Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FLASH_PLAYER_11_4_402_287.NASL
HistoryOct 10, 2012 - 12:00 a.m.

Flash Player for Mac <= 10.3.183.23 / 11.4.402.265 Multiple Vulnerabilities (APSB12-22)

2012-10-1000:00:00
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.525 Medium

EPSS

Percentile

97.6%

JSON

According to its version, the instance of Flash Player installed on the remote Mac OS X host is 11.x equal to or earlier than 11.4.402.264, or 10.x equal to or earlier than 10.3.183.23. It is, therefore, potentially affected by multiple vulnerabilities :

  • Several unspecified issues exist that can lead to buffer overflows and arbitrary code execution. (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259, CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5285, CVE-2012-5286, CVE-2012-5287)

  • Several unspecified issues exist that can lead to memory corruption and arbitrary code execution. (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261, CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272)

  • An unspecified issue exists having unspecified impact.
    (CVE-2012-5673)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(62482);
  script_version("1.16");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id(
    "CVE-2012-5248",
    "CVE-2012-5249",
    "CVE-2012-5250",
    "CVE-2012-5251",
    "CVE-2012-5252",
    "CVE-2012-5253",
    "CVE-2012-5254",
    "CVE-2012-5255",
    "CVE-2012-5256",
    "CVE-2012-5257",
    "CVE-2012-5258",
    "CVE-2012-5259",
    "CVE-2012-5260",
    "CVE-2012-5261",
    "CVE-2012-5262",
    "CVE-2012-5263",
    "CVE-2012-5264",
    "CVE-2012-5265",
    "CVE-2012-5266",
    "CVE-2012-5267",
    "CVE-2012-5268",
    "CVE-2012-5269",
    "CVE-2012-5270",
    "CVE-2012-5271",
    "CVE-2012-5272",
    "CVE-2012-5285",
    "CVE-2012-5286",
    "CVE-2012-5287",
    "CVE-2012-5673"
  );
  script_bugtraq_id(
    56198,
    56200,
    56201,
    56202,
    56203,
    56204,
    56205,
    56206,
    56207,
    56208,
    56209,
    56210,
    56211,
    56212,
    56213,
    56214,
    56215,
    56216,
    56217,
    56218,
    56219,
    56220,
    56221,
    56222,
    56224,
    56374,
    56375,
    56376,
    56377
  );

  script_name(english:"Flash Player for Mac <= 10.3.183.23 / 11.4.402.265 Multiple Vulnerabilities (APSB12-22)");
  script_summary(english:"Checks version of Flash Player");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host has a browser plugin that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version, the instance of Flash Player installed on the
remote Mac OS X host is 11.x equal to or earlier than 11.4.402.264, or
10.x equal to or earlier than 10.3.183.23.  It is, therefore,
potentially affected by multiple vulnerabilities :

  - Several unspecified issues exist that can lead to buffer
    overflows and arbitrary code execution. (CVE-2012-5248,
    CVE-2012-5249, CVE-2012-5250, CVE-2012-5251,
    CVE-2012-5253, CVE-2012-5254, CVE-2012-5255,
    CVE-2012-5257, CVE-2012-5259, CVE-2012-5260,
    CVE-2012-5262, CVE-2012-5264, CVE-2012-5265,
    CVE-2012-5266, CVE-2012-5285, CVE-2012-5286,
    CVE-2012-5287)

  - Several unspecified issues exist that can lead to memory
    corruption and arbitrary code execution. (CVE-2012-5252,
    CVE-2012-5256, CVE-2012-5258, CVE-2012-5261,
    CVE-2012-5263, CVE-2012-5267, CVE-2012-5268,
    CVE-2012-5269, CVE-2012-5270, CVE-2012-5271,
    CVE-2012-5272)

  - An unspecified issue exists having unspecified impact.
    (CVE-2012-5673)");
  script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb12-22.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash Player version 10.3.183.29, 11.4.402.287 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5673");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_flash_player_installed.nasl");
  script_require_keys("MacOSX/Flash_Player/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");

# nb: we're checking for versions less than *or equal to* the cutoff!
tenx_cutoff_version = "10.3.183.23";
tenx_fixed_version = "10.3.183.29";
elevenx_cutoff_version = "11.4.402.265";
elevenx_fixed_version = "11.4.402.287";
fixed_version_for_report = NULL;

# 10x
if (ver_compare(ver:version, fix:tenx_cutoff_version, strict:FALSE) <= 0)
  fixed_version_for_report = tenx_fixed_version;

# 11x
if (
  version =~ "^11\." &&
  ver_compare(ver:version, fix:elevenx_cutoff_version, strict:FALSE) <= 0
) fixed_version_for_report = elevenx_fixed_version;

if (!isnull(fixed_version_for_report))
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Installed version : ' + version + 
      '\n  Fixed version     : '+fixed_version_for_report+'\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, "Flash Player for Mac", version);
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

References

Related

openvas 15
nessus 12
redhat 1
suse 4
freebsd 1
gentoo 1
cve 29
prion 29
nvd 29
cvelist 29
ubuntucve 29
checkpoint_advisories 8
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (Oct 2012) - Linux
2012-10-15 00:00:00
Adobe Flash Player Multiple Vulnerabilities - October 12 (Windows)
2012-10-15 00:00:00
Adobe Flash Player Multiple Vulnerabilities (Oct 2012) - Mac OS X
2012-10-15 00:00:00
nessus
nessus
Flash Player <= 10.3.183.23 / 11.4.402.278 Multiple Vulnerabilities (APSB12-22)
2012-10-10 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2012:1346)
2012-10-10 00:00:00
Flash Player <= 11.4.402.278 Multiple Vulnerabilities (APSB12-22)
2011-10-11 00:00:00
redhat
redhat
(RHSA-2012:1346) Critical: flash-plugin security update
2012-10-09 00:00:00
suse
suse
Security update for flash-player (critical)
2012-10-10 21:08:48
Security update for flash-player (critical)
2012-10-13 06:08:49
flash-player: Update to 11.2.202.243 (critical)
2013-02-28 18:29:07
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2012-10-08 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2013-09-14 00:00:00
cve
cve
CVE-2012-5673
2012-11-13 13:39:47
CVE-2012-5263
2012-10-09 11:13:11
CVE-2012-5248
2012-10-09 11:13:10
prion
prion
Buffer overflow
2012-10-09 11:13:00
Code injection
2012-11-13 13:39:00
Buffer overflow
2012-11-13 13:39:00
nvd
nvd
CVE-2012-5248
2012-10-09 11:13:10
CVE-2012-5673
2012-11-13 13:39:47
CVE-2012-5251
2012-10-09 11:13:10
cvelist
cvelist
CVE-2012-5287
2012-11-13 11:00:00
CVE-2012-5673
2012-11-13 11:00:00
CVE-2012-5285
2012-11-13 11:00:00
ubuntucve
ubuntucve
CVE-2012-5248
2012-10-09 00:00:00
CVE-2012-5255
2012-10-09 00:00:00
CVE-2012-5673
2012-11-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player OP_inclocal and OP_declocal Memory Corruption (APSB12-22; CVE-2012-5271)
2012-12-16 00:00:00
Adobe Flash Player Type Confusion Remote Code Execution (APSB12-22; CVE-2012-5270)
2012-12-30 00:00:00
Adobe Flash Player Plugin Use-After-Free Code Execution (APSB12-22; CVE-2012-5272)
2012-12-30 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.525 Medium

EPSS

Percentile

97.6%

JSON
Related for MACOSX_FLASH_PLAYER_11_4_402_287.NASL
openvas15nessus12redhat1suse4freebsd1gentoo1cve29prion29nvd29cvelist29ubuntucve29checkpoint_advisories8