Detections
Analytics
Flash Player < 13.0.0.250 / 15.0.0.167 Multiple Vulnerabilities (APSB14-22)
high Nessus Network Monitor Plugin ID 8808
Synopsis
The remote host is running an outdated version of Adobe Flash Player for Internet Explorer that is affected by multiple vulnerabilities.Description
Versions of Adobe Flash player prior to 11.7.700.275 / 13.0.0.182 are outdated and thus unpatched for the following vulnerabilities :- Multiple memory corruption issues due to improperly sanitized user-supplied input allow arbitrary code execution. (CVE-2014-0564, CVE-2014-0558)
- An integer overflow issue due to improperly sanitized user-supplied input that allows arbitrary code execution. (CVE-2014-0569)
- An arbitrary code execution vulnerability due to the handling of a dereferenced memory pointer. (CVE-2014-8439)
Solution
Upgrade to Adobe Flash Player version 15.0.0.167 or later. If 15.x cannot be obtained, 13.0.0.250 has also been patched for these vulnerabilities.See Also
http://www.nessus.org/u?0cb17c10
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
Plugin Details
Severity: High
ID: 8808
Family: Web Clients
Published: 7/10/2015
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Critical
Score: 9.5
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:flash_player
Patch Publication Date: 10/14/2014
Vulnerability Publication Date: 10/14/2014
Exploitable With
Core Impact
Metasploit (Adobe Flash Player casi32 Integer Overflow)
Reference Information
CVE: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569, CVE-2014-8439