulnerability and the branch was not updated.

Solution

Upgrade to Flash Player 11.3.300.271 or later.

See Also

http://www.adobe.com/support/security/bulletins/apsb12-18.html

http://forums.adobe.com/thread/1049526

Plugin Details

Severity: High

ID: 6544

Family: Web Clients

Published: 8/17/2011

Updated: 3/6/2019

Nessus ID: 61550, 61551

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Patch Publication Date: 8/14/2012

Vulnerability Publication Date: 8/14/2012

Exploitable With

CANVAS (CANVAS)

Metasploit (windows/browser/adobe_flash_otf_font.rb)

Reference Information

CVE: CVE-2012-1535

BID: 55009