Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.FLASH_PLAYER_APSB19-26.NASL
HistoryMay 14, 2019 - 12:00 a.m.

Adobe Flash Player <= 32.0.0.171 (APSB19-26)

2019-05-1400:00:00
This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.171. It is therefore affected by an arbitrary code execution vulnerability.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125056);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/30 13:24:47");

  script_cve_id("CVE-2019-7837");

  script_name(english:"Adobe Flash Player <= 32.0.0.171 (APSB19-26)");
  script_summary(english:"Checks the version of the ActiveX control.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a browser plugin installed that is
affected by an arbitrary code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Flash Player installed on the remote Windows
host is equal or prior to version 32.0.0.171. It is therefore 
affected by an arbitrary code execution vulnerability.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb19-26.html");
  # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
  script_set_attribute(attribute:"solution", value:"Upgrade to Adobe Flash Player version 32.0.0.192 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7837");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");


  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");

  script_set_attribute(attribute:"plugin_type",value:"local");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("flash_player_installed.nasl");
  script_require_keys("SMB/Flash_Player/installed");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/Flash_Player/installed");

# Identify vulnerable versions.
info = "";
variants = make_list(
  "Plugin",
  "ActiveX",
  "Chrome",
  "Chrome_Pepper"
);

# we're checking for versions less than *or equal to* the cutoff!
foreach variant (variants)
{
  vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*");
  files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*");

  if (isnull(vers) || isnull(files))
    continue;

  foreach key (keys(vers))
  {
    ver = vers[key];
    if (isnull(ver))
      continue;

    # <= 32.0.0.171
    if (ver_compare(ver:ver,fix:"32.0.0.171",strict:FALSE) <= 0)
    {
      num = key - ("SMB/Flash_Player/"+variant+"/Version/");
      file = files["SMB/Flash_Player/"+variant+"/File/"+num];
      if (variant == "Plugin")
      {
        info += '\n  Product           : Browser Plugin (for Firefox / Netscape / Opera)';
        fix = "32.0.0.192";
      }
      else if (variant == "ActiveX")
      {
        info += '\n  Product           : ActiveX control (for Internet Explorer)';
        fix = "32.0.0.192";
      }
      else if ("Chrome" >< variant)
      {
        info += '\n  Product           : Browser Plugin (for Google Chrome)';
        if (variant == "Chrome")
          fix = "Upgrade to a version of Google Chrome running Flash Player 32.0.0.192";
      }
      info += '\n  Path              : ' + file +
              '\n  Installed version : ' + ver;
      if (variant == "Chrome_Pepper")
        info += '\n  Fixed version     : 32.0.0.192 (Chrome PepperFlash)';
      else if (!isnull(fix))
        info += '\n  Fixed version     : '+fix;
      info += '\n';
    }
  }
}

if (info)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0) security_hole(port:port, extra:info);
  else security_hole(port);
}
else
{
  if (thorough_tests)
    exit(0, 'No vulnerable versions of Adobe Flash Player were found.');
  else
    exit(1, 'Google Chrome\'s built-in Flash Player may not have been detected because the \'Perform thorough tests\' setting was not enabled.');
}
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

Related

nessus 4
openvas 8
cvelist 1
redhatcve 1
mscve 1
prion 1
adobe 1
ubuntucve 1
cve 1
kaspersky 1
zdi 1
checkpoint_advisories 1
redhat 1
freebsd 1
mageia 1
thn 1
threatpost 1
nessus
nessus
RHEL 6 : flash-plugin (RHSA-2019:1234)
2019-05-16 00:00:00
FreeBSD : Flash Player -- arbitrary code execution (a99923a9-768c-11e9-885a-6451062f0f7a)
2019-05-15 00:00:00
KB4497932: Security update for Adobe Flash Player (May 2019)
2019-05-14 00:00:00
openvas
openvas
Adobe Flash Player Within Google Chrome Security Update (APSB19-26) - Mac OS X
2019-05-15 00:00:00
Adobe Flash Player Microsoft Edge and Internet Explorer Security Update (APSB19-26) - Windows
2019-05-15 00:00:00
Adobe Flash Player Within Google Chrome Security Update (APSB19-26) - Linux
2019-05-15 00:00:00
cvelist
cvelist
CVE-2019-7837
2019-05-22 18:08:08
redhatcve
redhatcve
CVE-2019-7837
2019-05-14 19:51:08
mscve
mscve
May 2019 Adobe Flash Security Update
2019-05-14 07:00:00
prion
prion
Double free
2019-05-22 19:29:00
adobe
adobe
APSB19-26 Security updates available for Adobe Flash Player
2019-05-14 00:00:00
ubuntucve
ubuntucve
CVE-2019-7837
2019-05-22 00:00:00
cve
cve
CVE-2019-7837
2019-05-22 19:29:00
kaspersky
kaspersky
KLA11479 ACE vulnerabilities in Adobe Flash Player
2019-05-14 00:00:00
zdi
zdi
Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability
2019-05-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Use After Free (APSB19-26: CVE-2019-7837)
2019-05-14 00:00:00
redhat
redhat
(RHSA-2019:1234) Critical: flash-plugin security update
2019-05-15 17:08:38
freebsd
freebsd
Flash Player -- arbitrary code execution
2019-05-14 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerability
2019-05-18 15:33:10
thn
thn
Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder
2019-05-14 15:44:00
threatpost
threatpost
Adobe Addresses Critical Adobe Flash Player, Acrobat Reader Flaws
2019-05-14 16:18:39
JSON
Related for FLASH_PLAYER_APSB19-26.NASL
nessus4openvas8cvelist1redhatcve1mscve1prion1adobe1ubuntucve1cve1kaspersky1zdi1checkpoint_advisories1redhat1freebsd1mageia1thn1threatpost1