Google Chrome < 32.0.1700.107 RCE

high Nessus Network Monitor Plugin ID 8107

Synopsis

The remote host contains a web browser that is affected by a remote code execution vulnerability via its built-in Flash plugin.

Description

The remote host has Google Chrome browser installed. The previous version of Google Chrome (that is, prior to 32.0.1700.107) contain a plugin for Flash Player 12.0.0.41, which is vulnerable to remote code execution. Chrome 32.0.1700.107 has been released with an updated version of Flash, which patches this vulnerability.

Solution

Upgrade to Google Chrome 32.0.1700.107 or later.

See Also

http://helpx.adobe.com/security/products/flash-player/apsb14-04.html,http://www.cnnvd.org.cn/vulnerability/show/cv_id/2014020035,http://www.securelist.com/en/blog/8177/CVE_2014_0497_a_0_day_vulnerability,https://www.corelan.be/index.php/2014/02/05/corelan-team-reply-to-false-allegation-made-by-kaspersky

Plugin Details

Severity: High

ID: 8107

Family: Web Clients

Published: 2/11/2014

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:google:chrome

Patch Publication Date: 2/3/2014

Vulnerability Publication Date: 2/3/2014

Exploitable With

Metasploit (windows/browser/adobe_flash_avm2.rb)

Reference Information

CVE: CVE-2014-0497

BID: 65327