Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2022 Tenable Network Security, Inc.FLASH_PLAYER_APSB11-12.NASL
HistoryMay 18, 2011 - 12:00 a.m.

Flash Player < 10.3.181.14 Multiple Vulnerabilities (APSB11-12)

2011-05-1800:00:00
This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.
www.tenable.com
17
JSON

Several critical vulnerabilities exist in versions of Flash Player earlier than 10.3.181.14 :

  • An unspecified information disclosure vulnerability exists. (CVE-2011-0579)

  • An unspecified integer overflow vulnerability exists.
    (CVE-2011-0618, CVE-2011-0628)

  • Unspecified memory corruption vulnerabilities exist.
    (CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0627)

  • Unspecified boundary-checking errors exist.
    (CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(54299);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2011-0579",
    "CVE-2011-0618",
    "CVE-2011-0619",
    "CVE-2011-0620",
    "CVE-2011-0621",
    "CVE-2011-0622",
    "CVE-2011-0623",
    "CVE-2011-0624",
    "CVE-2011-0625",
    "CVE-2011-0626",
    "CVE-2011-0627",
    "CVE-2011-0628"
  );
  script_bugtraq_id(
    47806,
    47807,
    47808,
    47809,
    47810,
    47811,
    47812,
    47813,
    47814,
    47815,
    47847,
    47961
  );
  script_xref(name:"SECUNIA", value:"44590");

  script_name(english:"Flash Player < 10.3.181.14 Multiple Vulnerabilities (APSB11-12)");

  script_set_attribute(attribute:"synopsis", value:
"A browser plugin is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"Several critical vulnerabilities exist in versions of Flash Player
earlier than 10.3.181.14 :

  - An unspecified information disclosure vulnerability
    exists. (CVE-2011-0579)

  - An unspecified integer overflow vulnerability exists.
    (CVE-2011-0618, CVE-2011-0628)

  - Unspecified memory corruption vulnerabilities exist.
    (CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, 
    CVE-2011-0622, CVE-2011-0627)

  - Unspecified boundary-checking errors exist.
    (CVE-2011-0623, CVE-2011-0624, CVE-2011-0625,
    CVE-2011-0626)");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=902
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8f9d009b");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=903
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?185a7880");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=908
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03a97fa4");
  script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb11-12.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash version 10.3.181.14 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.");

  script_dependencies("flash_player_installed.nasl");
  script_require_keys("SMB/Flash_Player/installed");

  exit(0);
}

include('global_settings.inc');
include('misc_func.inc');

get_kb_item_or_exit('SMB/Flash_Player/installed');

# Identify vulnerable versions.
info = '';

foreach variant (make_list("Plugin", "ActiveX", "Chrome"))
{
  vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*");
  files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*");
  if (!isnull(vers) && !isnull(files))
  {
    foreach key (keys(vers))
    {
      ver = vers[key];

      if (ver)
      {
        iver = split(ver, sep:'.', keep:FALSE);
        for (i=0; i<max_index(iver); i++)
          iver[i] = int(iver[i]);

        if (
          iver[0] < 10 ||
          (
            iver[0] == 10 &&
            (
              iver[1] < 3 ||
              (
                iver[1] == 3 &&
                (
                  iver[2] < 181 ||
                  (iver[2] == 181 && iver[3] < 14)
                )
              )
            )
          )
        )
        {
          num = key - ("SMB/Flash_Player/"+variant+"/Version/");
          file = files["SMB/Flash_Player/"+variant+"/File/"+num];
          if (variant == "Plugin")
          {
            info += '\n  Product: Browser Plugin (for Firefox / Netscape / Opera)';
          }
          else if (variant == "ActiveX")
          {
            info += '\n Product : ActiveX control (for Internet Explorer)';
          }
          else if (variant == "Chrome")
          {
            info += '\n Product : Browser Plugin (for Google Chrome)';
          }
          info += '\n  Path              : ' + file +
                  '\n  Installed version : ' + ver  +
                  '\n  Fixed version     : 10.3.181.14';

          if (variant == "Chrome")
            info += ' (as included with Google Chrome 11.0.696.68)';

          info += '\n';
        }
      }
    }
  } 
}

if (info)
{
  if (report_verbosity > 0)
    security_hole(port:get_kb_item("SMB/transport"), extra:info);
  else
    security_hole(get_kb_item("SMB/transport"));
}
else exit(0, 'The host is not affected.');
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

Related

redhat 1
nessus 10
openvas 10
freebsd 1
seebug 2
suse 1
prion 12
cve 12
ubuntucve 12
checkpoint_advisories 9
symantec 2
thn 1
gentoo 1
threatpost 1
redhat
redhat
(RHSA-2011:0511) Critical: flash-plugin security update
2011-05-13 00:00:00
nessus
nessus
RHEL 5 / 6 : flash-plugin (RHSA-2011:0511)
2011-05-16 00:00:00
Flash Player < 10.3.181.14 Multiple Vulnerabilities (APSB11-12)
2011-05-13 00:00:00
Flash Player for Mac < 10.3.181.14 Remote Code Execution (APSB11-12)
2011-05-16 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (May 2011) - Windows
2011-05-23 00:00:00
Adobe Flash Player Multiple Vulnerabilities May-2011 (Windows)
2011-05-23 00:00:00
Adobe Flash Player Multiple Vulnerabilities (May 2011) - Linux
2011-05-23 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2011-01-20 00:00:00
seebug
seebug
Adobe Flash Player多个缓冲区溢出和内存破坏漏洞
2011-05-13 00:00:00
Adobe Flash Player CVE-2011-0628远程整数溢出漏洞
2011-05-26 00:00:00
suse
suse
remote code execution in flash-player
2011-05-18 11:36:19
prion
prion
Memory corruption
2011-05-13 22:55:00
Memory corruption
2011-05-13 22:55:00
Memory corruption
2011-05-13 22:55:00
cve
cve
CVE-2011-0625
2011-05-13 22:55:00
CVE-2011-0622
2011-05-13 22:55:00
CVE-2011-0620
2011-05-13 22:55:00
ubuntucve
ubuntucve
CVE-2011-0622
2011-05-13 00:00:00
CVE-2011-0621
2011-05-13 00:00:00
CVE-2011-0619
2011-05-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player ActionScript ActionIf Remote Code Execution (APSB11-12; CVE-2011-0623; CVE-2011-0625)
2011-05-17 00:00:00
Adobe Flash Player CFF DefineFont4 Tag Code Execution (APSB11-12; CVE-2011-0619)
2011-05-25 00:00:00
Adobe Flash Player ActionScript ArrayObject Memory Corruption (APSB11-12; CVE-2011-0627)
2011-05-17 00:00:00
symantec
symantec
Adobe Flash Player CVE-2011-0619 Remote Memory Corruption Vulnerability
2011-05-12 00:00:00
Adobe Flash Player ActionScript Virtual Machine CVE-2011-0618 Remote Integer Overflow Vulnerability
2011-05-12 00:00:00
thn
thn
Critical Flash Player Update to fix 11 Security Holes
2011-05-13 17:45:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-10-13 00:00:00
threatpost
threatpost
ExploitHub Offering Bounties – And Residuals – for Exploits
2011-10-05 13:11:31
JSON
Related for FLASH_PLAYER_APSB11-12.NASL
redhat1nessus10openvas10freebsd1seebug2suse1prion12cve12ubuntucve12checkpoint_advisories9symantec2thn1gentoo1threatpost1