ID CVE-2015-0310 Type cve Reporter cve@mitre.org Modified 2015-11-13T17:08:00
Description
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
{"symantec": [{"lastseen": "2018-03-14T22:43:16", "bulletinFamily": "software", "description": "### Description\n\nAdobe Flash Player is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.2.54 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.1 \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.106.17 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.26 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.11 \n * Adobe Flash Player 10.3.183.15 \n * Adobe Flash Player 10.3.183.16 \n * Adobe Flash Player 10.3.183.18 \n * Adobe Flash Player 10.3.183.19 \n * Adobe Flash Player 10.3.183.20 \n * Adobe Flash Player 10.3.183.23 \n * Adobe Flash Player 10.3.183.25 \n * Adobe Flash Player 10.3.183.29 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.43 \n * Adobe Flash Player 10.3.183.48 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.50 \n * Adobe Flash Player 10.3.183.51 \n * Adobe Flash Player 10.3.183.61 \n * Adobe Flash Player 10.3.183.63 \n * Adobe Flash Player 10.3.183.67 \n * Adobe Flash Player 10.3.183.68 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.183.75 \n * Adobe Flash Player 10.3.183.86 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.24 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11 \n * Adobe Flash Player 11.0.1.129 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 11.0.1.153 \n * Adobe Flash Player 11.0.1.60 \n * Adobe Flash Player 11.0.1.98 \n * Adobe Flash Player 11.1 \n * Adobe Flash Player 11.1.102.228 \n * Adobe Flash Player 11.1.102.55 \n * Adobe Flash Player 11.1.102.59 \n * Adobe Flash Player 11.1.102.62 \n * Adobe Flash Player 11.1.102.63 \n * Adobe Flash Player 11.1.111.10 \n * Adobe Flash Player 11.1.111.44 \n * Adobe Flash Player 11.1.111.5 \n * Adobe Flash Player 11.1.111.50 \n * Adobe Flash Player 11.1.111.54 \n * Adobe Flash Player 11.1.111.6 \n * Adobe Flash Player 11.1.111.64 \n * Adobe Flash Player 11.1.111.7 \n * Adobe Flash Player 11.1.111.73 \n * Adobe Flash Player 11.1.111.8 \n * Adobe Flash Player 11.1.111.9 \n * Adobe Flash Player 11.1.112.61 \n * Adobe Flash Player 11.1.115.11 \n * Adobe Flash Player 11.1.115.34 \n * Adobe Flash Player 11.1.115.48 \n * Adobe Flash Player 11.1.115.54 \n * Adobe Flash Player 11.1.115.58 \n * Adobe Flash Player 11.1.115.59 \n * Adobe Flash Player 11.1.115.6 \n * Adobe Flash Player 11.1.115.63 \n * Adobe Flash Player 11.1.115.69 \n * Adobe Flash Player 11.1.115.7 \n * Adobe Flash Player 11.1.115.8 \n * Adobe Flash Player 11.1.115.81 \n * Adobe Flash Player 11.2.202 238 \n * Adobe Flash Player 11.2.202.160 \n * Adobe Flash Player 11.2.202.197 \n * Adobe Flash Player 11.2.202.221 \n * Adobe Flash Player 11.2.202.223 \n * Adobe Flash Player 11.2.202.228 \n * Adobe Flash Player 11.2.202.229 \n * Adobe Flash Player 11.2.202.233 \n * Adobe Flash Player 11.2.202.235 \n * Adobe Flash Player 11.2.202.236 \n * Adobe Flash Player 11.2.202.238 \n * Adobe Flash Player 11.2.202.243 \n * Adobe Flash Player 11.2.202.251 \n * Adobe Flash Player 11.2.202.258 \n * Adobe Flash Player 11.2.202.261 \n * Adobe Flash Player 11.2.202.262 \n * Adobe Flash Player 11.2.202.270 \n * Adobe Flash Player 11.2.202.273 \n * Adobe Flash Player 11.2.202.275 \n * Adobe Flash Player 11.2.202.280 \n * Adobe Flash Player 11.2.202.285 \n * Adobe Flash Player 11.2.202.291 \n * Adobe Flash Player 11.2.202.297 \n * Adobe Flash Player 11.2.202.310 \n * Adobe Flash Player 11.2.202.327 \n * Adobe Flash Player 11.2.202.332 \n * Adobe Flash Player 11.2.202.335 \n * Adobe Flash Player 11.2.202.336 \n * Adobe Flash Player 11.2.202.341 \n * Adobe Flash Player 11.2.202.346 \n * Adobe Flash Player 11.2.202.350 \n * Adobe Flash Player 11.2.202.356 \n * Adobe Flash Player 11.2.202.359 \n * Adobe Flash Player 11.2.202.378 \n * Adobe Flash Player 11.2.202.394 \n * Adobe Flash Player 11.2.202.400 \n * Adobe Flash Player 11.2.202.406 \n * Adobe Flash Player 11.2.202.411 \n * Adobe Flash Player 11.2.202.418 \n * Adobe Flash Player 11.2.202.424 \n * Adobe Flash Player 11.2.202.425 \n * Adobe Flash Player 11.2.202.429 \n * Adobe Flash Player 11.2.202.95 \n * Adobe Flash Player 11.3.300.214 \n * Adobe Flash Player 11.3.300.231 \n * Adobe Flash Player 11.3.300.250 \n * Adobe Flash Player 11.3.300.257 \n * Adobe Flash Player 11.3.300.262 \n * Adobe Flash Player 11.3.300.265 \n * Adobe Flash Player 11.3.300.268 \n * Adobe Flash Player 11.3.300.270 \n * Adobe Flash Player 11.3.300.271 \n * Adobe Flash Player 11.3.300.273 \n * Adobe Flash Player 11.3.31.230 \n * Adobe Flash Player 11.3.378.5 \n * Adobe Flash Player 11.4.400.231 \n * Adobe Flash Player 11.4.402.265 \n * Adobe Flash Player 11.4.402.278 \n * Adobe Flash Player 11.4.402.287 \n * Adobe Flash Player 11.5.500.80 \n * Adobe Flash Player 11.5.502.110 \n * Adobe Flash Player 11.5.502.118 \n * Adobe Flash Player 11.5.502.124 \n * Adobe Flash Player 11.5.502.131 \n * Adobe Flash Player 11.5.502.135 \n * Adobe Flash Player 11.5.502.136 \n * Adobe Flash Player 11.5.502.146 \n * Adobe Flash Player 11.5.502.149 \n * Adobe Flash Player 11.6.602.105 \n * Adobe Flash Player 11.6.602.167 \n * Adobe Flash Player 11.6.602.168 \n * Adobe Flash Player 11.6.602.171 \n * Adobe Flash Player 11.6.602.180 \n * Adobe Flash Player 11.7.700.169 \n * Adobe Flash Player 11.7.700.202 \n * Adobe Flash Player 11.7.700.203 \n * Adobe Flash Player 11.7.700.224 \n * Adobe Flash Player 11.7.700.225 \n * Adobe Flash Player 11.7.700.232 \n * Adobe Flash Player 11.7.700.242 \n * Adobe Flash Player 11.7.700.252 \n * Adobe Flash Player 11.7.700.257 \n * Adobe Flash Player 11.7.700.260 \n * Adobe Flash Player 11.7.700.261 \n * Adobe Flash Player 11.7.700.269 \n * Adobe Flash Player 11.7.700.272 \n * Adobe Flash Player 11.7.700.275 \n * Adobe Flash Player 11.7.700.279 \n * Adobe Flash Player 11.8.800.168 \n * Adobe Flash Player 11.8.800.170 \n * Adobe Flash Player 11.8.800.94 \n * Adobe Flash Player 11.8.800.97 \n * Adobe Flash Player 11.9.900.117 \n * Adobe Flash Player 11.9.900.152 \n * Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 12 \n * Adobe Flash Player 12.0.0.38 \n * Adobe Flash Player 12.0.0.41 \n * Adobe Flash Player 12.0.0.43 \n * Adobe Flash Player 12.0.0.44 \n * Adobe Flash Player 12.0.0.70 \n * Adobe Flash Player 12.0.0.77 \n * Adobe Flash Player 13.0.0.182 \n * Adobe Flash Player 13.0.0.201 \n * Adobe Flash Player 13.0.0.206 \n * Adobe Flash Player 13.0.0.214 \n * Adobe Flash Player 13.0.0.223 \n * Adobe Flash Player 13.0.0.231 \n * Adobe Flash Player 13.0.0.241 \n * Adobe Flash Player 13.0.0.244 \n * Adobe Flash Player 13.0.0.250 \n * Adobe Flash Player 13.0.0.252 \n * Adobe Flash Player 13.0.0.258 \n * Adobe Flash Player 13.0.0.259 \n * Adobe Flash Player 13.0.0.260 \n * Adobe Flash Player 14.0.0.125 \n * Adobe Flash Player 14.0.0.145 \n * Adobe Flash Player 14.0.0.176 \n * Adobe Flash Player 14.0.0.177 \n * Adobe Flash Player 14.0.0.179 \n * Adobe Flash Player 15.0.0.152 \n * Adobe Flash Player 15.0.0.189 \n * Adobe Flash Player 15.0.0.223 \n * Adobe Flash Player 15.0.0.239 \n * Adobe Flash Player 15.0.0.242 \n * Adobe Flash Player 15.0.0.246 \n * Adobe Flash Player 16.0.0.235 \n * Adobe Flash Player 16.0.0.257 \n * Adobe Flash Player 2 \n * Adobe Flash Player 3 \n * Adobe Flash Player 6.0.21.0 \n * Adobe Flash Player 6.0.79 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.14.0 \n * Adobe Flash Player 7.0.19.0 \n * Adobe Flash Player 7.0.24.0 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.53.0 \n * Adobe Flash Player 7.0.60.0 \n * Adobe Flash Player 7.0.61.0 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.66.0 \n * Adobe Flash Player 7.0.67.0 \n * Adobe Flash Player 7.0.68.0 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.0.73.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.18D60 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.0.8.0 \n * Adobe Flash Player 9.0.9.0 \n * Adobe Flash Player 9.125.0 \n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Server Supplementary EUS 6.6.z \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation Supplementary 6 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run the application with the minimal amount of privileges required for functionality.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources. \n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources. \n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2015-01-22T00:00:00", "published": "2015-01-22T00:00:00", "id": "SMNTC-72261", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/72261", "type": "symantec", "title": "Adobe Flash Player CVE-2015-0310 Unspecified Memory Corruption Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850939", "title": "SuSE Update for flash-player SUSE-SU-2015:0129-1 (flash-player)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0129_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for flash-player SUSE-SU-2015:0129-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850939\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:48:48 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0310\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for flash-player SUSE-SU-2015:0129-1 (flash-player)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to 11.2.202.438 to fix one security issue.\n\n (APSB15-02, CVE-2015-0310)\");\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 12\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0129_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.438~27.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.438~27.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:13:13", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash\n Player and is prone to unspecified memory corruption vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805256", "title": "Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805256\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-0310\");\n script_bugtraq_id(72261);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 15:33:53 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to unspecified memory corruption vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to bypass certain security restrictions and potentially conduct\n more severe attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 13.x before\n 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.262 or 16.0.0.287 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62452\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"13.0\", test_version2:\"13.0.0.261\")||\n version_in_range(version:playerVer, test_version:\"14.0.0\", test_version2:\"16.0.0.286\"))\n{\n if(playerVer =~ \"^13\\.\") {\n fix = \"13.0.0.262\";\n } else {\n fix = \"16.0.0.287\";\n }\n\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:13:59", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash\n Player and is prone to unspecified memory corruption vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805258", "title": "Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805258\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-0310\");\n script_bugtraq_id(72261);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 15:48:12 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to unspecified memory corruption vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to bypass certain security restrictions and potentially conduct\n more severe attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player before version\n 11.2.202.438 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.438 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62452\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.438\"))\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: 11.2.202.438\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850952", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850952", "title": "SuSE Update for flash-player SUSE-SU-2015:0135-1 (flash-player)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0135_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for flash-player SUSE-SU-2015:0135-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850952\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:56:47 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0310\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for flash-player SUSE-SU-2015:0135-1 (flash-player)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to version 11.2.202.438 to fix one security\n issue. (APSB15-02, CVE-2015-0310)\");\n\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0135_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.438~0.3.1\", rls:\"SLED11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.438~0.3.1\", rls:\"SLED11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.438~0.3.1\", rls:\"SLED11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:13:10", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash\n Player and is prone to unspecified memory corruption vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805257", "title": "Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805257\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-0310\");\n script_bugtraq_id(72261);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 15:46:43 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to unspecified memory corruption vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to bypass certain security restrictions and potentially conduct\n more severe attacks.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 13.x before\n 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.262 or 16.0.0.287 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62452\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"13.0\", test_version2:\"13.0.0.261\")||\n version_in_range(version:playerVer, test_version:\"14.0.0\", test_version2:\"16.0.0.286\"))\n{\n if(playerVer =~ \"^13\\.\") {\n fix = \"13.0.0.262\";\n } else {\n fix = \"16.0.0.287\";\n }\n\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201502-02", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121341", "title": "Gentoo Security Advisory GLSA 201502-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201502-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121341\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:27 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201502-02\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201502-02\");\n script_cve_id(\"CVE-2015-0301\", \"CVE-2015-0302\", \"CVE-2015-0303\", \"CVE-2015-0304\", \"CVE-2015-0305\", \"CVE-2015-0306\", \"CVE-2015-0307\", \"CVE-2015-0308\", \"CVE-2015-0309\", \"CVE-2015-0310\", \"CVE-2015-0311\", \"CVE-2015-0314\", \"CVE-2015-0315\", \"CVE-2015-0316\", \"CVE-2015-0317\", \"CVE-2015-0318\", \"CVE-2015-0319\", \"CVE-2015-0320\", \"CVE-2015-0321\", \"CVE-2015-0322\", \"CVE-2015-0323\", \"CVE-2015-0324\", \"CVE-2015-0325\", \"CVE-2015-0326\", \"CVE-2015-0327\", \"CVE-2015-0328\", \"CVE-2015-0329\", \"CVE-2015-0330\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201502-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.442\"), vulnerable: make_list(\"lt 11.2.202.442\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-12-13T07:57:06", "bulletinFamily": "scanner", "description": "According to its version, the installation of Adobe Flash Player\ninstalled on the remote Mac OS X host is equal or prior to 16.0.0.257.\nIt is, therefore, affected by a memory leak that can allow bypassing\nof memory randomization mitigations, aiding in further attacks.", "modified": "2019-12-02T00:00:00", "id": "MACOSX_FLASH_PLAYER_16_0_0_287.NASL", "href": "https://www.tenable.com/plugins/nessus/80947", "published": "2015-01-23T00:00:00", "title": "Flash Player For Mac <= 16.0.0.257 Information Disclosure (APSB15-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80947);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0310\");\n script_bugtraq_id(72261);\n\n script_name(english:\"Flash Player For Mac <= 16.0.0.257 Information Disclosure (APSB15-02)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by an\ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe Flash Player\ninstalled on the remote Mac OS X host is equal or prior to 16.0.0.257.\nIt is, therefore, affected by a memory leak that can allow bypassing\nof memory randomization mitigations, aiding in further attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-02.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n # http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cdc6d908\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 16.0.0.287 or later.\n\nAlternatively, Adobe has made version 13.0.0.262 available for those\ninstallations that cannot be upgraded to 16.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0310\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (ver_compare(ver:version, fix:\"14.0.0.0\", strict:FALSE) >= 0)\n{\n cutoff_version = \"16.0.0.257\";\n fix = \"16.0.0.287\";\n}\nelse\n{\n cutoff_version = \"13.0.0.260\";\n fix = \"13.0.0.262\";\n}\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:17:50", "bulletinFamily": "scanner", "description": "The remote host is missing KB3033408. It is, therefore, affected by\na memory leak that can allow bypassing of memory randomization\nmitigations, aiding in further attacks.", "modified": "2019-12-02T00:00:00", "id": "SMB_KB3033408.NASL", "href": "https://www.tenable.com/plugins/nessus/80948", "published": "2015-01-23T00:00:00", "title": "MS KB3033408: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80948);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0310\");\n script_bugtraq_id(72261);\n script_xref(name:\"MSKB\", value:\"3033408\");\n\n script_name(english:\"MS KB3033408: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by an\ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB3033408. It is, therefore, affected by\na memory leak that can allow bypassing of memory randomization\nmitigations, aiding in further attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-02.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3033408/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n # http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cdc6d908\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3033408.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0310\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 16.0.0.287\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 16 ||\n (\n iver[0] == 16 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 287)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 16.0.0.287' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:16:03", "bulletinFamily": "scanner", "description": "Adobe Flash Player was updated to 11.2.202.438 to fix one security\nisssue.\n\nhttp://helpx.adobe.com/security/products/flash-player/apsb15-02.html\n(APSB15-02, CVE-2015-0310)", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2015-49.NASL", "href": "https://www.tenable.com/plugins/nessus/80984", "published": "2015-01-26T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2015:0110-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-49.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80984);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/19 11:02:42\");\n\n script_cve_id(\"CVE-2015-0310\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2015:0110-1)\");\n script_summary(english:\"Check for the openSUSE-2015-49 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to 11.2.202.438 to fix one security\nisssue.\n\nhttp://helpx.adobe.com/security/products/flash-player/apsb15-02.html\n(APSB15-02, CVE-2015-0310)\"\n );\n # http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-01/msg00050.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.438-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.438-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.438-90.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.438-2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.438-2.25.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.438-2.25.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:26:19", "bulletinFamily": "scanner", "description": "According to its version, the installation of Adobe Flash Player\ninstalled on the remote Windows host is equal or prior to 16.0.0.257.\nIt is, therefore, affected by a memory leak that can allow bypassing\nof memory randomization mitigations, aiding in further attacks.", "modified": "2019-12-02T00:00:00", "id": "FLASH_PLAYER_APSB15-02.NASL", "href": "https://www.tenable.com/plugins/nessus/80946", "published": "2015-01-23T00:00:00", "title": "Flash Player <= 16.0.0.257 Information Disclosure (APSB15-02)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80946);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0310\");\n script_bugtraq_id(72261);\n\n script_name(english:\"Flash Player <= 16.0.0.257 Information Disclosure (APSB15-02)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by an\ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe Flash Player\ninstalled on the remote Windows host is equal or prior to 16.0.0.257.\nIt is, therefore, affected by a memory leak that can allow bypassing\nof memory randomization mitigations, aiding in further attacks.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-02.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n # http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cdc6d908\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 16.0.0.287 or later.\n\nAlternatively, Adobe has made version 13.0.0.262 available for those\ninstallations that cannot be upgraded to 16.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0310\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 16.0.0.257\n variant == \"Chrome_Pepper\" &&\n (\n (iver[0] < 16) ||\n (iver[0] == 16 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 257)\n )\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n (\n # < 13\n (\n iver[0] < 13 ||\n # 13.0.0.x <= 13.0.0.260\n (\n iver[0] == 13 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 260\n )\n )\n )\n )\n ) ||\n # 14.0.0.x <= 16.0.0.257\n (\n iver[0] == 14 ||\n (\n iver[0] == 15 ||\n (\n iver[0] == 16 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 257\n )\n )\n )\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"16.0.0.287 / 13.0.0.262\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"16.0.0.287 / 13.0.0.262\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 16.0.0.287 (Chrome PepperFlash)';\n else\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:21:20", "bulletinFamily": "scanner", "description": "Adobe Flash Player was updated to version 11.2.202.438 to fix one\nsecurity issue. (APSB15-02, CVE-2015-0310)\n\nFor more details refer to the vendor advisory at\nhttp://helpx.adobe.com/security/products/flash-player/apsb15-02.html .", "modified": "2019-12-02T00:00:00", "id": "SUSE_11_FLASH-PLAYER-150123.NASL", "href": "https://www.tenable.com/plugins/nessus/80995", "published": "2015-01-26T00:00:00", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 10215)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80995);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/02/04 15:58:13 $\");\n\n script_cve_id(\"CVE-2015-0310\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 10215)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 11.2.202.438 to fix one\nsecurity issue. (APSB15-02, CVE-2015-0310)\n\nFor more details refer to the vendor advisory at\nhttp://helpx.adobe.com/security/products/flash-player/apsb15-02.html .\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=914333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0310.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10215.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.438-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.438-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.438-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.438-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.438-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.438-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:53:51", "bulletinFamily": "scanner", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-02, and APSB15-03, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-0310, CVE-2015-0311,\nCVE-2015-0312)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.440.", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2015-0094.NASL", "href": "https://www.tenable.com/plugins/nessus/81036", "published": "2015-01-28T00:00:00", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:0094)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0094. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81036);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2015-0310\", \"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283);\n script_xref(name:\"RHSA\", value:\"2015:0094\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:0094)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-02, and APSB15-03, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-0310, CVE-2015-0311,\nCVE-2015-0312)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.440.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0310\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0094\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.440-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.440-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T08:16:08", "bulletinFamily": "scanner", "description": "Adobe Flash Player was updated to 11.2.202.440 (bsc#914463) :\n\n - APSA15-01, CVE-2015-0311\n\n - Update of flashplayer (executable binary) for i386 is\n not available. This binary was disabled.\n\n - Security update to 11.2.202.438 (bsc#914333) :\n\n - APSB15-02, CVE-2015-0310\n\n - Security update to 11.2.202.429 (bsc#913057) :\n\n - APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303,\n CVE-2015-0304, CVE-2015-0305, CVE-2015-0306,\n CVE-2015-0307, CVE-2015-0308, CVE-2015-0309.\n\n - Disable flash player on machines without SSE2\n (bnc#856386).\n\n - Remove outdated README and keep only up-to-date\n readme.txt.", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2015-81.NASL", "href": "https://www.tenable.com/plugins/nessus/81098", "published": "2015-01-30T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2015:0174-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-81.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81098);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2015-0301\", \"CVE-2015-0302\", \"CVE-2015-0303\", \"CVE-2015-0304\", \"CVE-2015-0305\", \"CVE-2015-0306\", \"CVE-2015-0307\", \"CVE-2015-0308\", \"CVE-2015-0309\", \"CVE-2015-0310\", \"CVE-2015-0311\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2015:0174-1)\");\n script_summary(english:\"Check for the openSUSE-2015-81 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to 11.2.202.440 (bsc#914463) :\n\n - APSA15-01, CVE-2015-0311\n\n - Update of flashplayer (executable binary) for i386 is\n not available. This binary was disabled.\n\n - Security update to 11.2.202.438 (bsc#914333) :\n\n - APSB15-02, CVE-2015-0310\n\n - Security update to 11.2.202.429 (bsc#913057) :\n\n - APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303,\n CVE-2015-0304, CVE-2015-0305, CVE-2015-0306,\n CVE-2015-0307, CVE-2015-0308, CVE-2015-0309.\n\n - Disable flash player on machines without SSE2\n (bnc#856386).\n\n - Remove outdated README and keep only up-to-date\n readme.txt.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=856386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-01/msg00086.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.440-2.115.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.440-2.115.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.440-2.115.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:33:49", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201502-02\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-12-02T00:00:00", "id": "GENTOO_GLSA-201502-02.NASL", "href": "https://www.tenable.com/plugins/nessus/81225", "published": "2015-02-09T00:00:00", "title": "GLSA-201502-02 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201502-02.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81225);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:57 $\");\n\n script_cve_id(\"CVE-2015-0301\", \"CVE-2015-0302\", \"CVE-2015-0303\", \"CVE-2015-0304\", \"CVE-2015-0305\", \"CVE-2015-0306\", \"CVE-2015-0307\", \"CVE-2015-0308\", \"CVE-2015-0309\", \"CVE-2015-0310\", \"CVE-2015-0311\", \"CVE-2015-0314\", \"CVE-2015-0315\", \"CVE-2015-0316\", \"CVE-2015-0317\", \"CVE-2015-0318\", \"CVE-2015-0319\", \"CVE-2015-0320\", \"CVE-2015-0321\", \"CVE-2015-0322\", \"CVE-2015-0323\", \"CVE-2015-0324\", \"CVE-2015-0325\", \"CVE-2015-0326\", \"CVE-2015-0327\", \"CVE-2015-0328\", \"CVE-2015-0329\", \"CVE-2015-0330\");\n script_xref(name:\"GLSA\", value:\"201502-02\");\n\n script_name(english:\"GLSA-201502-02 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201502-02\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201502-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.442'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player PCRE Regex Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.442\"), vulnerable:make_list(\"lt 11.2.202.442\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:17:43", "bulletinFamily": "unix", "description": "Adobe Flash Player was updated to 11.2.202.438 to fix one security isssue.\n\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\">http://helpx.adobe.com/security/products/flash-player/apsb15-02.html</a>\n (APSB15-02, CVE-2015-0310)\n\n", "modified": "2015-01-23T00:06:03", "published": "2015-01-23T00:06:03", "id": "OPENSUSE-SU-2015:0110-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00019.html", "title": "Security update for flash-player (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:37:04", "bulletinFamily": "unix", "description": "Adobe Flash Player was updated to version 11.2.202.438 to fix one security\n issue. (APSB15-02, CVE-2015-0310)\n\n For more details refer to the vendor advisory at\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\">http://helpx.adobe.com/security/products/flash-player/apsb15-02.html</a>\n <<a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\">http://helpx.adobe.com/security/products/flash-player/apsb15-02.html</a>> .\n\n Security Issues:\n\n * CVE-2015-0310\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0310\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0310</a>>\n\n", "modified": "2015-01-24T01:08:02", "published": "2015-01-24T01:08:02", "id": "SUSE-SU-2015:0135-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00022.html", "title": "Security update for flash-player (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:25", "bulletinFamily": "unix", "description": "Adobe Flash Player was updated to 11.2.202.438 to fix one security isssue.\n\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb15-02.html\">http://helpx.adobe.com/security/products/flash-player/apsb15-02.html</a>\n (APSB15-02, CVE-2015-0310)\n\n", "modified": "2015-01-23T15:04:45", "published": "2015-01-23T15:04:45", "id": "SUSE-SU-2015:0129-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00020.html", "type": "suse", "title": "Security update for flash-player (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:24", "bulletinFamily": "unix", "description": "Adobe Flash Player was updated to 11.2.202.440 (bsc#914463):\n * APSA15-01, CVE-2015-0311\n - Update of flashplayer (executable binary) for i386 is not available.\n This binary was disabled.\n\n - Security update to 11.2.202.438 (bsc#914333):\n * APSB15-02, CVE-2015-0310\n\n - Security update to 11.2.202.429 (bsc#913057):\n * APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304,\n CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308,\n CVE-2015-0309.\n - Disable flash player on machines without SSE2 (bnc#856386).\n - Remove outdated README and keep only up-to-date readme.txt.\n\n", "modified": "2015-01-29T14:04:51", "published": "2015-01-29T14:04:51", "id": "OPENSUSE-SU-2015:0174-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00034.html", "title": "Security update for flash-player (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:34", "bulletinFamily": "info", "description": "[](<https://4.bp.blogspot.com/-vO9W63ptsQ4/VMU-hYP074I/AAAAAAAAhl8/M4u9xsJ6VTg/s1600/adobe-flash-player-update.png>)\n\nReady to patch your Adobe Flash software now. Adobe has patched one after one two **_zero-day vulnerabilities_** in its [Adobe Flash](<https://thehackernews.com/search/label/Adobe%20Flash>) that are being actively exploited by the cyber criminals.\n\n \n\n\n**PATCH FOR FIRST ZERO-DAY**\n\nOn Thursday, the company released an emergency update for one of the critical vulnerabilities in Flash Player. However, the flaw was not the one that security researcher Kafeine reported. Adobe focused on another zero-day, identified as **_CVE-2015-0310_**, that was also exploited by Angler malicious toolkit. \n\n \n\n\n**PATCH FOR SECOND ZERO-DAY **\n\nToday, Adobe released an updated version of its Flash player software that patches a [zero-day vulnerability](<https://thehackernews.com/search/label/Zero-Day%20Vulnerability>), tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week. \n\n \n\n\nThe vulnerability is \"_being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,_\" Adobe said in a security [advisory](<https://helpx.adobe.com/security/products/flash-player/apsa15-01.html>). The company defines **_CVE-2015-0311 _**as \"critical,\" which means that \"_the vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware._\"\n\n \n\n\n**DRIVE-BY-DOWNLOAD ATTACKS**\n\nIn case of a **_\"drive-by-download\" attack_**, an attacker downloads a malicious software to a victim's computer without their knowledge or explicit consent. As a result, the flaw could allow remote attackers to take control of victims\u2019 Macs or PCs.\n\n \n\n\nAccording to the tests carried out by the security researcher, _CVE-2015-0311 _affected all versions of Flash Player included in any version of **_Windows operating system_**, any version of _Internet Explorer (IE)_ and Mozilla Firefox as well. However, the Google Chrome users were safe as the exploit was not triggered on Chrome.\n\n \n\n\n**AFFECTED SOFTWARE VERSIONS **\n\n * Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh\n * Adobe Flash Player 13.0.0.262 and earlier 13.x versions\n * Adobe Flash Player 11.2.202.438 and earlier versions for Linux\n\nDue to the actively exploitation of the zero-day flaw by malicious actors, the company is urging Adobe Flash Player users to update their software as soon as possible.\n\n> Adobe updated its security advisory on Saturday and stated, \"_Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post._\"\n\nDespite number of security problems in its software, Adobe has improved the security of its products in recent year, and we really appreciate for its quick response and management to roll a patch before the company scheduled to deliver it.\n", "modified": "2015-01-25T19:11:50", "published": "2015-01-25T08:11:00", "id": "THN:52D71A1567BF0E67D7740044EBED3202", "href": "https://thehackernews.com/2015/01/adobe-flash-player-update.html", "type": "thn", "title": "Adobe patches 2nd Flash Player Zero-day Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-27T09:17:33", "bulletinFamily": "info", "description": "[](<https://4.bp.blogspot.com/-ZR_eZUqH9J4/VM-zvWG3m1I/AAAAAAAAhsM/VKJKFve5iBw/s1600/adobe-flash-zero-day-vulnerability.png>)\n\nWarning for Adobe users! Another _zero-day vulnerability_ has been discovered in **_[Adobe Flash Player](<https://thehackernews.com/search/label/Adobe%20Flash%20Player>) _**that is actively being exploited by cyber crooks in drive-by download attacks, security researchers warned today. \n\n \n\n\nThis is for the third time in last few weeks when Adobe is dealing with a zero day vulnerability in Flash Player. The Adobe Flash Player Vulnerability identified as **__CVE-2015-0313__**, exists in the latest version of Flash Player, i.e. version 16.0.0.296 and earlier.\n\n \n\n\nIn late January, Adobe released an [updated version of its Flash player](<https://thehackernews.com/2015/01/adobe-flash-player-update.html>) software that patches zero-day vulnerability, tracked as _CVE-2015-0311_, spotted by French security researcher Kafeine. This Adobe Flash Player Vulnerability was also being actively exploited via Malvertisement and drive-by-download attacks.\n\n \n\n\nIn case of a \"drive-by-download\" attack, an attacker downloads a malicious software to a victim's computer without their knowledge or explicit consent. As a result, the flaw could allow remote attackers to take control of victims\u2019 Macs or PCs.\n\n \n\n\nOn January 22, the company released an emergency update for second zero-day flaw, identified as CVE-2015-0310, that was circulating and exploited by Angler malicious toolkit.\n\n \n\n\nIn a [security advisory](<https://helpx.adobe.com/security/products/flash-player/apsa15-02.html>) released Monday, Adobe officials said that they are working on a patch and planning to release it sometime this week. The Adobe Flash Player zero-day vulnerability targets computers running all versions of Internet Explorer and Mozilla Firefox, on Windows 8.1 and earlier. In addition to Windows, the flaw affects Flash on OS X and Linux. \n\n \n\n\nThis newest zero-day vulnerability in Flash reportedly is being used by the Angler kit, as well. If successfully exploited, the vulnerability could cause a crash and potentially allow criminal hackers to take control of the affected system.\n\n \n\n\nCybercriminals are currently using this zero-day flaw in a malvertising campaign on a popular video sharing site Dailymotion, with other websites thought to be affected as the infections were launched via advertising platform and not the website content itself. \n\n \n\n\nVisitors to any of the affected sites would have been redirected to a series of websites and finally landed on a page controlled by attackers, hosting an exploit kit. This exploit kit would attempt to compromise the target system by exploiting the Adobe Flash zero-day flaw.\n\n \n\n\nSecurity firm Trend Micro, who reported the zero-day to Adobe, had been tracking this Flash zero-day vulnerability since January 14 and had been working with Adobe to fix the issue. \n\n> Trend Micro [said](<http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/>) it had \"_seen around 3,294 hits related to the exploit_\". The firm is recommending users \"_consider disabling Flash Player until a fixed version is released_\".\n\n> \"_We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,_\" Adobe said in its own advisory.\n\nAdobe didn\u2019t specify the day on which the patch would be released, but said it would release a fix for this \"critical vulnerability\" this week. Users who are concerned about this security issue can **__temporarily disable Adobe Flash in the browsers__**. \n \n**SECURITY PATCH RELEASES [UPDATE (5/2/2015)]** \nAdobe has released [security updates for Adobe Flash Player](<https://helpx.adobe.com/security/products/flash-player/apsb15-04.html>) for Windows, Macintosh and Linux in order to patch a _zero-day vulnerability_, identified as **_CVE-2015-0313_**, that could potentially allow an attacker to take control of the affected system. \n \nThe company recommends its users to update their software installations to the latest versions: \n\n\n * Users of the Adobe Flash Player desktop versions for Windows and Macintosh should update to Adobe Flash Player 16.0.0.305\n * Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.269\n * Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.442\n * Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.305\n", "modified": "2015-02-05T18:57:31", "published": "2015-02-02T06:29:00", "id": "THN:40B2D007112A9624A902E319B3C1366B", "href": "https://thehackernews.com/2015/02/adobe-flash-zero-day-vulnerability_2.html", "type": "thn", "title": "Another Unpatched Adobe Flash Zero-Day vulnerability Exploited in the Wild", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:57:30", "bulletinFamily": "info", "description": "**UPDATE**\u2013Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit.\n\nThe vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks.\n\n\u201cAdobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform,\u201d Adobe said in its [advisory](<http://helpx.adobe.com/security/products/flash-player/apsb15-02.html>). \n\n\u201cAdobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player. Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild.\u201d\n\nThe patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn\u2019t being used against Chrome or Firefox.\n\nOn Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1. The Flash zero-day exploit is being used to install a version of the Bedep malware, which is used in ad fraud campaigns.\n\n\u201cOne last bad news : Windows 8.1 Internet Explorer 11 fully updated is now owned as well,\u201d Kafeine [said](<https://twitter.com/kafeine/status/558272193797566464>).\n\nAdobe late on Thursday said that it plans to release a patch for the second zero-day flaw in Flash\u2013the one being used by the Angler exploit kit\u2013next week, but did not specify an exact release date. The vulnerability affects the latest versions of Flash.\n\n\u201cA critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,\u201d Adobe said in an advisory.\n\n\u201cWe are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.\u201d\n\nAngler is among the more dangerous exploit kits being used right now and the group behind the kit often has exploits for Flash vulnerabilities within days of a new Adobe patch being published. Adobe officials did not say whether there is an update in the works for the zero-day vulnerability.\n\n_This article was updated on Jan. 22 to include the information about the patch timing for the second Flash flaw._\n", "modified": "2015-01-23T16:53:56", "published": "2015-01-22T11:43:46", "id": "THREATPOST:FE4322E23327181E988F841DEFCCC3C6", "href": "https://threatpost.com/adobe-patches-one-zero-day-in-flash-still-investigating-separate-vulnerability/110586/", "type": "threatpost", "title": "Adobe Patches One Zero Day in Flash, Still Investigating Separate Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and\nAPSB15-03, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-0310, CVE-2015-0311, CVE-2015-0312)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.440.\n", "modified": "2018-06-07T09:04:19", "published": "2015-01-27T05:00:00", "id": "RHSA-2015:0094", "href": "https://access.redhat.com/errata/RHSA-2015:0094", "type": "redhat", "title": "(RHSA-2015:0094) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.442\"", "modified": "2015-02-06T00:00:00", "published": "2015-02-06T00:00:00", "id": "GLSA-201502-02", "href": "https://security.gentoo.org/glsa/201502-02", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
