Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2022 Tenable Network Security, Inc.FLASH_PLAYER_APSB11-21.NASL
HistoryAug 10, 2011 - 12:00 a.m.

Flash Player <= 10.3.181.36 Multiple Vulnerabilities (APSB11-21)

2011-08-1000:00:00
This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.
www.tenable.com
17
JSON

According to its version, the instance of Flash Player installed on the remote Windows host is 10.3.181.36 or earlier. As such, it is reportedly affected by several critical vulnerabilities :

  • Multiple buffer overflow vulnerabilities could lead to code execution. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, CVE-2011-2415)

  • Multiple memory corruption vulnerabilities could lead to code execution. (CVE-2011-2135, CVE-2011-2140, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425)

  • Multiple integer overflow vulnerabilities could lead to code execution. (CVE-2011-2136, CVE-2011-2138, CVE-2011-2416)

  • A cross-site information disclosure vulnerability exists that could lead to code execution. (CVE-2011-2139)

By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage these vulnerabilities to execute arbitrary code remotely on the system subject to the user’s privileges.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(55803);
  script_version("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2011-2130",
    "CVE-2011-2134",
    "CVE-2011-2135",
    "CVE-2011-2136",
    "CVE-2011-2137",
    "CVE-2011-2138",
    "CVE-2011-2139",
    "CVE-2011-2140",
    "CVE-2011-2414",
    "CVE-2011-2415",
    "CVE-2011-2416",
    "CVE-2011-2417",
    "CVE-2011-2424",
    "CVE-2011-2425"
  );
  script_bugtraq_id(
    49073,
    49074,
    49075,
    49076,
    49077,
    49079,
    49080,
    49081,
    49082,
    49083,
    49084,
    49085,
    49086,
    49186
  );
  script_xref(name:"EDB-ID", value:"18437");
  script_xref(name:"EDB-ID", value:"18479");

  script_name(english:"Flash Player <= 10.3.181.36 Multiple Vulnerabilities (APSB11-21)");

  script_set_attribute(attribute:"synopsis", value:
"A browser plugin is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version, the instance of Flash Player installed on
the remote Windows host is 10.3.181.36 or earlier.  As such, it is
reportedly affected by several critical vulnerabilities :

  - Multiple buffer overflow vulnerabilities could lead to
    code execution. (CVE-2011-2130, CVE-2011-2134, 
    CVE-2011-2137, CVE-2011-2414, CVE-2011-2415)

  - Multiple memory corruption vulnerabilities could lead to
    code execution. (CVE-2011-2135, CVE-2011-2140, 
    CVE-2011-2417, CVE-2011-2424, CVE-2011-2425)

  - Multiple integer overflow vulnerabilities could lead to
    code execution. (CVE-2011-2136, CVE-2011-2138, 
    CVE-2011-2416)

  - A cross-site information disclosure vulnerability 
    exists that could lead to code execution. 
    (CVE-2011-2139)

By tricking a user on the affected system into opening a specially
crafted document with Flash content, an attacker could leverage these
vulnerabilities to execute arbitrary code remotely on the system
subject to the user's privileges.");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=935
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?18dbdb20");
  # https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=936
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0651458a");
  # http://www.abysssec.com/blog/2012/01/31/exploiting-cve-2011-2140-another-flash-player-vulnerability/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?46d1fce8");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-253/");
  script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb11-21.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash version 10.3.183.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/08/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.");

  script_dependencies("flash_player_installed.nasl");
  script_require_keys("SMB/Flash_Player/installed");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/Flash_Player/installed");

# Identify vulnerable versions.
info = "";

foreach variant (make_list("Plugin", "ActiveX", "Chrome"))
{
  vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*");
  files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*");
  if (!isnull(vers) && !isnull(files))
  {
    foreach key (keys(vers))
    {
      ver = vers[key];

      if (ver)
      {
        iver = split(ver, sep:'.', keep:FALSE);
        for (i=0; i<max_index(iver); i++)
          iver[i] = int(iver[i]);

        if (
          iver[0] < 10 ||
          (
            iver[0] == 10 &&
            (
              iver[1] < 3 ||
              (
                iver[1] == 3 &&
                (
                  iver[2] < 181 ||
                  (iver[2] == 181 && iver[3] <= 36)
                )
              )
            )
          )
        )
        {
          num = key - ("SMB/Flash_Player/"+variant+"/Version/");
          file = files["SMB/Flash_Player/"+variant+"/File/"+num];
          if (variant == "Plugin")
          {
            info += '\n  Product: Browser Plugin (for Firefox / Netscape / Opera)';
          }
          else if (variant == "ActiveX")
          {
            info += '\n Product : ActiveX control (for Internet Explorer)';
          }
          else if (variant == "Chrome")
          {
            info += '\n Product : Browser Plugin (for Google Chrome)';
          }
          info += '\n  Path              : ' + file +
                  '\n  Installed version : ' + ver  +
                  '\n  Fixed version     : 10.3.183.5';
          info += '\n';
        }
      }
    }
  }
}

if (info)
{
  if (report_verbosity > 0)
    security_hole(port:get_kb_item("SMB/transport"), extra:info);
  else
    security_hole(get_kb_item("SMB/transport"));
}
else exit(0, 'The host is not affected.');
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

References

Related

openvas 12
nessus 16
suse 3
freebsd 1
redhat 2
securityvulns 6
prion 14
ubuntucve 14
cve 14
seebug 4
gentoo 2
checkpoint_advisories 13
saint 4
zdi 2
packetstorm 2
metasploit 1
ptsecurity 1
exploitpack 1
exploitdb 2
threatpost 1
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities August-2011 (Linux)
2011-08-31 00:00:00
Adobe Air and Flash Player Multiple Vulnerabilities (Aug 2011) - Windows
2011-08-31 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Aug 2011) - Linux
2011-08-31 00:00:00
nessus
nessus
Flash Player for Mac <= 10.3.181.36 Multiple Vulnerabilities (APSB11-21)
2011-08-10 00:00:00
Flash Player < 10.3.183.5 Multiple Vulnerabilities (APSB11-21)
2011-08-10 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2011:1144)
2011-08-11 00:00:00
suse
suse
Security update for flash-player (critical)
2011-08-12 04:08:20
remote code execution in flash-player
2011-08-11 15:39:03
flash-player (critical)
2011-08-12 05:08:25
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2011-05-13 00:00:00
redhat
redhat
(RHSA-2011:1144) Critical: flash-plugin security update
2011-08-10 00:00:00
(RHSA-2011:1434) Critical: acroread security update
2011-11-08 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2011-08-27 00:00:00
iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow
2011-08-12 00:00:00
ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability
2011-08-17 00:00:00
prion
prion
Buffer overflow
2011-08-10 21:55:00
Buffer overflow
2011-08-10 22:55:00
Buffer overflow
2011-08-10 22:55:00
ubuntucve
ubuntucve
CVE-2011-2415
2011-08-10 00:00:00
CVE-2011-2414
2011-08-10 00:00:00
CVE-2011-2134
2011-08-10 00:00:00
cve
cve
CVE-2011-2414
2011-08-10 22:55:00
CVE-2011-2137
2011-08-10 21:55:00
CVE-2011-2415
2011-08-10 22:55:00
seebug
seebug
Adobe Flash Player Integer Overflow
2011-08-12 00:00:00
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2014-07-01 00:00:00
Adobe Flash Player MP4 SequenceParameterSetNALUnit Remote Code Execution Exploit
2012-02-01 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-10-13 00:00:00
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player ActionScript BitmapData Memory Corruption (APSB11-21; CVE-2011-2425)
2011-08-16 00:00:00
Adobe Flash Player Speex Codec Buffer Underflow (ASBP11-26; CVE-2011-2130)
2011-10-04 00:00:00
Adobe Flash Player ActionScript Image Scroll Code Execution (APSB11-21; CVE-2011-2138)
2011-08-16 00:00:00
saint
saint
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
zdi
zdi
Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability
2011-08-12 00:00:00
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
2011-08-23 00:00:00
packetstorm
packetstorm
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-10 00:00:00
Adobe Flash Player Code Execution
2012-01-31 00:00:00
metasploit
metasploit
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-21 01:40:50
ptsecurity
ptsecurity
PT-2011-22: Buffer overflow in Adobe Flash Player
2012-03-28 00:00:00
exploitpack
exploitpack
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
exploitdb
exploitdb
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Buffer Overflow (Metasploit)
2012-02-10 00:00:00
threatpost
threatpost
Sofacy APT28 Gang Using New Backdoors, Zero Days
2015-12-04 07:05:37
JSON
Related for FLASH_PLAYER_APSB11-21.NASL
openvas12nessus16suse3freebsd1redhat2securityvulns6prion14ubuntucve14cve14seebug4gentoo2checkpoint_advisories13saint4zdi2packetstorm2metasploit1ptsecurity1exploitpack1exploitdb2threatpost1