According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.275 / 11.8.x / 11.9.x / 12.x / 13.0.0.182. It is, therefore, potentially affected by a buffer overflow vulnerability due to improper user input validation in the Pixel Bender component. An attacker could cause a buffer overflow with a specially crafted SWF file, resulting in arbitrary code execution.

An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed in the References section.

A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0515)

All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.356.

This flash-player update to version 11.2.202.356 fixes the following critical security issue :

  - buffer overflow vulnerability that leads to arbitrary     code execution (CVE-2014-0515) Adobe Security Bulletin     (APSB14-13)     http://helpx.adobe.com/security/products/flash-player/ap     sb14-13.html. (bnc#875577)

This flash-player update fixes a critical buffer overflow vulnerability that leads to arbitrary code execution.

The flash-player package was updated to version 11.2.202.356.

  - bnc#875577, APSB14-13, CVE-2014-0515

The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.131. It is, therefore, affected by the following vulnerabilities :

  - A buffer overflow error exists related to the included     version of Flash Player. (CVE-2014-0515)

  - Type confusion errors exist related to the V8     JavaScript engine and DOM handling. (CVE-2014-1730,     CVE-2014-1731)

  - A use-after-free error exists related to speech     recognition processing. (CVE-2014-1732)

  - An error exists related to compiling in 'Seccomp-BPF'.
    (CVE-2014-1733)

  - Various, unspecified errors exist. (CVE-2014-1734)

  - Various, unspecified errors exist related to the V8     JavaScript engine. (CVE-2014-1735)

  - An integer overflow error exists related to the V8     JavaScript engine. (CVE-2014-1736)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is missing KB2961887. It is, therefore, affected by a buffer overflow vulnerability due to improper user input validation in the Pixel Bender component. An attacker could cause a buffer overflow with a specially crafted SWF file, resulting in arbitrary code execution.

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.131. It is, therefore, affected by the following vulnerabilities :

  - A buffer overflow error exists related to the included     version of Flash Player. (CVE-2014-0515)

  - Type confusion errors exist related to the V8     JavaScript engine and DOM handling. (CVE-2014-1730,     CVE-2014-1731)

  - A use-after-free error exists related to speech     recognition processing. (CVE-2014-1732)

  - An error exists related to compiling in 'Seccomp-BPF'.
    (CVE-2014-1733)

  - Various, unspecified errors exist. (CVE-2014-1734)

  - Various, unspecified errors exist related to the V8     JavaScript engine. (CVE-2014-1735)

  - An integer overflow error exists related to the V8     JavaScript engine. (CVE-2014-1736)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.275 / 11.8.x / 11.9.x / 12.x / 13.0.0.201. It is, therefore, potentially affected by a buffer overflow vulnerability due to improper user input validation in the Pixel Bender component. An attacker could cause a buffer overflow with a specially crafted SWF file, resulting in arbitrary code execution.

The remote host is affected by the vulnerability described in GLSA-201405-04 (Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted SWF       file using Adobe Flash Player, possibly resulting in execution of       arbitrary code with the privileges of the process or a Denial of Service       condition. Furthermore, a remote attacker may be able to bypass the Same       Origin Policy or read the clipboard via unspecified vectors.
  Workaround :

    There is no known workaround at this time.

Versions of Adobe Flash player prior to 11.7.700.279 / 13.0.0.206 are outdated and thus unpatched for an overflow condition in the pixel bender component. The issue is triggered as user-supplied input is not properly validated. With a specially crafted SWF file, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2014-0515)

ID	Name	Product	Family	Published	Updated	Severity
73740	Flash Player <= 11.7.700.275 / 13.0.0.182 Pixel Bender Component Buffer Overflow (APSB14-13)	Nessus	Windows	4/28/2014	4/11/2022	critical
73780	RHEL 5 / 6 : flash-plugin (RHSA-2014:0447)	Nessus	Red Hat Local Security Checks	4/30/2014	1/14/2021	critical
73850	SuSE 11.3 Security Update : flash-player (SAT Patch Number 9180)	Nessus	SuSE Local Security Checks	5/3/2014	1/19/2021	critical
75334	openSUSE Security Update : flash-player (openSUSE-SU-2014:0585-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/19/2021	critical
73710	Google Chrome < 34.0.1847.131 Multiple Vulnerabilities	Nessus	Windows	4/25/2014	4/11/2022	critical
73742	MS KB2961887: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer	Nessus	Windows	4/28/2014	11/26/2019	critical
73711	Google Chrome < 34.0.1847.131 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	4/25/2014	11/26/2019	critical
73741	Flash Player for Mac <= 11.7.700.275 / 13.0.0.201 Pixel Bender Component Buffer Overflow (APSB14-13)	Nessus	MacOS X Local Security Checks	4/28/2014	11/26/2019	critical
73860	GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	5/5/2014	9/17/2024	critical
8805	Flash Player < 11.7.700.279 / 13.0.0.206 Buffer Overflow (APSB14-13)	Nessus Network Monitor	Web Clients	7/10/2015	3/6/2019	high

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical

critical

critical

high