Search...

lib32-flashplugin: arbitrary code execution

2016-03-11T00:00:00

ID ASA-201603-11
Type archlinux
Reporter Arch Linux
Modified 2016-03-11T00:00:00

Description

CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 (arbitrary code execution)

Integer overflow vulnerabilities that could lead to code execution.

CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994 CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999 CVE-2016-1000 (arbitrary code execution)

Use-after-free vulnerabilities that could lead to code execution.

CVE-2016-1001 (arbitrary code execution)

Heap overflow vulnerability that could lead to code execution.

CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0986 CVE-2016-0989 CVE-2016-0992 CVE-2016-1002 CVE-2016-1005 (arbitrary code execution)

Memory corruption vulnerabilities that could lead to code execution.

JSON Vulners Source

Initial Source

{"kaspersky": [{"lastseen": "2019-03-21T00:14:45", "bulletinFamily": "info", "description": "### *Detect date*:\n03/10/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 21.0.0.182 \nAdobe Flash Player ESR versions earlier than 18.0.0.333 \nAdobe Flash Player for Linux versions earlier than 11.2.202.577 \nAdobe AIR versions earlier than 21.0.0.176\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get.adobe.com/flashplayer/>) \n[Get AIR](<https://get.adobe.com/air/>)\n\n### *Original advisories*:\n[Adobe Security Bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb16-08.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2016-0995](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0995>)10.0Critical \n[CVE-2016-0996](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0996>)9.3Critical \n[CVE-2016-0997](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0997>)10.0Critical \n[CVE-2016-0998](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0998>)10.0Critical \n[CVE-2016-0991](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0991>)10.0Critical \n[CVE-2016-0992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0992>)10.0Critical \n[CVE-2016-0993](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0993>)10.0Critical \n[CVE-2016-0994](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0994>)9.3Critical \n[CVE-2016-0989](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0989>)10.0Critical \n[CVE-2016-0990](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0990>)10.0Critical \n[CVE-2016-0988](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0988>)10.0Critical \n[CVE-2016-0987](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0987>)10.0Critical \n[CVE-2016-0986](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0986>)10.0Critical \n[CVE-2016-0963](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0963>)10.0Critical \n[CVE-2016-0962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0962>)10.0Critical \n[CVE-2016-0961](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0961>)10.0Critical \n[CVE-2016-0960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0960>)10.0Critical \n[CVE-2016-1002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1002>)10.0Critical \n[CVE-2016-1001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1001>)10.0Critical \n[CVE-2016-1010](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1010>)10.0Critical \n[CVE-2016-1005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1005>)9.3Critical \n[CVE-2016-1000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000>)10.0Critical \n[CVE-2016-0999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0999>)10.0Critical", "modified": "2019-03-07T00:00:00", "published": "2016-03-10T00:00:00", "id": "KLA10772", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10772", "title": "\r KLA10772Multiple vulnerabilities in Adobe Flash Player & AIR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-21T00:15:11", "bulletinFamily": "info", "description": "### *Detect date*:\n03/10/2016\n\n### *Severity*:\nHigh\n\n### *Description*:\nMicrosoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10757.\n\n### *Affected products*:\nWindows 8 for 32-bit Systems \nWindows 8 for 64-bit Systems \nWindows Server 2012 \nWindows RT \nWindows 8.1 for 32-bit Systems \nWindows 8.1 for 64-bit Systems \nWindows Server 2012 R2 \nWindows RT 8.1 \nWindows 10 for 32-bit Systems \nWindows 10 for 64-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2016-0995](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0995>) \n[CVE-2016-0996](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0996>) \n[CVE-2016-0991](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0991>) \n[CVE-2016-0993](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0993>) \n[CVE-2016-0994](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0994>) \n[CVE-2016-0989](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0989>) \n[CVE-2016-0990](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0990>) \n[CVE-2016-0988](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0988>) \n[CVE-2016-0987](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0987>) \n[CVE-2016-0986](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0986>) \n[CVE-2016-0963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0963>) \n[CVE-2016-0962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0962>) \n[CVE-2016-0961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0961>) \n[CVE-2016-0960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0960>) \n[CVE-2016-1001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-1001>) \n[CVE-2016-1010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-1010>) \n[CVE-2016-1005](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-1005>) \n[CVE-2015-8658](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-8658>) \n[CVE-2015-8655](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-8655>) \n[CVE-2015-8652](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-8652>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2016-0995](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0995>)10.0High \n[CVE-2016-0996](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0996>)9.3High \n[CVE-2016-0991](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0991>)10.0High \n[CVE-2016-0993](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0993>)10.0High \n[CVE-2016-0994](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0994>)9.3High \n[CVE-2016-0989](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0989>)10.0High \n[CVE-2016-0990](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0990>)10.0High \n[CVE-2016-0988](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0988>)10.0High \n[CVE-2016-0987](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0987>)10.0High \n[CVE-2016-0986](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0986>)10.0High \n[CVE-2016-0963](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0963>)10.0High \n[CVE-2016-0962](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0962>)10.0High \n[CVE-2016-0961](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0961>)10.0High \n[CVE-2016-0960](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0960>)10.0High \n[CVE-2016-1001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1001>)10.0High \n[CVE-2016-1010](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1010>)10.0High \n[CVE-2016-1005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1005>)9.3High \n[CVE-2015-8658](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8658>)9.3High \n[CVE-2015-8655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8655>)9.3High \n[CVE-2015-8652](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8652>)9.3High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3144756](<http://support.microsoft.com/kb/3144756>)", "modified": "2019-03-07T00:00:00", "published": "2016-03-10T00:00:00", "id": "KLA10774", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10774", "title": "\r KLA10774Obsolete Adobe Flash Player for Windows ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-10-24T21:19:18", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810663", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810663", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-08) - Windows", "type": "openvas", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-08) - Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810663\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_bugtraq_id(94975, 96496, 95212, 84308, 84311, 84312, 96850);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 15:49:21 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-08) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple integer overflow vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - A heap overflow vulnerability.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow remote attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 21.0.0.182 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 21.0.0.182 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"21.0.0.182\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"21.0.0.182\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:24:49", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Air\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-03-11T00:00:00", "id": "OPENVAS:1361412562310807604", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807604", "title": "Adobe Air Security Updates-APSB16-08 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Air Security Updates-APSB16-08 (Windows)\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:adobe_air\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807604\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 13:36:16 +0530 (Fri, 11 Mar 2016)\");\n script_name(\"Adobe Air Security Updates-APSB16-08 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Air\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerabilities.\n\n - A use-after-free vulnerabilities.\n\n - A heap overflow vulnerability.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Air version before\n 21.0.0.176 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Air version\n 21.0.0.176 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"21.0.0.176\"))\n{\n report = report_fixed_ver(installed_version:airVer, fixed_version:\"21.0.0.176\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:29", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS16-036", "modified": "2019-05-03T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810662", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810662", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3144756)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3144756)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_internet_explorer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810662\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_bugtraq_id(94975, 96496, 95212, 84308, 84311, 84312, 96850);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 15:43:42 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3144756)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS16-036\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple integer overflow vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - A heap overflow vulnerability.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 8.1 x32/x64\n\n Microsoft Windows Server 2012/2012R2\n\n Microsoft Windows 10 x32/x64\n\n Microsoft Windows 10 Version 1511 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/ms16-036\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/ms16-036\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1) <= 0){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE))\n{\n CPE = \"cpe:/a:adobe:flash_player_edge\";\n if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)){\n exit(0);\n }\n}\n\nflashVer = infos['version'];\nif(!flashVer){\n exit(0);\n}\n\nflashPath = infos['location'];\nif(flashPath){\n flashPath = flashPath + \"\\Flashplayerapp.exe\";\n} else {\n flashPath = \"Could not find the install location\";\n}\n\nif(version_is_less(version:flashVer, test_version:\"21.0.0.182\"))\n{\n report = 'File checked: ' + flashPath + '\\n' +\n 'File version: ' + flashVer + '\\n' +\n 'Vulnerable range: ' + \"Less than 21.0.0.182\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:25:51", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-03-11T00:00:00", "id": "OPENVAS:1361412562310807611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807611", "title": "Adobe Flash Player Security Updates-APSB16-08 (Linux)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates-APSB16-08 (Linux)\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807611\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 13:45:48 +0530 (Fri, 11 Mar 2016)\");\n script_name(\"Adobe Flash Player Security Updates-APSB16-08 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerabilities.\n\n - A use-after-free vulnerabilities.\n\n - A heap overflow vulnerability.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 11.2.202.577 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.577 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.577\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.577\");\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:17:42", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810665", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810665", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-08) - Linux", "type": "openvas", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-08) - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810665\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_bugtraq_id(94975, 96496, 95212, 84308, 84311, 84312, 96850);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 15:52:10 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-08) - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple integer overflow vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - A heap overflow vulnerability.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow remote attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 21.0.0.182 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 21.0.0.182 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"21.0.0.182\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"21.0.0.182\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2016-0109", "modified": "2019-03-14T00:00:00", "published": "2016-03-14T00:00:00", "id": "OPENVAS:1361412562310131264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131264", "title": "Mageia Linux Local Check: mgasa-2016-0109", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0109.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131264\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-03-14 15:57:14 +0200 (Mon, 14 Mar 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0109\");\n script_tag(name:\"insight\", value:\"Adobe Flash Player 11.2.202.577 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves integer overflow vulnerabilities that could lead to code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1000). This update resolves a heap overflow vulnerability that could lead to code execution (CVE-2016-1001). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1005). Adobe reports that an exploit for CVE-2016-1010 is being used in limited, targeted attacks.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0109.html\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\", \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\", \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0993\", \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-1000\", \"CVE-2016-1001\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0109\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"flash-player-plugin\", rpm:\"flash-player-plugin~11.2.202.577~1.mga5.nonfree\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-03-12T00:00:00", "id": "OPENVAS:1361412562310851231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851231", "title": "SuSE Update for flash-player SUSE-SU-2016:0715-1 (flash-player)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_0715_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for flash-player SUSE-SU-2016:0715-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851231\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-12 06:14:42 +0100 (Sat, 12 Mar 2016)\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for flash-player SUSE-SU-2016:0715-1 (flash-player)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Adobe flash-player was updated to 11.2.202.577 to fix the following list\n of security issues (bsc#970547):\n\n These updates resolve integer overflow vulnerabilities that could lead to\n code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\n These updates resolve use-after-free vulnerabilities that could lead to\n code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\n CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997,\n CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\n These updates resolve a heap overflow vulnerability that could lead to\n code execution (CVE-2016-1001).\n\n These updates resolve memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\n CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005).\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 12\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:0715_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.577~123.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.577~123.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:24:17", "bulletinFamily": "scanner", "description": "The host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-03-11T00:00:00", "id": "OPENVAS:1361412562310807606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807606", "title": "Adobe Flash Player Security Updates-APSB16-08 (Windows)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates-APSB16-08 (Windows)\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807606\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 13:50:43 +0530 (Fri, 11 Mar 2016)\");\n script_name(\"Adobe Flash Player Security Updates-APSB16-08 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerabilities.\n\n - Ause-after-free vulnerabilities.\n\n - A heap overflow vulnerability.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 18.0.0.333 and 19.x and 20.x before 21.0.0.182 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 18.0.0.333, or 21.0.0.182, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"19.0\", test_version2:\"21.0.0.181\"))\n{\n fix = \"21.0.0.182\";\n VULN = TRUE;\n}\n\nelse if(version_is_less(version:playerVer, test_version:\"18.0.0.333\"))\n{\n fix = \"18.0.0.333\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:24:46", "bulletinFamily": "scanner", "description": "The host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-03-11T00:00:00", "id": "OPENVAS:1361412562310807607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807607", "title": "Adobe Flash Player Security Updates-APSB16-08 (MAC OS X)", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates-APSB16-08 (MAC OS X)\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807607\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 13:53:32 +0530 (Fri, 11 Mar 2016)\");\n script_name(\"Adobe Flash Player Security Updates-APSB16-08 (MAC OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerabilities.\n\n - A use-after-free vulnerabilities.\n\n - A heap overflow vulnerability.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 18.0.0.333 and 19.x and 20.x before 21.0.0.182 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 18.0.0.333, or 21.0.0.182, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"19.0\", test_version2:\"21.0.0.181\"))\n{\n fix = \"21.0.0.182\";\n VULN = TRUE;\n}\n\nelse if(version_is_less(version:playerVer, test_version:\"18.0.0.333\"))\n{\n fix = \"18.0.0.333\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:25:52", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Air\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-03-11T00:00:00", "id": "OPENVAS:1361412562310807605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807605", "title": "Adobe Air Security Updates-APSB16-08 (MAC OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Air Security Updates-APSB16-08 (MAC OS X)\n#\n# Authors:\n# kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:adobe_air\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807605\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\",\n \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\",\n \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\",\n \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\",\n \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\",\n \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 13:41:11 +0530 (Fri, 11 Mar 2016)\");\n script_name(\"Adobe Air Security Updates-APSB16-08 (MAC OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Air\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to\n\n - An integer overflow vulnerabilities.\n\n - A use-after-free vulnerabilities.\n\n - A heap overflow vulnerability.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Air version before\n 21.0.0.176 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Air version\n 21.0.0.176 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"21.0.0.176\"))\n{\n report = report_fixed_ver(installed_version:airVer, fixed_version:\"21.0.0.176\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-03T12:18:23", "bulletinFamily": "scanner", "description": "Adobe flash-player was updated to 11.2.202.577 to fix the following\nlist of security issues (bsc#970547) :\n\nThese updates resolve integer overflow vulnerabilities that could lead\nto code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\nCVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\nCVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\nThese updates resolve a heap overflow vulnerability that could lead to\ncode execution (CVE-2016-1001).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\nCVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\nCVE-2016-1005).\n\nAdobe advisory with more information:\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-0715-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89920", "published": "2016-03-14T00:00:00", "title": "SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:0715-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0715-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89920);\n script_version(\"2.20\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\", \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\", \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\", \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\", \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\", \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n\n script_name(english:\"SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:0715-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe flash-player was updated to 11.2.202.577 to fix the following\nlist of security issues (bsc#970547) :\n\nThese updates resolve integer overflow vulnerabilities that could lead\nto code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\nCVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\nCVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\nThese updates resolve a heap overflow vulnerability that could lead to\ncode execution (CVE-2016-1001).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\nCVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\nCVE-2016-1005).\n\nAdobe advisory with more information:\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0960/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0987/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0988/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0989/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0990/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0991/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0992/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0993/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0994/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0995/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0996/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0997/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0998/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0999/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1001/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1005/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1010/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160715-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2436a2b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP1-2016-412=1\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-412=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-412=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-412=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"flash-player-11.2.202.577-123.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.577-123.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"flash-player-11.2.202.577-123.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.577-123.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:01:03", "bulletinFamily": "scanner", "description": "This update to Adobe Flash Player 11.2.202.577 fixes a number of\nvulnerabilities that could have allowed remote attackers to execute\narbitrary code through crafted content. (boo#970547)\n\n - APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\n CVE-2016-0963, CVE-2016-0986, CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0989, CVE-2016-0990,\n CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000, CVE-2016-1001, CVE-2016-1002,\n CVE-2016-1005, CVE-2016-1010", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-325.NASL", "href": "https://www.tenable.com/plugins/nessus/89908", "published": "2016-03-14T00:00:00", "title": "openSUSE Security Update : Adobe Flash Player (openSUSE-2016-325)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-325.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89908);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/04/11 17:23:07\");\n\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\", \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\", \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\", \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\", \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\", \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n\n script_name(english:\"openSUSE Security Update : Adobe Flash Player (openSUSE-2016-325)\");\n script_summary(english:\"Check for the openSUSE-2016-325 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Adobe Flash Player 11.2.202.577 fixes a number of\nvulnerabilities that could have allowed remote attackers to execute\narbitrary code through crafted content. (boo#970547)\n\n - APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\n CVE-2016-0963, CVE-2016-0986, CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0989, CVE-2016-0990,\n CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000, CVE-2016-1001, CVE-2016-1002,\n CVE-2016-1005, CVE-2016-1010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970547\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Adobe Flash Player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.577-2.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.577-2.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.577-2.91.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:01:03", "bulletinFamily": "scanner", "description": "This update to Adobe Flash Player 11.2.202.577 fixes a number of\nvulnerabilities that could have allowed remote attackers to execute\narbitrary code through crafted content. (boo#970547)\n\n - APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\n CVE-2016-0963, CVE-2016-0986, CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0989, CVE-2016-0990,\n CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000, CVE-2016-1001, CVE-2016-1002,\n CVE-2016-1005, CVE-2016-1010", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-335.NASL", "href": "https://www.tenable.com/plugins/nessus/89916", "published": "2016-03-14T00:00:00", "title": "openSUSE Security Update : Adobe Flash Player (openSUSE-2016-335)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-335.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89916);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/04/11 17:23:07\");\n\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\", \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\", \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\", \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\", \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\", \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n\n script_name(english:\"openSUSE Security Update : Adobe Flash Player (openSUSE-2016-335)\");\n script_summary(english:\"Check for the openSUSE-2016-335 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to Adobe Flash Player 11.2.202.577 fixes a number of\nvulnerabilities that could have allowed remote attackers to execute\narbitrary code through crafted content. (boo#970547)\n\n - APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\n CVE-2016-0963, CVE-2016-0986, CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0989, CVE-2016-0990,\n CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000, CVE-2016-1001, CVE-2016-1002,\n CVE-2016-1005, CVE-2016-1010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970547\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Adobe Flash Player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.577-156.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.577-156.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.577-156.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:40:09", "bulletinFamily": "scanner", "description": "Adobe reports :\n\nThese updates resolve integer overflow vulnerabilities that could lead\nto code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\nCVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\nCVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\nThese updates resolve a heap overflow vulnerability that could lead to\ncode execution (CVE-2016-1001).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\nCVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\nCVE-2016-1005).", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_F7B3D1EBF73811E5A7100011D823EEBD.NASL", "href": "https://www.tenable.com/plugins/nessus/90292", "published": "2016-04-01T00:00:00", "title": "FreeBSD : flash -- multiple vulnerabilities (f7b3d1eb-f738-11e5-a710-0011d823eebd)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90292);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\", \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\", \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\", \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\", \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\", \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n\n script_name(english:\"FreeBSD : flash -- multiple vulnerabilities (f7b3d1eb-f738-11e5-a710-0011d823eebd)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nThese updates resolve integer overflow vulnerabilities that could lead\nto code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\nCVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\nCVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\nThese updates resolve a heap overflow vulnerability that could lead to\ncode execution (CVE-2016-1001).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\nCVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\nCVE-2016-1005).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f7b3d1eb-f738-11e5-a710-0011d823eebd.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?194813fe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.577\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.577\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.577\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T02:36:43", "bulletinFamily": "scanner", "description": "The version of Adobe Flash Player installed on the remote Windows host\nis prior or equal to version 20.0.0.306. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0963,\n CVE-2016-0993, CVE-2016-1010)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000)\n\n - A heap overflow condition exists that allows an attacker\n to execute arbitrary code. (CVE-2016-1001)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0960,\n CVE-2016-0961, CVE-2016-0962, CVE-2016-0986,\n CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\n CVE-2016-1005)", "modified": "2019-11-02T00:00:00", "id": "FLASH_PLAYER_APSB16-08.NASL", "href": "https://www.tenable.com/plugins/nessus/89834", "published": "2016-03-11T00:00:00", "title": "Adobe Flash Player <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89834);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0960\",\n \"CVE-2016-0961\",\n \"CVE-2016-0962\",\n \"CVE-2016-0963\",\n \"CVE-2016-0986\",\n \"CVE-2016-0987\",\n \"CVE-2016-0988\",\n \"CVE-2016-0989\",\n \"CVE-2016-0990\",\n \"CVE-2016-0991\",\n \"CVE-2016-0992\",\n \"CVE-2016-0993\",\n \"CVE-2016-0994\",\n \"CVE-2016-0995\",\n \"CVE-2016-0996\",\n \"CVE-2016-0997\",\n \"CVE-2016-0998\",\n \"CVE-2016-0999\",\n \"CVE-2016-1000\",\n \"CVE-2016-1001\",\n \"CVE-2016-1002\",\n \"CVE-2016-1005\",\n \"CVE-2016-1010\"\n );\n script_bugtraq_id(\n 84308,\n 84310,\n 84311,\n 84312\n );\n\n script_name(english:\"Adobe Flash Player <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host\nis prior or equal to version 20.0.0.306. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0963,\n CVE-2016-0993, CVE-2016-1010)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000)\n\n - A heap overflow condition exists that allows an attacker\n to execute arbitrary code. (CVE-2016-1001)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0960,\n CVE-2016-0961, CVE-2016-0962, CVE-2016-0986,\n CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\n CVE-2016-1005)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 21.0.0.182 or later.\n\nAlternatively, Adobe has made version 18.0.0.333 available for those\ninstallations that cannot be upgraded to the latest version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if(isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if(isnull(ver))\n continue;\n\n vuln = FALSE;\n\n # Chrome Flash <= 20.0.0.306\n if(variant == \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"20.0.0.306\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # <= 18.0.0.329\n if(variant != \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"18.0.0.329\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # 19 <= 20.0.0.306\n else if(variant != \"Chrome_Pepper\" && ver =~ \"^(?:19|[2-9]\\d)\\.\")\n {\n if (variant == \"ActiveX\" && ver_compare(ver:ver,fix:\"20.0.0.306\",strict:FALSE) <= 0)\n vuln = TRUE;\n else if (ver_compare(ver:ver,fix:\"20.0.0.306\",strict:FALSE) <= 0)\n vuln = TRUE;\n }\n\n if(vuln)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"21.0.0.182 / 18.0.0.333\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"21.0.0.182 / 18.0.0.333\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if(variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 21.0.0.182\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 21.0.0.182 (Chrome PepperFlash)';\n else if(!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T02:51:36", "bulletinFamily": "scanner", "description": "The version of Adobe Flash Player installed on the remote Mac OS X\nhost is prior or equal to version 20.0.0.306. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0963,\n CVE-2016-0993, CVE-2016-1010)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000)\n\n - A heap overflow condition exists that allows an attacker\n to execute arbitrary code. (CVE-2016-1001)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0960,\n CVE-2016-0961, CVE-2016-0962, CVE-2016-0986,\n CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\n CVE-2016-1005)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_FLASH_PLAYER_APSB16-08.NASL", "href": "https://www.tenable.com/plugins/nessus/89870", "published": "2016-03-11T00:00:00", "title": "Adobe Flash Player for Mac <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89870);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0960\",\n \"CVE-2016-0961\",\n \"CVE-2016-0962\",\n \"CVE-2016-0963\",\n \"CVE-2016-0986\",\n \"CVE-2016-0987\",\n \"CVE-2016-0988\",\n \"CVE-2016-0989\",\n \"CVE-2016-0990\",\n \"CVE-2016-0991\",\n \"CVE-2016-0992\",\n \"CVE-2016-0993\",\n \"CVE-2016-0994\",\n \"CVE-2016-0995\",\n \"CVE-2016-0996\",\n \"CVE-2016-0997\",\n \"CVE-2016-0998\",\n \"CVE-2016-0999\",\n \"CVE-2016-1000\",\n \"CVE-2016-1001\",\n \"CVE-2016-1002\",\n \"CVE-2016-1005\",\n \"CVE-2016-1010\"\n );\n script_bugtraq_id(\n 84308,\n 84310,\n 84311,\n 84312\n );\n\n script_name(english:\"Adobe Flash Player for Mac <= 20.0.0.306 Multiple Vulnerabilities (APSB16-08)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Mac OS X\nhost is prior or equal to version 20.0.0.306. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0963,\n CVE-2016-0993, CVE-2016-1010)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000)\n\n - A heap overflow condition exists that allows an attacker\n to execute arbitrary code. (CVE-2016-1001)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0960,\n CVE-2016-0961, CVE-2016-0962, CVE-2016-0986,\n CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\n CVE-2016-1005)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 21.0.0.182 or later.\n\nAlternatively, Adobe has made version 18.0.0.333 available for those\ninstallations that cannot be upgraded to the latest version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (version =~ \"^(19|20)\\.\")\n{\n cutoff_version = \"20.0.0.306\";\n fix = \"21.0.0.182\";\n}\nelse\n{\n cutoff_version = \"18.0.0.329\";\n fix = \"18.0.0.333\";\n}\n# we're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-20T11:41:06", "bulletinFamily": "scanner", "description": "The remote Windows host is missing KB3144756. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0963,\n CVE-2016-0993, CVE-2016-1010)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000)\n\n - A heap overflow condition exists that allows an attacker\n to execute arbitrary code. (CVE-2016-1001)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0960,\n CVE-2016-0961, CVE-2016-0962, CVE-2016-0986,\n CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\n CVE-2016-1005)", "modified": "2019-11-02T00:00:00", "id": "SMB_NT_MS16-036.NASL", "href": "https://www.tenable.com/plugins/nessus/89835", "published": "2016-03-11T00:00:00", "title": "MS16-036: Security Update for Adobe Flash Player (3144756)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89835);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-0960\",\n \"CVE-2016-0961\",\n \"CVE-2016-0962\",\n \"CVE-2016-0963\",\n \"CVE-2016-0986\",\n \"CVE-2016-0987\",\n \"CVE-2016-0988\",\n \"CVE-2016-0989\",\n \"CVE-2016-0990\",\n \"CVE-2016-0991\",\n \"CVE-2016-0992\",\n \"CVE-2016-0993\",\n \"CVE-2016-0994\",\n \"CVE-2016-0995\",\n \"CVE-2016-0996\",\n \"CVE-2016-0997\",\n \"CVE-2016-0998\",\n \"CVE-2016-0999\",\n \"CVE-2016-1000\",\n \"CVE-2016-1001\",\n \"CVE-2016-1002\",\n \"CVE-2016-1005\",\n \"CVE-2016-1010\"\n );\n script_bugtraq_id(\n 84308,\n 84310,\n 84311,\n 84312\n );\n script_xref(name:\"MSFT\", value:\"MS16-036\");\n script_xref(name:\"MSKB\", value:\"3144756\");\n\n script_name(english:\"MS16-036: Security Update for Adobe Flash Player (3144756)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3144756. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0963,\n CVE-2016-0993, CVE-2016-1010)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000)\n\n - A heap overflow condition exists that allows an attacker\n to execute arbitrary code. (CVE-2016-1001)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0960,\n CVE-2016-0961, CVE-2016-0962, CVE-2016-0986,\n CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\n CVE-2016-1005)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS16-036\";\nkbs = make_list(\"3144756\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all < 18.0.0.329 or 19 < 20.0.0.306\nfix = FALSE;\nif(iver =~ \"^(19|20)\\.\" && ver_compare(ver:iver, fix:\"20.0.0.306\", strict:FALSE) <= 0)\n fix = \"21.0.0.182\";\nelse if(ver_compare(ver:iver, fix:\"18.0.0.329\", strict:FALSE) <= 0)\n fix = \"18.0.0.333\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS16-036', kb:'3144756', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:21:06", "bulletinFamily": "scanner", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin\nAPSB16-08 listed in the References section, could allow an attacker to\ncreate a specially crafted SWF file that would cause flash-plugin to\ncrash, execute arbitrary code, or disclose sensitive information when\nthe victim loaded a page containing the malicious SWF content.\n(CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963,\nCVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989,\nCVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997,\nCVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001,\nCVE-2016-1002, CVE-2016-1005, CVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.577.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2016-0438.NASL", "href": "https://www.tenable.com/plugins/nessus/89917", "published": "2016-03-14T00:00:00", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2016:0438)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0438. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89917);\n script_version(\"2.21\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\", \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\", \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\", \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\", \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\", \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_xref(name:\"RHSA\", value:\"2016:0438\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2016:0438)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin\nAPSB16-08 listed in the References section, could allow an attacker to\ncreate a specially crafted SWF file that would cause flash-plugin to\ncrash, execute arbitrary code, or disclose sensitive information when\nthe victim loaded a page containing the malicious SWF content.\n(CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963,\nCVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989,\nCVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997,\nCVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001,\nCVE-2016-1002, CVE-2016-1005, CVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.577.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1005\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0962\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0438\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.577-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.577-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:18:23", "bulletinFamily": "scanner", "description": "Adobe flash-player was updated to 11.2.202.577 to fix the following\nlist of security issues (bsc#970547) :\n\nThese updates resolve integer overflow vulnerabilities that could lead\nto code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\nCVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\nCVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\nThese updates resolve a heap overflow vulnerability that could lead to\ncode execution (CVE-2016-1001).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\nCVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\nCVE-2016-1005).\n\nAdobe advisory with more information:\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-0716-1.NASL", "href": "https://www.tenable.com/plugins/nessus/89921", "published": "2016-03-14T00:00:00", "title": "SUSE SLED11 Security Update : flash-player (SUSE-SU-2016:0716-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0716-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89921);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\", \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\", \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\", \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\", \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\", \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n\n script_name(english:\"SUSE SLED11 Security Update : flash-player (SUSE-SU-2016:0716-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe flash-player was updated to 11.2.202.577 to fix the following\nlist of security issues (bsc#970547) :\n\nThese updates resolve integer overflow vulnerabilities that could lead\nto code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\nCVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\nCVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\nThese updates resolve a heap overflow vulnerability that could lead to\ncode execution (CVE-2016-1001).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\nCVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\nCVE-2016-1005).\n\nAdobe advisory with more information:\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0960/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0961/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0987/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0988/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0989/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0990/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0991/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0992/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0993/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0994/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0995/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0996/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0997/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0998/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0999/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1001/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1005/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1010/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160716-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c3355d3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-flash-player-12443=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"i386|i486|i586|i686|x86_64\") audit(AUDIT_ARCH_NOT, \"i386 / i486 / i586 / i686 / x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"flash-player-11.2.202.577-0.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.577-0.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.577-0.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"flash-player-11.2.202.577-0.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.577-0.38.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.577-0.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T02:50:30", "bulletinFamily": "scanner", "description": "The version of Adobe AIR installed on the remote Mac OS X host is\nprior or equal to version 20.0.0.260. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0963,\n CVE-2016-0993, CVE-2016-1010)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000)\n\n - A heap overflow condition exists that allows an attacker\n to execute arbitrary code. (CVE-2016-1001)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0960,\n CVE-2016-0961, CVE-2016-0962, CVE-2016-0986,\n CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\n CVE-2016-1005)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_ADOBE_AIR_APSB16-08.NASL", "href": "https://www.tenable.com/plugins/nessus/89869", "published": "2016-03-11T00:00:00", "title": "Adobe AIR for Mac <= 20.0.0.260 Multiple Vulnerabilities (APSB16-08)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(89869);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0960\",\n \"CVE-2016-0961\",\n \"CVE-2016-0962\",\n \"CVE-2016-0963\",\n \"CVE-2016-0986\",\n \"CVE-2016-0987\",\n \"CVE-2016-0988\",\n \"CVE-2016-0989\",\n \"CVE-2016-0990\",\n \"CVE-2016-0991\",\n \"CVE-2016-0992\",\n \"CVE-2016-0993\",\n \"CVE-2016-0994\",\n \"CVE-2016-0995\",\n \"CVE-2016-0996\",\n \"CVE-2016-0997\",\n \"CVE-2016-0998\",\n \"CVE-2016-0999\",\n \"CVE-2016-1000\",\n \"CVE-2016-1001\",\n \"CVE-2016-1002\",\n \"CVE-2016-1005\",\n \"CVE-2016-1010\"\n );\n script_bugtraq_id(\n 84308,\n 84310,\n 84311,\n 84312\n );\n\n script_name(english:\"Adobe AIR for Mac <= 20.0.0.260 Multiple Vulnerabilities (APSB16-08)\");\n script_summary(english:\"Checks the version of AIR.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe AIR installed on the remote Mac OS X host is\nprior or equal to version 20.0.0.260. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple integer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0963,\n CVE-2016-0993, CVE-2016-1010)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0987,\n CVE-2016-0988, CVE-2016-0990, CVE-2016-0991,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996,\n CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n CVE-2016-1000)\n\n - A heap overflow condition exists that allows an attacker\n to execute arbitrary code. (CVE-2016-1001)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-0960,\n CVE-2016-0961, CVE-2016-0962, CVE-2016-0986,\n CVE-2016-0989, CVE-2016-0992, CVE-2016-1002,\n CVE-2016-1005)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR version 21.0.0.176 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_air_installed.nasl\");\n script_require_keys(\"MacOSX/Adobe_AIR/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"MacOSX/Adobe_AIR\";\nversion = get_kb_item_or_exit(kb_base+\"/Version\");\npath = get_kb_item_or_exit(kb_base+\"/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\ncutoff_version = '20.0.0.260';\nfixed_version_for_report = '21.0.0.176';\n\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:16:16", "bulletinFamily": "unix", "description": "Adobe flash-player was updated to 11.2.202.577 to fix the following list\n of security issues (bsc#970547):\n\n These updates resolve integer overflow vulnerabilities that could lead to\n code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\n These updates resolve use-after-free vulnerabilities that could lead to\n code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\n CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997,\n CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\n These updates resolve a heap overflow vulnerability that could lead to\n code execution (CVE-2016-1001).\n\n These updates resolve memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\n CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005).\n\n Adobe advisory with more information:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\">https://helpx.adobe.com/security/products/flash-player/apsb16-08.html</a>\n\n", "modified": "2016-03-11T13:12:25", "published": "2016-03-11T13:12:25", "id": "SUSE-SU-2016:0715-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html", "type": "suse", "title": "Security update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:22", "bulletinFamily": "unix", "description": "This update to Adobe Flash Player 11.2.202.577 fixes a number of\n vulnerabilities that could have allowed remote attackers to execute\n arbitrary code through crafted content. (boo#970547)\n\n * APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963,\n CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989,\n CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997,\n CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001,\n CVE-2016-1002, CVE-2016-1005, CVE-2016-1010\n\n", "modified": "2016-03-11T14:14:01", "published": "2016-03-11T14:14:01", "id": "OPENSUSE-SU-2016:0719-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html", "type": "suse", "title": "Security update for Adobe Flash Player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:21", "bulletinFamily": "unix", "description": "Adobe flash-player was updated to 11.2.202.577 to fix the following list\n of security issues (bsc#970547):\n\n These updates resolve integer overflow vulnerabilities that could lead to\n code execution (CVE-2016-0963, CVE-2016-0993, CVE-2016-1010).\n\n These updates resolve use-after-free vulnerabilities that could lead to\n code execution (CVE-2016-0987, CVE-2016-0988, CVE-2016-0990,\n CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997,\n CVE-2016-0998, CVE-2016-0999, CVE-2016-1000).\n\n These updates resolve a heap overflow vulnerability that could lead to\n code execution (CVE-2016-1001).\n\n These updates resolve memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-0960, CVE-2016-0961, CVE-2016-0962,\n CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, CVE-2016-1005).\n\n Adobe advisory with more information:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb16-08.html\">https://helpx.adobe.com/security/products/flash-player/apsb16-08.html</a>\n\n", "modified": "2016-03-11T13:12:50", "published": "2016-03-11T13:12:50", "id": "SUSE-SU-2016:0716-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html", "type": "suse", "title": "Security update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:47", "bulletinFamily": "unix", "description": "This update to Adobe Flash Player 11.2.202.577 fixes a number of\n vulnerabilities that could have allowed remote attackers to execute\n arbitrary code through crafted content. (boo#970547)\n\n * APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963,\n CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989,\n CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\n CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997,\n CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001,\n CVE-2016-1002, CVE-2016-1005, CVE-2016-1010\n\n", "modified": "2016-03-12T13:12:22", "published": "2016-03-12T13:12:22", "id": "OPENSUSE-SU-2016:0734-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html", "title": "Security update for Adobe Flash Player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:01", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0960, CVE-2016-0961,\nCVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988,\nCVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993,\nCVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998,\nCVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005,\nCVE-2016-1010)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.577.\n", "modified": "2018-06-07T09:04:35", "published": "2016-03-11T05:00:00", "id": "RHSA-2016:0438", "href": "https://access.redhat.com/errata/RHSA-2016:0438", "type": "redhat", "title": "(RHSA-2016:0438) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:45", "bulletinFamily": "unix", "description": "\nAdobe reports:\n\nThese updates resolve integer overflow vulnerabilities that\n\t could lead to code execution (CVE-2016-0963, CVE-2016-0993,\n\t CVE-2016-1010).\nThese updates resolve use-after-free vulnerabilities that could\n\t lead to code execution (CVE-2016-0987, CVE-2016-0988,\n\t CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995,\n\t CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999,\n\t CVE-2016-1000).\nThese updates resolve a heap overflow vulnerability that could\n\t lead to code execution (CVE-2016-1001).\nThese updates resolve memory corruption vulnerabilities that\n\t could lead to code execution (CVE-2016-0960, CVE-2016-0961,\n\t CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992,\n\t CVE-2016-1002, CVE-2016-1005).\n\n", "modified": "2016-03-10T00:00:00", "published": "2016-03-10T00:00:00", "id": "F7B3D1EB-F738-11E5-A710-0011D823EEBD", "href": "https://vuxml.freebsd.org/freebsd/f7b3d1eb-f738-11e5-a710-0011d823eebd.html", "title": "flash -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:48", "bulletinFamily": "unix", "description": "- CVE-2016-0963 CVE-2016-0993 CVE-2016-1010 (arbitrary code execution)\n\nInteger overflow vulnerabilities that could lead to code execution. \n\n- CVE-2016-0987 CVE-2016-0988 CVE-2016-0990 CVE-2016-0991 CVE-2016-0994\n CVE-2016-0995 CVE-2016-0996 CVE-2016-0997 CVE-2016-0998 CVE-2016-0999\n CVE-2016-1000 (abitrary code execution)\n\nUse-after-free vulnerabilities that could lead to code execution. \n\n- CVE-2016-1001 (abitrary code execution)\n\nHeap overflow vulnerability that could lead to code execution.\n\n- CVE-2016-0960 CVE-2016-0961 CVE-2016-0962 CVE-2016-0986 CVE-2016-0989\n CVE-2016-0992 CVE-2016-1002 CVE-2016-1005 (arbitrary code execution)\n\nMemory corruption vulnerabilities that could lead to code execution.", "modified": "2016-03-11T00:00:00", "published": "2016-03-11T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html", "id": "ASA-201603-10", "title": "flashplugin: arbitrary code execution", "type": "archlinux", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.", "modified": "2017-01-04T02:59:00", "id": "CVE-2016-0962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0962", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0962", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005.", "modified": "2017-01-04T02:59:00", "id": "CVE-2016-0992", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0992", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0992", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010.", "modified": "2017-02-04T02:59:00", "id": "CVE-2016-0993", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0993", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0993", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "modified": "2017-09-08T01:29:00", "id": "CVE-2016-0998", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0998", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0998", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "modified": "2016-12-03T03:19:00", "id": "CVE-2016-0994", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0994", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0994", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.", "modified": "2017-01-04T02:59:00", "id": "CVE-2016-0986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0986", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0986", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "modified": "2016-12-03T03:19:00", "id": "CVE-2016-0995", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0995", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0995", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005.", "modified": "2017-01-04T02:59:00", "id": "CVE-2016-0961", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0961", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0961", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010.", "modified": "2017-02-04T02:59:00", "id": "CVE-2016-0963", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0963", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0963", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:15:32", "bulletinFamily": "NVD", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "modified": "2017-09-08T01:29:00", "id": "CVE-2016-0999", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0999", "published": "2016-03-12T15:59:00", "title": "CVE-2016-0999", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:10", "bulletinFamily": "unix", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"www-plugins/adobe-flash-11.2.202.577\"", "modified": "2016-03-12T00:00:00", "published": "2016-03-12T00:00:00", "id": "GLSA-201603-07", "href": "https://security.gentoo.org/glsa/201603-07", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T12:12:00", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2016-05-04T00:00:00", "published": "2016-05-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-91436", "id": "SSV:91436", "type": "seebug", "title": "Flash \u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e \uff08CVE-2016-1010\uff09", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-03-23T20:34:25", "bulletinFamily": "exploit", "description": "Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix. CVE-2016-0999. Dos exploit for windows platform", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "id": "EDB-ID:39611", "href": "https://www.exploit-db.com/exploits/39611/", "type": "exploitdb", "title": "Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=717\r\n\r\nThe ActionScript parameter conversion in the fix for an issue in the December Flash bulletin (https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely one of the UaFs reported by Yuki Chen) can sometimes access a parameter on the native stack that is uninitialized.\r\n\r\nIf:\r\n\r\nvar ab = {};\r\nAsBroadcaster.initialize(ab)\r\nab.broadcastMessage();\r\n\r\nis called in ActionScript, a parameter array is allocated using alloca(0), which leads to a 16-byte (the minimum size length for alloca in the implementation) that does not get initialized. The conversion function in the UaF check then assumes that at least one parameter has been allocated, and attempts to convert the stack parameter to a string, even though it is a previous value (a UTF string \"fffff ... \" in the PoC).\r\n\r\nA PoC is attached, it is a bit finicky but crashes in the most recent Chrome Flash update. To reproduce, load crasher2.swf?num=15, and then immediately loading crasher2.swf?num=4. The num parameter shifts the stack (for nums between 0 and 31), so changing it around should lead to crashes in different browsers.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39611.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/39611/"}, {"lastseen": "2016-03-23T20:34:29", "bulletinFamily": "exploit", "description": "Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix. CVE-2016-0998. Dos exploit for windows platform", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "id": "EDB-ID:39612", "href": "https://www.exploit-db.com/exploits/39612/", "type": "exploitdb", "title": "Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=716\r\n\r\nThe ActionScript parameter conversion in the fix for an issue in the December Flash bulletin (https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely one of the UaFs reported by Yuki Chen) can sometimes access a parameter on the native stack that is uninitialized.\r\n\r\nIf:\r\n\r\nvar o = {};\r\no.unwatch();\r\n\r\nis called in ActionScript, a parameter array is allocated using alloca(0), which leads to a 16-byte (the minimum size length for alloca in the implementation) that does not get initialized. The conversion function in the UaF check then assumes that at least one parameter has been allocated, and attempts to convert the stack parameter to a string, even though it is a previous value (a UTF string \"fffff ... \" in the PoC).\r\n\r\nA PoC is attached, it is a bit finicky but crashes in the most recent Chrome Flash update. To reproduce, load crasher2.swf?num=15, and then immediately loading crasher2.swf?num=4. The num parameter shifts the stack (for nums between 0 and 31), so changing it around should lead to crashes in different browsers.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39612.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/39612/"}, {"lastseen": "2016-03-23T20:34:11", "bulletinFamily": "exploit", "description": "Adobe Flash - Shape Rendering Crash. CVE-2016-1002. Dos exploit for windows platform", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "id": "EDB-ID:39608", "href": "https://www.exploit-db.com/exploits/39608/", "type": "exploitdb", "title": "Adobe Flash - Shape Rendering Crash", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=721\r\n\r\nThe attached fuzz case causes a crash in shape rendering.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39608.zip\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/39608/"}, {"lastseen": "2016-03-29T05:26:50", "bulletinFamily": "exploit", "description": "Adobe Flash - Object.unwatch Use-After-Free Exploit. CVE-2016-0998. Remote exploits for multiple platform", "modified": "2016-03-29T00:00:00", "published": "2016-03-29T00:00:00", "id": "EDB-ID:39631", "href": "https://www.exploit-db.com/exploits/39631/", "type": "exploitdb", "title": "Adobe Flash - Object.unwatch Use-After-Free Exploit", "sourceData": "Sources: \r\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=716\r\nhttps://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html\r\n\r\nThe bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. Roughly 80 of these types of issues have been fixed by Adobe in the past year, and two uninitialized variable issues were introduced in the fixes. \r\n\r\n This issue is fairly easy to reproduce, a proof-of-concept for this issue in its entirety is:\r\n\r\n var o = {};\r\n o.unwatch();\r\n\r\n The bug occurs because the use-after-free check in the unwatch method attempts to convert its first parameter to a string by calling toString on it before continuing with the part of the method where toString could cause problems by freeing an object. However, Flash does not check that this parameter exists before calling toString on it. In pseudo-code, the rough behaviour of this method is:\r\n\r\n void* args = alloca( args_size );\r\n for( int i = 0; i < args_size; i++){\r\n // Init args\r\n }\r\n\r\n if ( ((int) args[0]) & 6 == 6 )\r\n args[0] = call_toString( args[0] );\r\n\r\n if ( args_size < 1)\r\n exit();\r\n\r\n\r\nExploit:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39631.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/39631/"}, {"lastseen": "2016-03-23T20:34:16", "bulletinFamily": "exploit", "description": "Adobe Flash - Zlib Codec Heap Overflow. CVE-2016-1001. Dos exploit for windows platform", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "id": "EDB-ID:39609", "href": "https://www.exploit-db.com/exploits/39609/", "type": "exploitdb", "title": "Adobe Flash - Zlib Codec Heap Overflow", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=720\r\n\r\nThere is a heap overflow in the Zlib codecs used when playing flv files in flash. Sample flv files are attached. Load http://127.0.0.1/LoadMP42.swf?file=smalloverflow.flv to reproduce.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39609.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/39609/"}, {"lastseen": "2016-03-23T20:34:34", "bulletinFamily": "exploit", "description": "Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix. CVE-2016-0997. Dos exploit for windows platform", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "id": "EDB-ID:39613", "href": "https://www.exploit-db.com/exploits/39613/", "type": "exploitdb", "title": "Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=715\r\n\r\nThe ActionScript parameter conversion in the fix for issue 403 (https://code.google.com/p/google-security-research/issues/detail?id=403) can sometimes access a parameter on the native stack that is uninitialized.\r\n\r\nIf:\r\n\r\nmc.swapDepths();\r\n\r\nis called in ActionScript, a parameter array is allocated using alloca(0), which leads to a 16-byte (the minimum size length for alloca in the implementation) that does not get initialized. The conversion function in the UaF check then assumes that at least one parameter has been allocated, and attempts to convert the stack parameter to a string, even though it is a previous value (a UTF string \"fffff ... \" in the PoC).\r\n\r\nA PoC is attached, it is a bit finicky and depends a lot on the specific Flash version. It crashes currently in chrome-unstable, by loading crasher2.swf?num=15, and then immediately loading crasher2.swf?num=4. The num parameter shifts the stack (for nums between 0 and 31), so changing it around should lead to crashes in different browsers.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39613.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/39613/"}, {"lastseen": "2016-03-23T20:34:20", "bulletinFamily": "exploit", "description": "Adobe Flash - Sprite Creation Use-After-Free. CVE-2016-1000. Dos exploit for windows platform", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "id": "EDB-ID:39610", "href": "https://www.exploit-db.com/exploits/39610/", "type": "exploitdb", "title": "Adobe Flash - Sprite Creation Use-After-Free", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=718\r\n\r\nThere is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed.\r\n\r\nA sample swf is attached.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39610.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/39610/"}], "zdt": [{"lastseen": "2018-04-14T19:46:43", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "href": "https://0day.today/exploit/description/25889", "id": "1337DAY-ID-25889", "title": "Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix", "type": "zdt", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=717\r\n \r\nThe ActionScript parameter conversion in the fix for an issue in the December Flash bulletin (https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely one of the UaFs reported by Yuki Chen) can sometimes access a parameter on the native stack that is uninitialized.\r\n \r\nIf:\r\n \r\nvar ab = {};\r\nAsBroadcaster.initialize(ab)\r\nab.broadcastMessage();\r\n \r\nis called in ActionScript, a parameter array is allocated using alloca(0), which leads to a 16-byte (the minimum size length for alloca in the implementation) that does not get initialized. The conversion function in the UaF check then assumes that at least one parameter has been allocated, and attempts to convert the stack parameter to a string, even though it is a previous value (a UTF string \"fffff ... \" in the PoC).\r\n \r\nA PoC is attached, it is a bit finicky but crashes in the most recent Chrome Flash update. To reproduce, load crasher2.swf?num=15, and then immediately loading crasher2.swf?num=4. The num parameter shifts the stack (for nums between 0 and 31), so changing it around should lead to crashes in different browsers.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39611.zip\n\n# 0day.today [2018-04-14] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25889"}, {"lastseen": "2018-04-02T03:23:27", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "href": "https://0day.today/exploit/description/25892", "id": "1337DAY-ID-25892", "title": "Adobe Flash - Shape Rendering Crash", "type": "zdt", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=721\r\n \r\nThe attached fuzz case causes a crash in shape rendering.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39608.zip\n\n# 0day.today [2018-04-02] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25892"}, {"lastseen": "2018-04-10T07:41:39", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "href": "https://0day.today/exploit/description/25888", "id": "1337DAY-ID-25888", "type": "zdt", "title": "Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=716\r\n \r\nThe ActionScript parameter conversion in the fix for an issue in the December Flash bulletin (https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely one of the UaFs reported by Yuki Chen) can sometimes access a parameter on the native stack that is uninitialized.\r\n \r\nIf:\r\n \r\nvar o = {};\r\no.unwatch();\r\n \r\nis called in ActionScript, a parameter array is allocated using alloca(0), which leads to a 16-byte (the minimum size length for alloca in the implementation) that does not get initialized. The conversion function in the UaF check then assumes that at least one parameter has been allocated, and attempts to convert the stack parameter to a string, even though it is a previous value (a UTF string \"fffff ... \" in the PoC).\r\n \r\nA PoC is attached, it is a bit finicky but crashes in the most recent Chrome Flash update. To reproduce, load crasher2.swf?num=15, and then immediately loading crasher2.swf?num=4. The num parameter shifts the stack (for nums between 0 and 31), so changing it around should lead to crashes in different browsers.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39612.zip\n\n# 0day.today [2018-04-10] #", "sourceHref": "https://0day.today/exploit/25888", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-09T07:14:25", "bulletinFamily": "exploit", "description": "Exploit for multiple platform in category remote exploits", "modified": "2016-03-29T00:00:00", "published": "2016-03-29T00:00:00", "id": "1337DAY-ID-25396", "href": "https://0day.today/exploit/description/25396", "type": "zdt", "title": "Adobe Flash - Object.unwatch Use-After-Free Exploit", "sourceData": "Sources: \r\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=716\r\nhttps://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html\r\n \r\nThe bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. Roughly 80 of these types of issues have been fixed by Adobe in the past year, and two uninitialized variable issues were introduced in the fixes. \r\n \r\n This issue is fairly easy to reproduce, a proof-of-concept for this issue in its entirety is:\r\n \r\n var o = {};\r\n o.unwatch();\r\n \r\n The bug occurs because the use-after-free check in the unwatch method attempts to convert its first parameter to a string by calling toString on it before continuing with the part of the method where toString could cause problems by freeing an object. However, Flash does not check that this parameter exists before calling toString on it. In pseudo-code, the rough behaviour of this method is:\r\n \r\n void* args = alloca( args_size );\r\n for( int i = 0; i < args_size; i++){\r\n // Init args\r\n }\r\n \r\n if ( ((int) args[0]) & 6 == 6 )\r\n args[0] = call_toString( args[0] );\r\n \r\n if ( args_size < 1)\r\n exit();\r\n \r\n \r\nExploit:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39631.zip\n\n# 0day.today [2018-02-09] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25396"}, {"lastseen": "2018-04-02T21:27:38", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "href": "https://0day.today/exploit/description/25891", "id": "1337DAY-ID-25891", "type": "zdt", "title": "Adobe Flash - Zlib Codec Heap Overflow", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=720\r\n \r\nThere is a heap overflow in the Zlib codecs used when playing flv files in flash. Sample flv files are attached. Load http://127.0.0.1/LoadMP42.swf?file=smalloverflow.flv to reproduce.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39609.zip\n\n# 0day.today [2018-04-02] #", "sourceHref": "https://0day.today/exploit/25891", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-09T21:30:15", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "href": "https://0day.today/exploit/description/25887", "id": "1337DAY-ID-25887", "type": "zdt", "title": "Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=715\r\n \r\nThe ActionScript parameter conversion in the fix for issue 403 (https://code.google.com/p/google-security-research/issues/detail?id=403) can sometimes access a parameter on the native stack that is uninitialized.\r\n \r\nIf:\r\n \r\nmc.swapDepths();\r\n \r\nis called in ActionScript, a parameter array is allocated using alloca(0), which leads to a 16-byte (the minimum size length for alloca in the implementation) that does not get initialized. The conversion function in the UaF check then assumes that at least one parameter has been allocated, and attempts to convert the stack parameter to a string, even though it is a previous value (a UTF string \"fffff ... \" in the PoC).\r\n \r\nA PoC is attached, it is a bit finicky and depends a lot on the specific Flash version. It crashes currently in chrome-unstable, by loading crasher2.swf?num=15, and then immediately loading crasher2.swf?num=4. The num parameter shifts the stack (for nums between 0 and 31), so changing it around should lead to crashes in different browsers.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39613.zip\n\n# 0day.today [2018-01-09] #", "sourceHref": "https://0day.today/exploit/25887", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-05T21:49:55", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2016-03-23T00:00:00", "published": "2016-03-23T00:00:00", "href": "https://0day.today/exploit/description/25890", "id": "1337DAY-ID-25890", "type": "zdt", "title": "Adobe Flash - Sprite Creation Use-After-Free", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=718\r\n \r\nThere is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed.\r\n \r\nA sample swf is attached.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39610.zip\n\n# 0day.today [2018-04-05] #", "sourceHref": "https://0day.today/exploit/25890", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "hackerone": [{"lastseen": "2019-11-20T17:03:06", "bulletinFamily": "bugbounty", "bounty": 2000.0, "description": "##Description\n---------------\nA Uninitialised Memory Corruption exist in Adobe Flash Player SA for Mac (test in v20.0.0.228 sa version)\uff0csuccessful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. \n\n##Environment\n---------------\n1\u3001Mac OSX 10.11.2\n2\u3001flashplayer20_0d0_228_mac_sa\n\n##Details\n---------------\n\nvalgrind --tool=memcheck /Users/riusksk/Downloads/Flash\\ Player.app/Contents/MacOS/Flash\\ Player poc.swf \n\n==3453== Memcheck, a memory error detector\n\n==3453== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.\n\n==3453== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info\n\n==3453== Command: /Users/riusksk/Downloads/Flash\\ Player.app/Contents/MacOS/Flash\\ Player poc.swf\n\n==3453== \n\n==3453== Conditional jump or move depends on uninitialised value(s)\n\n==3453== at 0x7FFF5FC24A27: bcmp (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC11914: ImageLoaderMachO::validateFirstPages(linkedit_data_command const*, int, unsigned char const*, unsigned long, long long, ImageLoader::LinkContext const&) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC16B8A: ImageLoaderMachOCompressed::instantiateFromFile(char const*, int, unsigned char const*, unsigned long, unsigned long long, unsigned long long, stat const&, unsigned int, unsigned int, linkedit_data_command const*, encryption_info_command const*, ImageLoader::LinkContext const&) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC10A7E: ImageLoaderMachO::instantiateFromFile(char const*, int, unsigned char const*, unsigned long long, unsigned long long, stat const&, ImageLoader::LinkContext const&) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC038C2: dyld::loadPhase6(int, stat const&, char const*, dyld::LoadContext const&) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC0846D: dyld::loadPhase5(char const*, char const*, dyld::LoadContext const&, std::__1::vector<char const*, std::__1::allocator<char const*> >*) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC0818D: dyld::loadPhase4(char const*, char const*, dyld::LoadContext const&, std::__1::vector<char const*, std::__1::allocator<char const*> >*) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC07EF2: dyld::loadPhase3(char const*, char const*, dyld::LoadContext const&, std::__1::vector<char const*, std::__1::allocator<char const*> >*) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC07647: dyld::loadPhase1(char const*, char const*, dyld::LoadContext const&, std::__1::vector<char const*, std::__1::allocator<char const*> >*) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC0347A: dyld::loadPhase0(char const*, char const*, dyld::LoadContext const&, std::__1::vector<char const*, std::__1::allocator<char const*> >*) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC0315E: dyld::load(char const*, dyld::LoadContext const&) (in /usr/lib/dyld)\n\n==3453== by 0x7FFF5FC0870A: dyld::libraryLocator(char const*, bool, char const*, ImageLoader::RPathChain const*) (in /usr/lib/dyld)\n\n==3453== \n\n==3453== Use of uninitialised value of size 8\n\n\nlldb Flash\\ Player\n\n(lldb) target create \"Flash Player\"\n\nwarning: (x86_64) /Users/riusksk/Downloads/Flash Player.app/Contents/MacOS/Flash Player empty dSYM file detected, dSYM was created with an executable with no debug info.\n\nCurrent executable set to 'Flash Player' (x86_64).\n\n(lldb) run ~/Downloads/poc.swf\n\nProcess 96650 launched: '/Users/riusksk/Downloads/Flash Player.app/Contents/MacOS/Flash Player' (x86_64)\n\nVector smash protection is enabled.\n\nProcess 96650 stopped\n\n* thread #1: tid = 0xbbffa, 0x00007fff82cc0b4f CoreFoundation`CFStringGetLength + 15, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)\n\nframe #0: 0x00007fff82cc0b4f CoreFoundation`CFStringGetLength + 15\n\nCoreFoundation`CFStringGetLength:\n\n-> 0x7fff82cc0b4f <+15>: movq (%rbx), %rax\n\n0x7fff82cc0b52 <+18>: testq %rax, %rax\n\n0x7fff82cc0b55 <+21>: je 0x7fff82cc0b97 ; <+87>\n\n0x7fff82cc0b57 <+23>: leaq -0xff65e76(%rip), %rcx ; __CFConstantStringClassReferencePtr\n\n(lldb) bt\n\n* thread #1: tid = 0xbbffa, 0x00007fff82cc0b4f CoreFoundation`CFStringGetLength + 15, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)\n\n* frame #0: 0x00007fff82cc0b4f CoreFoundation`CFStringGetLength + 15\n\nframe #1: 0x00007fff82df89cc CoreFoundation`_CFURLCreateWithFileSystemPath + 60\n\nframe #2: 0x000000010040d204 Flash Player`main + 165412\n\nframe #3: 0x0000000100394bb4 Flash Player`___lldb_unnamed_function14212$$Flash Player + 356\n\nframe #4: 0x00000001004053e8 Flash Player`main + 133128\n\nframe #5: 0x000000010040563e Flash Player`main + 133726\n\nframe #6: 0x000000010039630a Flash Player`___lldb_unnamed_function14228$$Flash Player + 10\n\nframe #7: 0x00000001001032fd Flash Player`___lldb_unnamed_function2712$$Flash Player + 13\n\nframe #8: 0x000000010034863c Flash Player`___lldb_unnamed_function12938$$Flash Player + 844\n\nframe #9: 0x000000010034824c Flash Player`___lldb_unnamed_function12937$$Flash Player + 764\n\nframe #10: 0x0000000100342843 Flash Player`___lldb_unnamed_function12890$$Flash Player + 1203\n\nframe #11: 0x00000001003421ef Flash Player`___lldb_unnamed_function12888$$Flash Player + 559\n\nframe #12: 0x00000001002fd32c Flash Player`___lldb_unnamed_function12368$$Flash Player + 540\n\nframe #13: 0x0000000100301438 Flash Player`___lldb_unnamed_function12395$$Flash Player + 968\n\nframe #14: 0x0000000100302447 Flash Player`___lldb_unnamed_function12397$$Flash Player + 1527\n\nframe #15: 0x0000000100309957 Flash Player`___lldb_unnamed_function12454$$Flash Player + 535\n\nframe #16: 0x0000000100308e12 Flash Player`___lldb_unnamed_function12453$$Flash Player + 770\n\nframe #17: 0x0000000100350dc3 Flash Player`___lldb_unnamed_function12977$$Flash Player + 371\n\nframe #18: 0x000000010039702a Flash Player`___lldb_unnamed_function14247$$Flash Player + 138\n\nframe #19: 0x0000000100405546 Flash Player`main + 133478\n\nframe #20: 0x000000010040563e Flash Player`main + 133726\n\nframe #21: 0x000000010039630a Flash Player`___lldb_unnamed_function14228$$Flash Player + 10\n\nframe #22: 0x00000001001032fd Flash Player`___lldb_unnamed_function2712$$Flash Player + 13\n\nframe #23: 0x000000010034863c Flash Player`___lldb_unnamed_function12938$$Flash Player + 844\n\nframe #24: 0x00000001003489b4 Flash Player`___lldb_unnamed_function12939$$Flash Player + 436\n\nframe #25: 0x00000001003e2499 Flash Player`___lldb_unnamed_function15719$$Flash Player + 1145\n\nframe #26: 0x00000001003e29ee Flash Player`___lldb_unnamed_function15722$$Flash Player + 46\n\nframe #27: 0x00007fff8c0fb2c4 AppKit`-[NSApplication _doOpenFile:ok:tryTemp:] + 315\n\nframe #28: 0x00007fff8bd26775 AppKit`-[NSApplication finishLaunching] + 1557\n\nframe #29: 0x00007fff8bd25e05 AppKit`-[NSApplication run] + 231\n\nframe #30: 0x00007fff8bca8520 AppKit`NSApplicationMain + 1176\n\nframe #31: 0x0000000100001784 Flash Player`___lldb_unnamed_function1$$Flash Player + 52\n\n##Reference\nriusksk of Tencent Security Platform Department (CVE-2016-0992):\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html\n\n\n\n", "modified": "2019-11-12T09:42:53", "published": "2016-03-11T04:19:30", "id": "H1:122256", "href": "https://hackerone.com/reports/122256", "type": "hackerone", "title": "Flash (IBB): Adobe Flash Player Uninitialised Memory Corruption", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-20T17:03:07", "bulletinFamily": "bugbounty", "bounty": 2000.0, "description": "I. Summary\nAdobe Flash Player is prone to a vulnerability which leads to Use-After-Free.\n\nII. Description\nIf the variable parameter of a TextField instance equals to a getter property associated with swfRoot where the getter method includes a call to removeTextField(), the TextField instance is used after it is freed.\n\nIII. Impact\nUse-After-Free\n\nIV. Credit\nWen Guanxing from Venustech ADLAB is credited for this vulnerability.\n\nIt has been assigned by Adobe as CVE-2016-0990\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-08.html", "modified": "2019-11-12T09:43:20", "published": "2016-03-11T03:54:25", "id": "H1:122254", "href": "https://hackerone.com/reports/122254", "type": "hackerone", "title": "Flash (IBB): Adobe Flash Player TextField Use-After-Free Vulnerability", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2016-11-09T00:18:03", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the actionCallMethod opcode. By manipulating the arguments passed to the actionCallMethod opcode, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "modified": "2016-11-09T00:00:00", "published": "2016-03-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-16-194", "id": "ZDI-16-194", "title": " Adobe Flash AS2 actionCallMethod Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:18:03", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within MPEG-4 parsing. A specially crafted MP4 file can force the dereference of an uninitialized pointer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "modified": "2016-11-09T00:00:00", "published": "2016-03-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-16-192", "id": "ZDI-16-192", "title": "Adobe Flash MPEG-4 Uninitialized Pointer Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:17:58", "bulletinFamily": "info", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the setInterval method. By calling setInterval with specific arguments, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "modified": "2016-11-09T00:00:00", "published": "2016-03-10T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-16-193", "id": "ZDI-16-193", "title": "Adobe Flash setInterval Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:55:40", "bulletinFamily": "info", "description": "Adobe today released a [new version of Flash Player](<https://helpx.adobe.com/security/products/flash-player/apsb16-08.html>) that patches 18 vulnerabilities, all of which can result in remote code execution attacks.\n\nOn Tuesday, Adobe pushed out [security updates for Reader, Acrobat and Digital Editions](<https://threatpost.com/adobe-patches-reader-and-acrobat-teases-upcoming-flash-update/116662/>), and gave users a head\u2019s up about an upcoming Flash update.\n\nToday\u2019s Flash release patches a host of memory-related security vulnerabilities that attackers can exploit to run code of their choice on compromised machines. Adobe said the flaws affect version 20.0.0.0306 for Windows and Macintosh on the desktop, and Flash for browsers, including Chrome, Microsoft Edge and Internet Explorer 11 on Windows 10 and Windows 8.1\n\nUsers should upgrade to 21.0.0.182 on those platforms, Adobe said, adding that it is aware of a public exploit used in limited targeted attacks against CVE-2016-1010, an integer overflow vulnerability that leads to remote code execution. The vulnerability was privately disclosed by Anton Ivanov, a researcher at Kaspersky Lab.\n\n\u201cAdobe released the security bulletin APSB16-08, crediting Kaspersky Lab for reporting CVE-2016-1010. The vulnerability could potentially allow an attacker to take control of the affected system. Kaspersky Lab researchers observed the usage of this vulnerability in a very limited number of targeted attacks,\u201d Kaspersky Lab said in a statement. \u201cAt this time, we do not have any additional details to share on these attacks as the investigation is still ongoing. Even though these attacks are rare, we recommend that everyone get the update from the Adobe site as soon as possible.\u201d\n\nAdobe said three of the vulnerabilities patched today are integer overflow flaws that could result in remote code execution, another half-dozen memory corruption bugs, a heap over flow vulnerability, and eight use-after-free flaws.\n\nLast month, Adobe pushed out its [first Flash update of 2016](<https://helpx.adobe.com/security/products/flash-player/apsb16-04.html>), patching 22 remote code execution flaws.\n\nDespite the relatively slow flow of Flash updates, the maligned player has been in the news regularly. In January, exploit acquisition company Zerodium announced that it would run a month-long bounty and pay as much as $100,000 for exploit code bypassing a heap isolation mitigation native to Flash Player. Heap partitioning was integrated into Flash Player last July; the technique isolates different types of objects on the heap making it difficult for attackers to dictate where objects are allocated.\n\nZerodium has not announced any payouts for its Flash bounty.\n\n_This article was updated with information about publicly available exploits. _\n", "modified": "2016-03-15T22:00:35", "published": "2016-03-10T11:19:47", "id": "THREATPOST:89C5677AF217CBA7A0C8C4128234EF37", "href": "https://threatpost.com/flash-player-update-patches-18-remote-code-execution-flaws/116707/", "type": "threatpost", "title": "March 2016 Adobe Flash Player Security Update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:55:31", "bulletinFamily": "info", "description": "Adobe will release an emergency Flash Player update as soon as Thursday, patching a critical vulnerability that is being publicly attacked.\n\nAdobe said the vulnerability is in version 21.0.0.197 and earlier for Windows, Mac OS X, Linux and Chrome OS.\n\n\u201cSuccessful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,\u201d Adobe said in an [advisory](<https://helpx.adobe.com/security/products/flash-player/apsa16-01.html>) published late this afternoon.\n\nAdobe said that a mitigation introduced on March 10 in Flash 21.0.0.182 protects users against attack; users are urged to update immediately. Adobe said active attacks using CVE-2016-1019 are targeting Windows 7 and Windows XP systems running Flash 20.0.0.306 and earlier.\n\nFrench researcher Kafeine, who publishes updates on his personal site on exploit kits, is one of three researchers credited with disclosing the bug to Adobe along with FireEye\u2019s Genwei Jiang and Google\u2019s Clement Lecigne.\n\nKafeine told Threatpost he would not comment before the availability of a patch.\n\nThe March 10 [Flash Player update](<https://threatpost.com/flash-player-update-patches-18-remote-code-execution-flaws/116707/>) was part of Adobe\u2019s regular monthly security update cycle. It patched 18 remote code execution flaws, including one, CVE-2016-1010, being exploited in the wild.\n", "modified": "2016-04-07T21:57:25", "published": "2016-04-05T19:09:09", "id": "THREATPOST:02FB00D8BE50B1B6165E20F03EBF20C0", "href": "https://threatpost.com/emergency-update-coming-for-flash-vulnerability-under-attack/117219/", "type": "threatpost", "title": "Emergency Adobe Flash Player Security Update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:54:34", "bulletinFamily": "info", "description": "One of the four zero-day vulnerabilities Microsoft patched last week was being used by an APT group called FruityArmor to carry out targeted attacks, escape browser-based sandboxes, and execute malicious code in the wild.\n\nAnton Ivanov, a researcher at Kaspersky Lab, was credited by Microsoft for discovering the vulnerability last Tuesday but little was known about how it was actually being exploited until today.\n\n> Details about CVE-2016-3393 (code execution in kernel space) soon.\n> \n> \u2014 Anton Ivanov (@antonivanovm) [October 14, 2016](<https://twitter.com/antonivanovm/status/786972222229454853>)\n\nThe vulnerability, CVE-2016-3393, stemmed from the way a component, Windows graphics device interface (GDI), handled objects in memory. GDI is an application programming interface in Windows that helps apps that use graphics and formatted text on the video display and printer.\n\n[Microsoft said in bulletin MS16-120](<https://threatpost.com/microsoft-patches-five-zero-days-under-attack/121211/>), which it marked critical, that an attacker could exploit the vulnerability multiple ways, either by tricking a user into opening a rigged document file, tricking a user into visiting a rigged site and then convincing them to click on a link, or tricking a user into opening an attachment sent via email.\n\nAccording to Kaspersky Lab, FruityArmor was using a browser exploit to execute malicious code and pairing it with CVE-2016-3393 to escape browser sandboxes and elevate privileges. The vulnerability could be triggered by a module that when unpacked, loads a specialized TTF font rigged with the exploit, according to Ivanov, who wrote [a Securelist post](<https://securelist.com/blog/research/76396/windows-zero-day-exploit-used-in-targeted-attacks-by-fruityarmor-apt/>) on the APT today.\n\nFruityArmor zigs when other groups zag in the sense that it uses a platform built completely around PowerShell, the Microsoft-based command-line shell and scripting language. Not only is the group\u2019s primary malware implant written in PowerShell, so are the commands sent by operators.\n\n> Congrats to [@antonivanovm](<https://twitter.com/antonivanovm>) for discovering and reporting CVE-2016-3393 (Windows Graphics Component RCE) to MS! [pic.twitter.com/aOLxPkmCeC](<https://t.co/aOLxPkmCeC>)\n> \n> \u2014 Costin Raiu (@craiu) [October 12, 2016](<https://twitter.com/craiu/status/786081644486725632>)\n\nOnce in, a secondary payload is executed with even higher-level privileges to execute PowerShell and connect to the attackers\u2019 command and control server. From there the group can deliver instructions and download additional modules, Ivanov said.\n\nThe module that unpacks the malicious TTF font was seen running directly in memory, and then loading the exploit\u2019s code from memory. Microsoft said that it fixed the vulnerability by addressing how Windows GDI handles objects in memory.\n\nA handful of malware strains have been spotted leveraging PowerShell over the past few months. [A Brazilian banking Trojan](<https://threatpost.com/new-brazilian-banking-trojan-uses-windows-powershell-utility/120016/>) also dug up by Kaspersky Lab, was observed in August using PowerShell scripts to make proxy configuration changes in Internet Explorer to redirect connections to phishing pages. Last month, researchers with FireEye saw [Hancitor](<https://threatpost.com/hancitor-downloader-abusing-apis-powershell-commands/120868/>), a malicious downloader, using PowerShell commands to obtain payloads and evade detection.\n\nKaspersky Lab has been credited with discovering two Adobe Flash zero days ([CVE-2016-1010](<https://threatpost.com/flash-player-update-patches-18-remote-code-execution-flaws/116707/>) and [CVE-2016-4171](<https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/>)) and another Windows elevation of privilege vulnerability, CVE-2016-0165, earlier this year. The company said it refrained from posting too much information about the APT out of risk other threat actors would adopt the tactics for their attacks.\n\nIvanov said Thursday that the longer unpatched vulnerabilities tied to zero days linger, the more valuable they become to attackers.\n\n\u201cEven though there is a growing tendency for attackers to use off-the-shelf malware, unpatched zero-days remain the top prize, treasured by targeted threat actors,\u201d Ivanov said Thursday.\n\n\u201cThe demand for such vulnerabilities is unlikely to diminish any time soon, which is why we need security researchers to continue hunting for them, protection technologies able to detect them, and software developers responding rapidly with a fix. We all have a shared responsibility to protect customers,\u201d\n", "modified": "2016-10-20T11:29:12", "published": "2016-10-20T07:00:01", "id": "THREATPOST:97E8E842416B1CD7B88267821DAEFA37", "href": "https://threatpost.com/fruityarmor-apt-group-used-recently-patched-windows-zero-day/121398/", "type": "threatpost", "title": "FruityArmor APT Group Used Recently Patched Windows Zero Day", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}