Lucene search
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.FLASH_PLAYER_APSB14-08.NASLHistoryMar 11, 2014 - 12:00 a.m.
Flash Player <= 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-08)
2014-03-1100:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
78.3%
According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.269 / 11.8.x / 11.9.x / 12.0.0.70. It is, therefore, potentially affected multiple vulnerabilities :
-
A vulnerability exists that could be used to bypass the same origin policy. (CVE-2014-0503)
-
A vulnerability exists that could be used to read the contents of the clipboard. (CVE-2014-0504)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(72937);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2014-0503", "CVE-2014-0504");
script_bugtraq_id(66122, 66127);
script_name(english:"Flash Player <= 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-08)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a browser plugin that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its version, the instance of Flash Player installed on
the remote Windows host is equal or prior to 11.7.700.269 / 11.8.x /
11.9.x / 12.0.0.70. It is, therefore, potentially affected multiple
vulnerabilities :
- A vulnerability exists that could be used to bypass the
same origin policy. (CVE-2014-0503)
- A vulnerability exists that could be used to read the
contents of the clipboard. (CVE-2014-0504)");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-08.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash Player version 11.7.700.272 / 12.0.0.77 or
later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0503");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/11");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("flash_player_installed.nasl");
script_require_keys("SMB/Flash_Player/installed");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/Flash_Player/installed");
# Identify vulnerable versions.
info = "";
# we're checking for versions less than *or equal to* the cutoff!
foreach variant (make_list("Plugin", "ActiveX", "Chrome", "Chrome_Pepper"))
{
vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*");
files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*");
if (!isnull(vers) && !isnull(files))
{
foreach key (keys(vers))
{
ver = vers[key];
if (ver)
{
iver = split(ver, sep:'.', keep:FALSE);
for (i=0; i<max_index(iver); i++)
iver[i] = int(iver[i]);
if (
(
# Chrome Flash <= 12.0.0.70
variant == "Chrome_Pepper" &&
(iver[0] == 12 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 70)
) ||
(variant != "Chrome_Pepper" &&
(
# < 11
iver[0] < 11 ||
# 11.x <= 11.7.700.269
(
iver[0] == 11 &&
(
iver[1] < 7 ||
(
iver[1] == 7 &&
(
iver[2] < 700 ||
(iver[2] == 700 && iver[3] <= 269)
)
)
)
) ||
# 11.8.x
(iver[0] == 11 && iver[1] == 8) ||
# 11.9.x
(iver[0] == 11 && iver[1] == 9) ||
# 12.0.0.x <= 12.0.0.70
(
iver[0] == 12 &&
(
iver[1] == 0 &&
(
iver[2] == 0 &&
(
iver[3] <= 70
)
)
)
)
)
)
)
{
num = key - ("SMB/Flash_Player/"+variant+"/Version/");
file = files["SMB/Flash_Player/"+variant+"/File/"+num];
if (variant == "Plugin")
{
info += '\n Product: Browser Plugin (for Firefox / Netscape / Opera)';
}
else if (variant == "ActiveX")
{
info += '\n Product : ActiveX control (for Internet Explorer)';
}
else if ("Chrome" >< variant)
{
info += '\n Product : Browser Plugin (for Google Chrome)';
}
info += '\n Path : ' + file +
'\n Installed version : ' + ver;
if (variant == "Chrome_Pepper")
info += '\n Fixed version : 12.0.0.77 (Chrome PepperFlash)';
else
{
if (ver =~ "^11\.7")
fix = "11.7.700.272";
else
fix = "12.0.0.77";
info += '\n Fixed version : '+fix;
}
info += '\n';
}
}
}
}
}
if (info)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
if (report_verbosity > 0) security_warning(port:port, extra:info);
else security_warning(port);
}
else
{
if (thorough_tests)
exit(0, 'No vulnerable versions of Adobe Flash Player were found.');
else
exit(1, 'Google Chrome\'s built-in Flash Player may not have been detected because the \'Perform thorough tests\' setting was not enabled.');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| adobe | flash_player | cpe:/a:adobe:flash_player |
Related
nessus
nessus
SuSE 11.3 Security Update : flash-player (SAT Patch Number 9012)
2014-03-18 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2014:0289)
2014-03-13 00:00:00
openvas
openvas
SUSE: Security Advisory for flash-player (SUSE-SU-2014:0387-1)
2015-10-16 00:00:00
Mageia: Security Advisory (MGASA-2014-0128)
2022-01-28 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2014-03-12 20:22:25
suse
suse
Security update for flash-player (important)
2014-03-18 00:04:14
flash-player to 11.2.202.346 (important)
2014-03-15 10:04:12
flash-player to 11.2.202.346 (important)
2014-03-14 21:04:13
redhat
redhat
(RHSA-2014:0289) Moderate: flash-plugin security update
2014-03-12 00:00:00
thn
thn
Adobe releases important Security Updates for Flash Player
2014-03-11 05:45:00
altlinux
altlinux
prion
prion
Code injection
2014-03-12 05:15:00
Design/Logic Flaw
2014-03-12 05:15:00
nvd
nvd
CVE-2014-0503
2014-03-12 05:15:20
CVE-2014-0504
2014-03-12 05:15:20
cvelist
cvelist
CVE-2014-0503
2014-03-12 01:00:00
CVE-2014-0504
2014-03-12 01:00:00
ubuntucve
ubuntucve
CVE-2014-0504
2014-03-12 00:00:00
CVE-2014-0503
2014-03-12 00:00:00
cve
cve
CVE-2014-0504
2014-03-12 05:15:20
CVE-2014-0503
2014-03-12 05:15:20
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Information Disclosure (APSB14-08: CVE-2014-0504)
2014-03-13 00:00:00
Adobe Flash Player Same Origin Security Bypass (APSB14-08; CVE-2014-0503)
2014-03-13 00:00:00
hackerone
hackerone
Internet Bug Bounty: Same Origin Security Bypass Vulnerability
2014-03-11 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-05-03 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2014-05-04 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.006 Low
EPSS
Percentile
78.3%
Related for FLASH_PLAYER_APSB14-08.NASL