Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.MACOSX_FLASH_PLAYER_10_3_183_5.NASL
HistoryAug 10, 2011 - 12:00 a.m.

Flash Player for Mac <= 10.3.181.36 Multiple Vulnerabilities (APSB11-21)

2011-08-1000:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
13
JSON

According to its version, the instance of Flash Player installed on the remote Mac OS X host is 10.3.181.36 or earlier. As such, it is reportedly affected by several critical vulnerabilities :

  • Multiple buffer overflow vulnerabilities could lead to code execution. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, CVE-2011-2415)

  • Multiple memory corruption vulnerabilities could lead to code execution. (CVE-2011-2135, CVE-2011-2140, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425)

  • Multiple integer overflow vulnerabilities could lead to code execution. (CVE-2011-2136, CVE-2011-2138, CVE-2011-2416)

  • A cross-site information disclosure vulnerability exists that could lead to code execution. (CVE-2011-2139)

By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage these vulnerabilities to execute arbitrary code remotely on the system subject to the user’s privileges.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(55804);
  script_version("1.15");
  script_cvs_date("Date: 2018/07/14  1:59:35");

  script_cve_id(
    "CVE-2011-2130",
    "CVE-2011-2134",
    "CVE-2011-2135",
    "CVE-2011-2136",
    "CVE-2011-2137",
    "CVE-2011-2138",
    "CVE-2011-2139",
    "CVE-2011-2140",
    "CVE-2011-2414",
    "CVE-2011-2415",
    "CVE-2011-2416",
    "CVE-2011-2417",
    "CVE-2011-2424",
    "CVE-2011-2425"
  );
  script_bugtraq_id(
    49073,
    49074,
    49075,
    49076,
    49077,
    49079,
    49080,
    49081,
    49082,
    49083,
    49084,
    49085,
    49086,
    49186
  );

  script_name(english:"Flash Player for Mac <= 10.3.181.36 Multiple Vulnerabilities (APSB11-21)");
  script_summary(english:"Checks version of Flash Player from Info.plist");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote Mac OS X host has a browser plugin that is affected by
multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"According to its version, the instance of Flash Player installed on
the remote Mac OS X host is 10.3.181.36 or earlier.  As such, it is
reportedly affected by several critical vulnerabilities :

  - Multiple buffer overflow vulnerabilities could lead to
    code execution. (CVE-2011-2130, CVE-2011-2134, 
    CVE-2011-2137, CVE-2011-2414, CVE-2011-2415)

  - Multiple memory corruption vulnerabilities could lead to
    code execution. (CVE-2011-2135, CVE-2011-2140, 
    CVE-2011-2417, CVE-2011-2424, CVE-2011-2425)

  - Multiple integer overflow vulnerabilities could lead to
    code execution. (CVE-2011-2136, CVE-2011-2138, 
    CVE-2011-2416)

  - A cross-site information disclosure vulnerability 
    exists that could lead to code execution. 
    (CVE-2011-2139)

By tricking a user on the affected system into opening a specially
crafted document with Flash content, an attacker could leverage these
vulnerabilities to execute arbitrary code remotely on the system
subject to the user's privileges."
  );
  script_set_attribute(
    attribute:"see_also", 
    value:"http://www.adobe.com/support/security/bulletins/apsb11-21.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade to Adobe Flash for Mac version 10.3.183.5 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/08/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("macosx_flash_player_installed.nasl");
  script_require_keys("MacOSX/Flash_Player/Version");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");

# nb: we're checking for versions less than *or equal to* the cutoff!
cutoff_version = "10.3.181.36";
fixed_version = "10.3.183.5";

if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Installed version : ' + version + 
      '\n  Fixed version     : '+fixed_version+'\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  exit(0);
}
else exit(0, "Flash Player for Mac "+version+" is installed and thus not affected.");
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

Related

openvas 12
nessus 16
redhat 2
securityvulns 6
suse 3
freebsd 1
prion 14
cve 14
ubuntucve 14
seebug 4
gentoo 2
checkpoint_advisories 13
saint 4
zdi 2
packetstorm 2
metasploit 1
ptsecurity 1
exploitpack 1
exploitdb 2
threatpost 1
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities August-2011 (Linux)
2011-08-31 00:00:00
Adobe Air and Flash Player Multiple Vulnerabilities (Aug 2011) - Windows
2011-08-31 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Aug 2011) - Linux
2011-08-31 00:00:00
nessus
nessus
RHEL 5 / 6 : flash-plugin (RHSA-2011:1144)
2011-08-11 00:00:00
Flash Player <= 10.3.181.36 Multiple Vulnerabilities (APSB11-21)
2011-08-10 00:00:00
openSUSE Security Update : flash-player (openSUSE-SU-2011:0897-1)
2014-06-13 00:00:00
redhat
redhat
(RHSA-2011:1144) Critical: flash-plugin security update
2011-08-10 00:00:00
(RHSA-2011:1434) Critical: acroread security update
2011-11-08 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2011-08-27 00:00:00
iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow
2011-08-12 00:00:00
ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability
2011-08-17 00:00:00
suse
suse
remote code execution in flash-player
2011-08-11 15:39:03
flash-player (critical)
2011-08-12 05:08:25
Security update for flash-player (critical)
2011-08-12 04:08:20
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2011-05-13 00:00:00
prion
prion
Buffer overflow
2011-08-10 22:55:00
Buffer overflow
2011-08-10 22:55:00
Buffer overflow
2011-08-10 21:55:00
cve
cve
CVE-2011-2415
2011-08-10 22:55:00
CVE-2011-2137
2011-08-10 21:55:00
CVE-2011-2130
2011-08-10 21:55:00
ubuntucve
ubuntucve
CVE-2011-2130
2011-08-10 00:00:00
CVE-2011-2134
2011-08-10 00:00:00
CVE-2011-2137
2011-08-10 00:00:00
seebug
seebug
Adobe Flash Player Integer Overflow
2011-08-12 00:00:00
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2014-07-01 00:00:00
Adobe Flash Player MP4 SequenceParameterSetNALUnit Remote Code Execution Exploit
2012-02-01 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-10-13 00:00:00
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player ActionScript BitmapData Memory Corruption (APSB11-21; CVE-2011-2425)
2011-08-16 00:00:00
Adobe Flash Player ActionScript LoadClip Cross Site Scripting (APSB11-21; CVE-2011-2139)
2011-08-16 00:00:00
Adobe Flash Player External MP4 Buffer Overflow (APSB11-21; CVE-2011-2140)
2011-08-16 00:00:00
saint
saint
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
Adobe Flash Player MP4 Sequence Parameter Set Processing
2012-02-09 00:00:00
zdi
zdi
Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability
2011-08-12 00:00:00
Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
2011-08-23 00:00:00
packetstorm
packetstorm
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-10 00:00:00
Adobe Flash Player Code Execution
2012-01-31 00:00:00
metasploit
metasploit
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
2012-02-21 01:40:50
ptsecurity
ptsecurity
PT-2011-22: Buffer overflow in Adobe Flash Player
2012-03-28 00:00:00
exploitpack
exploitpack
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
exploitdb
exploitdb
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Remote Code Execution
2012-01-31 00:00:00
Adobe Flash Player - MP4 SequenceParameterSetNALUnit Buffer Overflow (Metasploit)
2012-02-10 00:00:00
threatpost
threatpost
Sofacy APT28 Gang Using New Backdoors, Zero Days
2015-12-04 07:05:37
JSON
Related for MACOSX_FLASH_PLAYER_10_3_183_5.NASL
openvas12nessus16redhat2securityvulns6suse3freebsd1prion14cve14ubuntucve14seebug4gentoo2checkpoint_advisories13saint4zdi2packetstorm2metasploit1ptsecurity1exploitpack1exploitdb2threatpost1