Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ADOBE_AIR_APSB14-16.NASL
HistoryJun 11, 2014 - 12:00 a.m.

Adobe AIR <= AIR 13.0.0.111 Multiple Vulnerabilities (APSB14-16)

2014-06-1100:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.071 Low

EPSS

Percentile

94.0%

JSON

According to its version, the instance of Adobe AIR on the remote Windows host is equal or prior to 13.0.0.111. It is, therefore, affected by the following vulnerabilities :

  • Multiple, unspecified errors exist that could allow cross-site scripting attacks. (CVE-2014-0531, CVE-2014-0532, CVE-2014-0533)

  • Multiple, unspecified errors exist that could allow unspecified security bypass attacks. (CVE-2014-0534, CVE-2014-0535)

  • An unspecified memory corruption issue exists that could allow arbitrary code execution. (CVE-2014-0536)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(74430);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2014-0531",
    "CVE-2014-0532",
    "CVE-2014-0533",
    "CVE-2014-0534",
    "CVE-2014-0535",
    "CVE-2014-0536"
  );
  script_bugtraq_id(
    67961,
    67962,
    67963,
    67970,
    67973,
    67974
  );

  script_name(english:"Adobe AIR <= AIR 13.0.0.111 Multiple Vulnerabilities (APSB14-16)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a version of Adobe AIR that is
potentially affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version, the instance of Adobe AIR on the remote
Windows host is equal or prior to 13.0.0.111. It is, therefore,
affected by the following vulnerabilities :

  - Multiple, unspecified errors exist that could allow
    cross-site scripting attacks. (CVE-2014-0531,
    CVE-2014-0532, CVE-2014-0533)

  - Multiple, unspecified errors exist that could allow
    unspecified security bypass attacks. (CVE-2014-0534,
    CVE-2014-0535)

  - An unspecified memory corruption issue exists that
    could allow arbitrary code execution. (CVE-2014-0536)");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-16.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe AIR 14.0.0.110 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0536");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("adobe_air_installed.nasl");
  script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("SMB/Adobe_AIR/Version");
path = get_kb_item_or_exit("SMB/Adobe_AIR/Path");

version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI");
if (isnull(version_ui)) version_report = version;
else version_report = version_ui + ' (' + version + ')';

cutoff_version = '13.0.0.111';
fix = '14.0.0.110';
fix_ui = '14.0';

if (ver_compare(ver:version, fix:cutoff_version) <= 0)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version_report +
      '\n  Fixed version     : ' + fix_ui + " (" + fix + ')\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version_report, path);
VendorProductVersionCPE
adobeaircpe:/a:adobe:air

Related

nessus 10
openvas 8
mageia 1
redhat 1
suse 1
gentoo 1
altlinux 2
kaspersky 1
cve 6
prion 6
cvelist 6
ubuntucve 6
nvd 6
hackerone 1
checkpoint_advisories 6
nessus
nessus
Adobe AIR for Mac <= 13.0.0.111 Multiple Vulnerabilities (APSB14-16)
2014-06-11 00:00:00
openSUSE Security Update : flash-player (openSUSE-SU-2014:0798-1)
2014-06-17 00:00:00
Flash Player < 14.0.0.125 / 11.2.202.378 Multiple Vulnerabilities (APSB14-16)
2014-06-17 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities-01 (Jun 2014) - Mac OS X
2014-06-19 00:00:00
Adobe AIR Multiple Vulnerabilities-01 (Jun 2014) - Windows
2014-06-19 00:00:00
Adobe AIR Multiple Vulnerabilities-01 (Jun 2014) - Mac OS X
2014-06-19 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix multiple vulnerabilities
2014-06-14 02:02:33
redhat
redhat
(RHSA-2014:0745) Critical: flash-plugin security update
2014-06-11 00:00:00
suse
suse
Security update for flash-player (important)
2014-06-18 01:04:22
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-06-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt30
2014-06-16 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt30
2014-06-16 00:00:00
kaspersky
kaspersky
KLA10002 Multiple vulnerabilities in Adobe Flash Player
2014-06-10 00:00:00
cve
cve
CVE-2014-0531
2014-06-11 10:57:17
CVE-2014-0532
2014-06-11 10:57:17
CVE-2014-0533
2014-06-11 10:57:17
prion
prion
Cross site scripting
2014-06-11 10:57:00
Cross site scripting
2014-06-11 10:57:00
Cross site scripting
2014-06-11 10:57:00
cvelist
cvelist
CVE-2014-0531
2014-06-11 10:00:00
CVE-2014-0532
2014-06-11 10:00:00
CVE-2014-0533
2014-06-11 10:00:00
ubuntucve
ubuntucve
CVE-2014-0533
2014-06-11 00:00:00
CVE-2014-0532
2014-06-11 00:00:00
CVE-2014-0531
2014-06-11 00:00:00
nvd
nvd
CVE-2014-0531
2014-06-11 10:57:17
CVE-2014-0533
2014-06-11 10:57:17
CVE-2014-0532
2014-06-11 10:57:17
hackerone
hackerone
Internet Bug Bounty: Flash Sandbox Bypass
2014-06-06 18:39:15
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player and AIR Security Bypass (APSB14-16; CVE-2014-0535)
2014-07-16 00:00:00
Adobe Flash Player Security Bypass (APSB14-16: CVE-2014-0534)
2014-07-20 00:00:00
Adobe Flash Player Cross-Site-Scripting (APSB14-16: CVE-2014-0533)
2014-08-28 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.071 Low

EPSS

Percentile

94.0%

JSON
Related for ADOBE_AIR_APSB14-16.NASL
nessus10openvas8mageia1redhat1suse1gentoo1altlinux2kaspersky1cve6prion6cvelist6ubuntucve6nvd6hackerone1checkpoint_advisories6