{"id": "FREEBSD_PKG_42926D7B0DA311EB8DBD6451062F0F7A.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Flash Player -- arbitrary code execution (42926d7b-0da3-11eb-8dbd-6451062f0f7a)", "description": "Adobe reports :\n\n- This update resolves a NULL pointer dereference vulnerability that could lead to arbitrary code execution (CVE-2020-9746).", "published": "2020-10-15T00:00:00", "modified": "2020-10-26T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/141465", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb20-58.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9746", "http://www.nessus.org/u?3589b1c2"], "cvelist": ["CVE-2020-9746"], "immutableFields": [], "lastseen": "2021-08-19T12:11:49", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB20-58"]}, {"type": "cve", "idList": ["CVE-2020-9746"]}, {"type": "f5", "idList": ["F5:K85113405"]}, {"type": "freebsd", "idList": ["42926D7B-0DA3-11EB-8DBD-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11970"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-CVE-2020-9746/"]}, {"type": "mscve", "idList": ["MS:ADV200012"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB20-58.NASL", "MACOSX_FLASH_PLAYER_APSB20-58.NASL", "REDHAT-RHSA-2020-4251.NASL", "SMB_NT_MS20_OCT_FLASH.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:801DC63ED24DFFC38FE4775AAD07ADDB"]}, {"type": "redhat", "idList": ["RHSA-2020:4251"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-9746"]}, {"type": "threatpost", "idList": ["THREATPOST:A9A57AE690BD069DB9BBA2CD154B315F", "THREATPOST:D42DD8800FBF76F5AEC0B4FB1AE577EA"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-9746"]}], "rev": 4}, "score": {"value": 7.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB20-58"]}, {"type": "cve", "idList": ["CVE-2020-9746"]}, {"type": "f5", "idList": ["F5:K85113405"]}, {"type": "freebsd", "idList": ["42926D7B-0DA3-11EB-8DBD-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11970"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FREEBSD-CVE-2020-9746/"]}, {"type": "mscve", "idList": ["MS:ADV200012"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2020-4251.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813061"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:801DC63ED24DFFC38FE4775AAD07ADDB"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-9746"]}, {"type": "threatpost", "idList": ["THREATPOST:A9A57AE690BD069DB9BBA2CD154B315F", "THREATPOST:D42DD8800FBF76F5AEC0B4FB1AE577EA"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-9746"]}]}, "exploitation": null, "vulnersScore": 7.3}, "pluginID": "141465", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141465);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/26\");\n\n script_cve_id(\"CVE-2020-9746\");\n script_xref(name:\"IAVA\", value:\"2020-A-0464\");\n\n script_name(english:\"FreeBSD : Flash Player -- arbitrary code execution (42926d7b-0da3-11eb-8dbd-6451062f0f7a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Adobe reports :\n\n- This update resolves a NULL pointer dereference vulnerability that\ncould lead to arbitrary code execution (CVE-2020-9746).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb20-58.html\"\n );\n # https://vuxml.freebsd.org/freebsd/42926d7b-0da3-11eb-8dbd-6451062f0f7a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3589b1c2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplayer<32.0.0.445\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplayer", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-10-13T00:00:00", "vulnerabilityPublicationDate": "2020-10-13T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"metasploit": [{"lastseen": "2021-05-23T10:33:13", "description": "\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "FreeBSD: VID-42926D7B-0DA3-11EB-8DBD-6451062F0F7A (CVE-2020-9746): Flash Player -- arbitrary code execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/FREEBSD-CVE-2020-9746/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2022-02-01T00:00:00", "description": "Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. ([CVE-2020-9746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9746>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-11T14:07:00", "type": "f5", "title": "Adobe Flash Player vulnerability CVE-2020-9746", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2021-01-11T14:07:00", "id": "F5:K85113405", "href": "https://support.f5.com/csp/article/K85113405", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:24:40", "description": "Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an\nexploitable NULL pointer dereference vulnerability that could result in a\ncrash and arbitrary code execution. Exploitation of this issue requires an\nattacker to insert malicious strings in an HTTP response that is by default\ndelivered over TLS/SSL.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-14T00:00:00", "type": "ubuntucve", "title": "CVE-2020-9746", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-14T00:00:00", "id": "UB:CVE-2020-9746", "href": "https://ubuntu.com/security/CVE-2020-9746", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-10-14T00:13:13", "description": "The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4251 advisory.\n\n - flash-plugin: Arbitrary Code Execution vulnerability (APSB20-58) (CVE-2020-9746)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-14T00:00:00", "type": "nessus", "title": "RHEL 6 : flash-plugin (RHSA-2020:4251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9746"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:rhel_eus:6.0", "p-cpe:/a:redhat:enterprise_linux:flash-plugin"], "id": "REDHAT-RHSA-2020-4251.NASL", "href": "https://www.tenable.com/plugins/nessus/141456", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4251. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141456);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2020-9746\");\n script_xref(name:\"RHSA\", value:\"2020:4251\");\n script_xref(name:\"IAVA\", value:\"2020-A-0464\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2020:4251)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:4251 advisory.\n\n - flash-plugin: Arbitrary Code Execution vulnerability (APSB20-58) (CVE-2020-9746)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888018\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected flash-plugin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9746\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(476);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_6_client': [\n 'rhel-6-desktop-debug-rpms',\n 'rhel-6-desktop-fastrack-debug-rpms',\n 'rhel-6-desktop-fastrack-rpms',\n 'rhel-6-desktop-fastrack-source-rpms',\n 'rhel-6-desktop-optional-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-debug-rpms',\n 'rhel-6-desktop-optional-fastrack-rpms',\n 'rhel-6-desktop-optional-fastrack-source-rpms',\n 'rhel-6-desktop-optional-rpms',\n 'rhel-6-desktop-optional-source-rpms',\n 'rhel-6-desktop-rpms',\n 'rhel-6-desktop-source-rpms'\n ],\n 'enterprise_linux_6_computenode': [\n 'rhel-6-for-hpc-node-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-fastrack-rpms',\n 'rhel-6-for-hpc-node-fastrack-source-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-rpms',\n 'rhel-6-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-6-hpc-node-debug-rpms',\n 'rhel-6-hpc-node-optional-debug-rpms',\n 'rhel-6-hpc-node-optional-rpms',\n 'rhel-6-hpc-node-optional-source-rpms',\n 'rhel-6-hpc-node-rpms',\n 'rhel-6-hpc-node-source-rpms',\n 'rhel-hpc-node-6-eus-sfs-debug-rpms',\n 'rhel-hpc-node-6-eus-sfs-source-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-debug-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-rpms',\n 'rhel-scalefs-for-rhel-6-hpc-node-source-rpms'\n ],\n 'enterprise_linux_6_server': [\n 'rhel-6-server-debug-rpms',\n 'rhel-6-server-fastrack-debug-rpms',\n 'rhel-6-server-fastrack-rpms',\n 'rhel-6-server-fastrack-source-rpms',\n 'rhel-6-server-optional-debug-rpms',\n 'rhel-6-server-optional-fastrack-debug-rpms',\n 'rhel-6-server-optional-fastrack-rpms',\n 'rhel-6-server-optional-fastrack-source-rpms',\n 'rhel-6-server-optional-rpms',\n 'rhel-6-server-optional-source-rpms',\n 'rhel-6-server-rpms',\n 'rhel-6-server-source-rpms',\n 'rhel-ha-for-rhel-6-server-debug-rpms',\n 'rhel-ha-for-rhel-6-server-rpms',\n 'rhel-ha-for-rhel-6-server-source-rpms',\n 'rhel-lb-for-rhel-6-server-debug-rpms',\n 'rhel-lb-for-rhel-6-server-rpms',\n 'rhel-lb-for-rhel-6-server-source-rpms',\n 'rhel-rs-for-rhel-6-server-debug-rpms',\n 'rhel-rs-for-rhel-6-server-rpms',\n 'rhel-rs-for-rhel-6-server-source-rpms',\n 'rhel-scalefs-for-rhel-6-server-debug-rpms',\n 'rhel-scalefs-for-rhel-6-server-rpms',\n 'rhel-scalefs-for-rhel-6-server-source-rpms'\n ],\n 'enterprise_linux_6_workstation': [\n 'rhel-6-workstation-debug-rpms',\n 'rhel-6-workstation-fastrack-debug-rpms',\n 'rhel-6-workstation-fastrack-rpms',\n 'rhel-6-workstation-fastrack-source-rpms',\n 'rhel-6-workstation-optional-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-debug-rpms',\n 'rhel-6-workstation-optional-fastrack-rpms',\n 'rhel-6-workstation-optional-fastrack-source-rpms',\n 'rhel-6-workstation-optional-rpms',\n 'rhel-6-workstation-optional-source-rpms',\n 'rhel-6-workstation-rpms',\n 'rhel-6-workstation-source-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-debug-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-rpms',\n 'rhel-scalefs-for-rhel-6-workstation-source-rpms'\n ],\n 'rhel_extras_6': [\n 'rhel-6-desktop-supplementary-debuginfo',\n 'rhel-6-desktop-supplementary-rpms',\n 'rhel-6-desktop-supplementary-source-rpms',\n 'rhel-6-for-hpc-node-supplementary-debuginfo',\n 'rhel-6-for-hpc-node-supplementary-rpms',\n 'rhel-6-for-hpc-node-supplementary-source-rpms',\n 'rhel-6-server-aus-supplementary-debuginfo',\n 'rhel-6-server-aus-supplementary-rpms',\n 'rhel-6-server-aus-supplementary-source-rpms',\n 'rhel-6-server-eus-supplementary-debuginfo',\n 'rhel-6-server-eus-supplementary-rpms',\n 'rhel-6-server-eus-supplementary-source-rpms',\n 'rhel-6-server-supplementary-debuginfo',\n 'rhel-6-server-supplementary-rpms',\n 'rhel-6-server-supplementary-source-rpms',\n 'rhel-6-workstation-supplementary-debuginfo',\n 'rhel-6-workstation-supplementary-rpms',\n 'rhel-6-workstation-supplementary-source-rpms',\n 'rhel-hpc-node-6-eus-supplementary-debug-rpms',\n 'rhel-hpc-node-6-eus-supplementary-rpms',\n 'rhel-hpc-node-6-eus-supplementary-source-rpms'\n ],\n 'rhel_extras_hpn_6': [\n 'rhel-hpn-for-rhel-6-hpc-node-rpms',\n 'rhel-hpn-for-rhel-6-server-rpms'\n ],\n 'rhel_extras_oracle_java_6': [\n 'rhel-6-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-aus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-6-workstation-restricted-maintenance-oracle-java-rpms',\n 'rhel-hpc-node-6-eus-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_sap_6': [\n 'rhel-sap-for-rhel-6-server-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-6-server-eus-rpms',\n 'rhel-sap-for-rhel-6-server-eus-source-rpms',\n 'rhel-sap-for-rhel-6-server-rpms',\n 'rhel-sap-for-rhel-6-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_6': [\n 'rhel-sap-hana-for-rhel-6-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-6-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-6-server-rpms',\n 'rhel-sap-hana-for-rhel-6-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'flash-plugin-32.0.0.445-1.el6_10', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_6_client', 'enterprise_linux_6_computenode', 'enterprise_linux_6_server', 'enterprise_linux_6_workstation', 'rhel_extras_6', 'rhel_extras_hpn_6', 'rhel_extras_oracle_java_6', 'rhel_extras_sap_6', 'rhel_extras_sap_hana_6']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat() + flash_plugin_caveat;\n else extra = rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat;\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'flash-plugin');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T00:53:21", "description": "The remote Windows host is missing security update KB4580325. It is, therefore, affected by a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit this, by inserting malicious strings in an HTTP response that is by default delivered over TLS/SSL.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-16T00:00:00", "type": "nessus", "title": "KB4580325: Security update for Adobe Flash Player (October 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-22T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS20_OCT_FLASH.NASL", "href": "https://www.tenable.com/plugins/nessus/141493", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141493);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/22\");\n\n script_cve_id(\"CVE-2020-9746\");\n script_xref(name:\"MSKB\", value:\"4580325\");\n script_xref(name:\"MSFT\", value:\"MS20-4580325\");\n script_xref(name:\"IAVA\", value:\"2020-A-0464\");\n\n script_name(english:\"KB4580325: Security update for Adobe Flash Player (October 2020)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is affected by an arbitrary code\nexecution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4580325. It is, therefore, affected by a NULL pointer dereference\nflaw. An unauthenticated, remote attacker can exploit this, by inserting malicious strings in an HTTP response that is\nby default delivered over TLS/SSL.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb20-58.html\");\n # https://support.microsoft.com/en-us/help/4580325/security-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?31a777a0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4580325 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9746\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_activex_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-10';\nkbs = make_list('4580325');\nif (get_kb_item('Host/patch_management_checks')) \n hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif ('Windows 8' >< productname && 'Windows 8.1' >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, 'activex_init');\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, 'activex_get_filename', 'NULL');\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:'.');\n\n# all <= 32.0.0.433\nfix = FALSE;\nif(ver_compare(ver:iver, fix:'32.0.0.433', strict:FALSE) <= 0)\n fix = '32.0.0.445';\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report() + report);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-16T14:02:46", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.433.\nIt is therefore affected by a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit this, by inserting malicious strings in an HTTP response, to execute arbitrary code in the context of the current user.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-16T00:00:00", "type": "nessus", "title": "Adobe Flash Player <= 32.0.0.433 (APSB20-58)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9746"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB20-58.NASL", "href": "https://www.tenable.com/plugins/nessus/141494", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141494);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2020-9746\");\n script_xref(name:\"IAVA\", value:\"2020-A-0464\");\n\n script_name(english:\"Adobe Flash Player <= 32.0.0.433 (APSB20-58)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is affected by an arbitrary code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.433.\nIt is therefore affected by a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit this, by\ninserting malicious strings in an HTTP response, to execute arbitrary code in the context of the current user.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb20-58.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 32.0.0.445 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9746\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\nget_kb_item_or_exit('SMB/Flash_Player/installed');\n\n# Identify vulnerable versions.\ninfo = '';\nvariants = make_list(\n 'Plugin',\n 'ActiveX',\n 'Chrome',\n 'Chrome_Pepper'\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list('SMB/Flash_Player/'+variant+'/Version/*');\n files = get_kb_list('SMB/Flash_Player/'+variant+'/File/*');\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <=32.0.0.433\n if (ver_compare(ver:ver,fix:'32.0.0.433',strict:FALSE) <= 0)\n {\n num = key - ('SMB/Flash_Player/'+variant+'/Version/');\n file = files['SMB/Flash_Player/'+variant+'/File/'+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = '32.0.0.445';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = '32.0.0.445';\n }\n else if ('Chrome' >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == 'Chrome')\n fix = 'Upgrade to a version of Google Chrome running Flash Player 32.0.0.445';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 32.0.0.445 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item('SMB/transport');\n if (!port) port = 445;\n\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T00:53:12", "description": "The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 32.0.0.433. It is therefore affected by a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit this, by inserting malicious strings in an HTTP response, to execute arbitrary code in the context of the current user.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-10-16T00:00:00", "type": "nessus", "title": "Adobe Flash Player for Mac <= 32.0.0.433 (APSB20-58)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-22T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB20-58.NASL", "href": "https://www.tenable.com/plugins/nessus/141492", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141492);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/22\");\n\n script_cve_id(\"CVE-2020-9746\");\n script_xref(name:\"IAVA\", value:\"2020-A-0464\");\n\n script_name(english:\"Adobe Flash Player for Mac <= 32.0.0.433 (APSB20-58)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OSX host has a browser plugin installed that is affected by arbitrary code execution\nvulnerability\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version\n32.0.0.433. It is therefore affected by a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit\nthis, by inserting malicious strings in an HTTP response, to execute arbitrary code in the context of the current user.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb20-58.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 32.0.0.445 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9746\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\nversion = get_kb_item_or_exit('MacOSX/Flash_Player/Version');\npath = get_kb_item_or_exit('MacOSX/Flash_Player/Path');\n\ncutoff_version = '32.0.0.433';\nfix = '32.0.0.445';\n# We're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, 'Flash Player for Mac', version, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "NULL Pointer Dereference that leads to arbitrary code execution in the context of the current user. (CVE-2020-9746) \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-16T15:44:59", "type": "mageia", "title": "Updated flash-player-plugin package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-16T15:44:59", "id": "MGASA-2020-0386", "href": "https://advisories.mageia.org/MGASA-2020-0386.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "adobe": [{"lastseen": "2021-09-30T17:39:44", "description": "Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a [critical]() vulnerability in Adobe Flash Player. Successful exploitation could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-13T00:00:00", "type": "adobe", "title": "APSB20-58 Security updates available for Adobe Flash Player", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-13T00:00:00", "id": "APSB20-58", "href": "https://helpx.adobe.com/security/products/flash-player/apsb20-58.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nAdobe reports:\n\n\nThis update resolves a NULL pointer dereference vulnerability\n\t that could lead to arbitrary code execution (CVE-2020-9746).\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-13T00:00:00", "type": "freebsd", "title": "Flash Player -- arbitrary code execution", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-13T00:00:00", "id": "42926D7B-0DA3-11EB-8DBD-6451062F0F7A", "href": "https://vuxml.freebsd.org/freebsd/42926d7b-0da3-11eb-8dbd-6451062f0f7a.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2022-05-21T01:09:14", "description": "Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-13T20:19:20", "type": "redhatcve", "title": "CVE-2020-9746", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2022-05-21T00:26:33", "id": "RH:CVE-2020-9746", "href": "https://access.redhat.com/security/cve/cve-2020-9746", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:00:21", "description": "### *Detect date*:\n10/13/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nA NULL Pointer Dereference vulnerability was found in Adobe Flash Player. Malicious users can exploit this vulnerability to execute arbitrary code.\n\n### *Affected products*:\nAdobe Flash Player earlier than 32.0.0.445\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Flash Player](<https://get.adobe.com/flashplayer/>)\n\n### *Original advisories*:\n[APSB20-58](<https://helpx.adobe.com/security/products/flash-player/apsb20-58.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2020-9746](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9746>)9.3Critical", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-13T00:00:00", "type": "kaspersky", "title": "KLA11970 ACE vulnerability in Adobe Flash Player", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-19T00:00:00", "id": "KLA11970", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11970/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:40:29", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 32.0.0.445.\n\nSecurity Fix(es):\n\n* flash-plugin: Arbitrary Code Execution vulnerability (APSB20-58) (CVE-2020-9746)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-14T09:27:55", "type": "redhat", "title": "(RHSA-2020:4251) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-14T09:38:37", "id": "RHSA-2020:4251", "href": "https://access.redhat.com/errata/RHSA-2020:4251", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2021-12-06T18:25:08", "description": "This security update addresses the following vulnerability, which is described in Adobe Security Bulletin [APSB20-58](<https://helpx.adobe.com/security/products/flash-player/APSB20-58.html>): CVE-2020-9746\n\nPlease note that in the event of any discrepancies. the definitive source of information (for example, vulnerability severity and impact) is the Adobe Flash bulletin as referenced.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-13T07:00:00", "type": "mscve", "title": "October 2020 Adobe Flash Security Update", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2020-10-13T07:00:00", "id": "MS:ADV200012", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200012", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T19:09:29", "description": "Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-14T14:15:00", "type": "cve", "title": "CVE-2020-9746", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-9746"], "modified": "2021-09-08T17:22:00", "cpe": ["cpe:/a:adobe:flash_player:32.0.0.433"], "id": "CVE-2020-9746", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9746", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:32.0.0.433:*:*:*:*:*:*:*"]}], "threatpost": [{"lastseen": "2020-10-15T22:12:04", "description": "Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.\n\nThe vulnerability is [the only flaw released this month](<https://blogs.adobe.com/psirt/?p=1925>) as part of Adobe\u2019s regularly scheduled patches (markedly less than the 18 flaws addressed [during its September regularly scheduled fixes](<https://threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/>)). However, it\u2019s a critical bug ([CVE-2020-9746](<https://nvd.nist.gov/vuln/detail/CVE-2020-9746>)), and if successfully exploited could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user, according to Adobe.\n\n[](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>)\n\nClick to Register!\n\n\u201cAs is typically the case for Flash Player vulnerabilities, web-based exploitation is the primary vector of exploitation but not the only one,\u201d according to Nick Colyer, senior product marketing manager with Automox, in an email. \u201cThese vulnerabilities can also be exploited through an embedded ActiveX control [[a feature in Remote Desktop Protocol](<https://threatpost.com/trickbot-activex-control-dropper/153370/>)] in a Microsoft Office document or any application that uses the Internet Explorer rendering engine.\u201d\n\nThe issue stems from a NULL pointer-dereference error. This type of issue occurs when a program attempts to read or write to memory with a NULL pointer. Running a program that contains a NULL pointer dereference generates an immediate segmentation fault error.\n\nAffected are versions 32.0.0.433 and earlier of Adobe Flash Desktop Runtime (for Windows, macOS and Linux); Adobe Flash Player for Google Chrome (Windows, macOS, Linux and Chrome OS) and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (Windows 10 and 8.1).\n\nA patch is available in version 32.0.0.445 across all affected platforms (see below). Adobe ranks the patch as a \u201cpriority 2,\u201d meaning that it \u201cresolves vulnerabilities in a product that has historically been at elevated risk\u201d \u2013 however, there are currently no known exploits.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2020/10/13130904/adobe-flash-player.png>)\n\nAdobe Flash Player flaw updates\n\nFlash is known to be a favorite target for cyberattacks, particularly for exploit kits, [zero-day attacks](<https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/>) and phishing schemes. Of note, [Adobe announced in July 2017](<https://threatpost.com/patched-flash-player-sandbox-escape-leaked-windows-credentials/127378/>) that it plans to push Flash into an end-of-life state, meaning that it will no longer update or distribute Flash Player at the end of this year. In June, with Flash Player\u2019s Dec. 31 kill date quickly approaching, [Adobe said that it will start prompting users](<https://threatpost.com/adobe-prompts-users-to-uninstall-flash-player-as-eol-date-looms/156794/>) to uninstall the software in the coming months.\n\nFlash Player has previously caused headaches for system admins over the past year, with Adobe warning of critical issues that could allow for arbitrary code execution [in February](<https://threatpost.com/adobe-security-update-critical-flash-framemaker-flaws/152782/>) and [in June.](<https://threatpost.com/adobe-warns-critical-flaws-flash-player-framemaker/156417/>)\n\nAdobe recommends that users update their product installations to the latest versions using the instructions referenced in the bulletin. As a security best practice, remediation of commonly exploitable or recurring threat vectors is always strongly encouraged, Colyer said.\n\n\u201cFor organizations that cannot remove Adobe Flash due to a business-critical function, it is recommended to mitigate the threat potential of these vulnerabilities by preventing Adobe Flash Player from running altogether via the killbit feature, set a Group Policy to turn off instantiation of Flash objects, or limit trust center settings prompting for active scripting elements,\u201d said Colyer.\n\n** [On October 14 at 2 PM ET](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>) Get the latest information on the rising threats to retail e-commerce security and how to stop them. [Register today](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>) for this FREE Threatpost webinar, \u201c[Retail Security: Magecart and the Rise of e-Commerce Threats.](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>)\u201d Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this [LIVE ](<https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&utm_medium=ART&utm_campaign=oct_webinar>)webinar.**\n\nWrite a comment\n\n**Share this article:**\n\n * [Vulnerabilities](<https://threatpost.com/category/vulnerabilities/>)\n * [Web Security](<https://threatpost.com/category/web-security/>)\n", "cvss3": {}, "published": "2020-10-13T17:46:11", "type": "threatpost", "title": "Critical Flash Player Flaw Opens Adobe Users to RCE", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24400", "CVE-2020-24407", "CVE-2020-9746"], "modified": "2020-10-13T17:46:11", "id": "THREATPOST:A9A57AE690BD069DB9BBA2CD154B315F", "href": "https://threatpost.com/flash-player-flaw-adobe-rce/160034/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-10-22T08:10:57", "description": "Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest.\n\nThere are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user. They affect Adobe Illustrator, Adobe Animate, Adobe After Effects, Adobe Photoshop, Adobe Premiere Pro, Adobe Media Encoder, Adobe InDesign and the Adobe Creative Cloud Desktop Application.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nAdobe also patched two important-rated issues, in Dreamweaver and the Marketo Sales Insight Salesforce package.\n\nMany of the issues concern uncontrolled search-path elements, but there are also out-of-bounds problems, memory-corruption issues and a cross-site scripting (XSS) bug.\n\n\u201cArbitrary code execution vulnerabilities are particularly nefarious given that they enable attackers to directly run malicious code on the exploited systems,\u201d Jay Goodman, strategic product marketing manager at Automox, told Threatpost. \u201cCoupled with the fact that these vulnerabilities are in critical technologies like Marketo and most of the Adobe Creative Cloud applications, this could leave sensitive marketing data and creative IP exposed to destruction or IP theft by potential adversaries. Organizations should move to quickly patch these vulnerabilities within the 72-hour window [we recommend] in order to minimize exposure and maintain a high level of cyber-hygiene.\u201d\n\n## **Critical Patches**\n\nIllustrator [contains seven bugs](<https://helpx.adobe.com/security/products/illustrator/apsb20-53.html>) affecting Illustrator 2020 for Windows, 24.2 and earlier versions.\n\nTwo of the issues are out-of-bounds read flaws, (CVE-2020-24409, CVE-2020-24410); one is an out-of-bounds write bug (CVE-2020-24411). Tran Van Khang working with Trend Micro Zero Day Initiative is credited for the discoveries.\n\n\u201cAll of these vulnerabilities occur within the processing of PDF files by Illustrator,\u201d Dustin Childs, communications manager for Trend Micro\u2019s Zero Day Initiative, told Threatpost. \u201cIn all three cases, an attacker can leverage the vulnerabilities to execute code in the context of the current process.\u201d\n\nFor the out-of-bounds read bugs, \u201cIllustrator does not properly validate user-supplied data, which can result in a read past the end of an allocated structure,\u201d he explained.\n\nMeanwhile, the out-of-bounds write bug \u201coccurs because Illustrator does not properly validate user-supplied data, which can result in a write past the end of an allocated structure,\u201d Childs said.\n\nMeanwhile, the other four Illustrator bugs are due to memory corruption (CVE-2020-24412, CVE-2020-24413,CVE-2020-24414, CVE-2020-24415), and Honggang Ren of Fortinet\u2019s FortiGuard Labs was given the hat-tip for these.\n\nRen is also credited with finding an out-of-bounds read problem (CVE-2020-24418) in After Effects for Windows (17.1.1 and earlier versions).\n\nMeanwhile, Animate for Windows (20.5 and earlier versions) contains a double-free bug (CVE-2020-9747); a stack-based buffer overflow issue (CVE-2020-9748); and two out-of-bounds reads (CVE-2020-9749 and CVE-2020-9750).\n\nKexu Wang of Fortinet\u2019s FortiGuard Labs is credited with finding the issues. Wang is also credited with finding a memory-corruption bug (CVE-2020-24421) afflicting InDesign for Windows (15.1.2 and earlier versions).\n\nMeanwhile, Hou JingYi of Qihoo 360 CERT found four critical uncontrolled search-path element bugs, including in:\n\n * After Effects (CVE-2020-24419)\n * Windows versions of Photoshop CC 2019, 20.0.10 and earlier versions; and Photoshop 2020, 21.2.2 and earlier versions (both tracked as CVE-2020-24420)\n * Premiere Pro for Windows, 14.4 and earlier versions (CVE-2020-24424)\n * and Media Encoder for Windows, 14.4 and earlier versions (CVE-2020-24423)\n\nUsers can update their software installations via the Creative Cloud desktop app updater, or by navigating to the application\u2019s Help menu and clicking \u201cUpdates.\u201d\n\nSpeaking of Creative Cloud, the Creative Cloud Desktop Application Installer for Windows (5.2 and earlier versions for the older product and 2.1 and earlier versions for the new installer) also has an uncontrolled search-path element bug (CVE-2020-24422) \u2013 this one uncovered by Dhiraj Mishra.\n\n## **Other Bugs**\n\nAdobe Dreamweaver 20.2 and earlier versions for Windows and macOS contains an uncontrolled search-path element bug that could allow privilege escalation (CVE-2020-24425). The flaw also affects libCURL dependencies in Dreamweaver 20.1 and earlier.\n\nXavier DANEST from Decathlon was credited with the discovery.\n\nAnd, the Marketo Sales Insight Salesforce package, 1.4355 and earlier versions, has an XSS bug that allows JavaScript execution in the browser (CVE-2020-24416). It was discovered by Aditya Sharma and Shivam Kamboj Dattana of Root Fix.\n\nThe out-of-band patches follow the disclosure of just one vulnerability[ in October](<https://threatpost.com/flash-player-flaw-adobe-rce/160034/>) as part of Adobe\u2019s regularly scheduled patches (markedly less than the 18 flaws addressed [during its September regular update](<https://threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/>)).\n\nThat was a critical bug in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems ([CVE-2020-9746](<https://nvd.nist.gov/vuln/detail/CVE-2020-9746>)). If successfully exploited, it could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user, according to Adobe.\n\nAlso this month, Adobe announced [two critical flaws](<https://threatpost.com/critical-magento-holes-online-shops-code-execution/160181/>) (CVE-2020-24407 and CVE-2020-24400) in Magento \u2013 Adobe\u2019s e-commerce platform that is commonly targeted by attackers like the [Magecart threat group](<https://threatpost.com/magecart-blue-bear-attack/151585/>). They could allow arbitrary code execution as well as read or write access to the database.\n", "cvss3": {}, "published": "2020-10-20T18:31:55", "type": "threatpost", "title": "Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24400", "CVE-2020-24407", "CVE-2020-24409", "CVE-2020-24410", "CVE-2020-24411", "CVE-2020-24412", "CVE-2020-24413", "CVE-2020-24414", "CVE-2020-24415", "CVE-2020-24416", "CVE-2020-24418", "CVE-2020-24419", "CVE-2020-24420", "CVE-2020-24421", "CVE-2020-24422", "CVE-2020-24423", "CVE-2020-24424", "CVE-2020-24425", "CVE-2020-9746", "CVE-2020-9747", "CVE-2020-9748", "CVE-2020-9749", "CVE-2020-9750"], "modified": "2020-10-20T18:31:55", "id": "THREATPOST:D42DD8800FBF76F5AEC0B4FB1AE577EA", "href": "https://threatpost.com/adobe-critical-code-execution-bugs/160369/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2020-10-21T08:41:22", "description": "\n\nMicrosoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time. To further add to this oddity, there are no Browser-based vulnerabilities to mention and the arrival of a new Adobe Flash vulnerability [CVE-2020-9746](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200012>). Despite this month's lower numbers, there are some precautions we should all take to remediate our environments quickly and effectively.\n\n## Starting with Microsoft Windows\n\nAs usual, whenever possible, it's better to prioritize updates against the Windows operating system. Coming in at 53 of the 87 vulnerabilities, patching the OS knocks out 60% of the vulnerabilities listed along with over half of the critical remote code execution vulnerabilities resolved today.\n\n### [Microsoft CVE-2020-16898: Microsoft TCP/IP Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898>)\n\nWith a CVSS score of 9.8 and marked as \"Exploitation More Likely\", this vulnerability grants the ability to execute code on target Windows 10 (version 1709+), Windows Server 2019, and Windows Server version 1903+ systems due to improper handling of ICMPv6 Router Advertisement packets.\n\nLuckily, if immediate patching isn't viable due to reboot scheduling, [Microsoft provides PowerShell-based commands](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898#ID0EUGAC>) to disable ICMPv6 RDNSS on affected operating systems. The PowerShell command `netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable` does not require a reboot to take effect.\n\n### [Microsoft CVE-2020-16896: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16896>)\n\nRDP has been a [focal point for some of recent attacks](<https://blog.rapid7.com/2020/10/09/psa-increase-in-rdp-attacks-means-its-time-to-mind-your-rdps-and-qs/>) (e.g. BlueKeep), so whenever Microsoft provides another fix within that realm, it's prudent to make note of some specifics. CVE-2020-16896 is an information disclosure vulnerability where, when successfully exploited, allows unauthorized read access to the Windows RDP server process.\n\nThis RDP vulnerability, like previous ones of late, affects all supported Windows operating systems, and can continue to be mitigated by practices such as enabling Network Level Authentication (NLA) or by blocking TCP port 3389 at the enterprise perimeter firewall.\n\n### [Microsoft CVE-2020-16911: GDI+ Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16911>)\n\nCritical remote code execution vulnerability CVE-2020-16911 leverages how the Windows Graphics Device Interface (GDI) handles objects in memory. A successful exploitation allows the attacker to install programs and/or create new accounts under the same user rights as the user who triggered this vulnerability.\n\nA mitigating factor here is that users with fewer privileges on the system could be less impacted, but still emphasizes the importance of good security hygiene as exploitation requires convincing a user to open a specially-crafted file or to view attacker-controlled content.\n\nUnlike CVE-2020-16898, however, this vulnerability affects all supported versions of Windows OS, which may suggest affecting unsupported/earlier versions of Windows as well.\n\n### \n\n## Moving on to Microsoft SharePoint\n\nContinuing last month's trend, there are more SharePoint-related vulnerabilities being addressed this month (10 of them) than past months. If relevant in your environment, the respective KBs for your version of SharePoint should be the next batch of patches to prioritize. Below are some highlights of the higher CVSS-scored ones.\n\n### Microsoft SharePoint Remote Code Execution Vulnerabilities ([CVE-2020-16951](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951>), [CVE-2020-16952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952>))\n\nWith Proof-of-Concept exploits starting to flow out in the wild, bringing a closure to this pair of critical remote code execution vulnerabilities is a must.\n\nCVE-2020-16951 and CVE-2020-16952 are remote code execution vulnerabilities that exploit a gap in checking the source markup of an application package. Upon successful exploitation, the attacker could run arbitrary code in the context of the SharePoint application pool or server farm account.\n\nFor more in-depth attacker perspective, visit [AttackerKB's take on CVE-2020-16952.](<https://attackerkb.com/topics/4yGC4tLK2x/cve-2020-16952#rapid7-analysis>)\n\n### Microsoft SharePoint Reflective XSS Vulnerabilities ([CVE-2020-16944](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16944>), [CVE-2020-16945](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16945>), [CVE-2020-16946](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16946>))\n\nThe last set of notable SharePoint vulnerabilities this month are three CVSS 8.7 spoofing vulnerabilities. Requiring a user to click a specially-crafted URL within targeted SharePoint Web App site, a successful exploitation from those means allows the attacker to perform cross-site scripting attacks and/or run scripts in the security context of the user.\n\n## Closing October's Update Tuesday journey with Microsoft Office\n\nWhile we always expect Office-based vulnerabilities every month, two vulnerabilities particularly stood out. In both cases, the Preview Pane is considered an attack vector, which lowers the barriers to entry a bit.\n\n### [Microsoft CVE-2020-16947: Outlook Remote Code Execution Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16947>)\n\nA critical remote code execution vulnerability for Outlook 2016, Office 2019 and Microsoft 365 apps only, CVE-2020-16947 has the potential to allow an attacker to run arbitrary code in the context of the user. The attacker could then install programs or create new accounts with full user rights.\n\nWhile the details behind this vulnerability feels standard from Microsoft's description, it actively acknowledges that the Preview Pane is an attack vector, and that in itself, attracts some attention.\n\n### [Microsoft CVE-2020-16949: Outlook Denial of Service Vulnerability](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949>)\n\nCVE-2020-16949 is an Outlook vulnerability that affects more versions than the list around CVE-2020-14947 including Outlook 2010 and Outlook 2013. This vulnerability, however, reads differently in that this denial of service vulnerability only requires that a specially-crafted email be sent. When paired with the fact that this vulnerability is marked with the Preview Pane as an attack vector, just like CVE-2020-16947, suggests giving Outlook its fair share of attention this month.\n\n\n\n________Note: Graph data is reflective of data presented by Microsoft's CVRF at the time of writing.________", "cvss3": {}, "published": "2020-10-13T23:25:39", "type": "rapid7blog", "title": "Patch Tuesday - October 2020", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-14947", "CVE-2020-16896", "CVE-2020-16898", "CVE-2020-16911", "CVE-2020-16944", "CVE-2020-16945", "CVE-2020-16946", "CVE-2020-16947", "CVE-2020-16949", "CVE-2020-16951", "CVE-2020-16952", "CVE-2020-9746"], "modified": "2020-10-13T23:25:39", "id": "RAPID7BLOG:801DC63ED24DFFC38FE4775AAD07ADDB", "href": "https://blog.rapid7.com/2020/10/13/patch-tuesday-october-2020/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}