Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FLASH_PLAYER_11_5_502_110.NASL
HistoryNov 07, 2012 - 12:00 a.m.

Flash Player for Mac <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)

2012-11-0700:00:00
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

According to its version, the instance of Flash Player installed on the remote Mac OS X host is 11.x equal to or earlier than 11.4.402.287, or 10.x equal to or earlier than 10.3.183.29. It is, therefore, potentially affected by multiple vulnerabilities :

  • Several unspecified issues exist that can lead to buffer overflows and arbitrary code execution. (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280)

  • An unspecified security bypass issue exists that can lead to arbitrary code execution. (CVE-2012-5278)

  • An unspecified issue exists that can lead to memory corruption and arbitrary code execution. (CVE-2012-5279)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(62838);
  script_version("1.13");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id(
    "CVE-2012-5274",
    "CVE-2012-5275",
    "CVE-2012-5276",
    "CVE-2012-5277",
    "CVE-2012-5278",
    "CVE-2012-5279",
    "CVE-2012-5280"
  );
  script_bugtraq_id(
    56542,
    56543,
    56544,
    56545,
    56546,
    56547,
    56554
  );

  script_name(english:"Flash Player for Mac <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)");
  script_summary(english:"Checks version of Flash Player");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host has a browser plugin that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its version, the instance of Flash Player installed on the
remote Mac OS X host is 11.x equal to or earlier than 11.4.402.287, or
10.x equal to or earlier than 10.3.183.29.  It is, therefore,
potentially affected by multiple vulnerabilities :

  - Several unspecified issues exist that can lead to buffer
    overflows and arbitrary code execution. (CVE-2012-5274,
    CVE-2012-5275, CVE-2012-5276, CVE-2012-5277,
    CVE-2012-5280)

  - An unspecified security bypass issue exists that can
    lead to arbitrary code execution. (CVE-2012-5278)

  - An unspecified issue exists that can lead to memory
    corruption and arbitrary code execution. (CVE-2012-5279)");
  script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb12-24.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash Player version 10.3.183.43 / 11.5.502.110 or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5280");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_flash_player_installed.nasl");
  script_require_keys("MacOSX/Flash_Player/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");


version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");
path = get_kb_item_or_exit("MacOSX/Flash_Player/Path");

# nb: we're checking for versions less than *or equal to* the cutoff!
tenx_cutoff_version = "10.3.183.29";
tenx_fixed_version = "10.3.183.43";
elevenx_cutoff_version = "11.4.402.287";
elevenx_fixed_version = "11.5.502.110";
fixed_version_for_report = NULL;

# 10x
if (ver_compare(ver:version, fix:tenx_cutoff_version, strict:FALSE) <= 0)
  fixed_version_for_report = tenx_fixed_version;

# 11x
if (
  version =~ "^11\." &&
  ver_compare(ver:version, fix:elevenx_cutoff_version, strict:FALSE) <= 0
) fixed_version_for_report = elevenx_fixed_version;

if (!isnull(fixed_version_for_report))
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Path              : ' + path + 
      '\n  Installed version : ' + version + 
      '\n  Fixed version     : '+fixed_version_for_report+'\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

Related

openvas 15
nessus 11
suse 4
freebsd 1
thn 1
redhat 1
prion 7
ubuntucve 7
cve 7
cvelist 7
checkpoint_advisories 1
gentoo 1
openvas
openvas
SuSE Update for flash-player openSUSE-SU-2012:1480-1 (flash-player)
2012-12-13 00:00:00
Adobe Flash Player Multiple Vulnerabilities - November12 (Linux)
2012-11-08 00:00:00
Adobe Flash Player Multiple Vulnerabilities - November12 (Mac OS X)
2012-11-08 00:00:00
nessus
nessus
Adobe AIR for Mac 3.x <= 3.4.0.2710 Multiple Vulnerabilities (APSB12-24)
2012-11-07 00:00:00
Flash Player <= 10.3.183.29 / 11.4.402.287 Multiple Vulnerabilities (APSB12-24)
2012-12-11 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2012:1431)
2012-11-07 00:00:00
suse
suse
flash-player: Update to 11.2.202.251 (important)
2012-11-14 10:08:31
Security update for flash-player (important)
2012-11-15 23:08:42
flash-player: Update to 11.2.202.251 (important)
2013-02-28 18:27:42
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2012-10-08 00:00:00
thn
thn
Patch released for 7 critical Adobe Flash Player Vulnerabilities
2012-11-06 18:32:00
redhat
redhat
(RHSA-2012:1431) Critical: flash-plugin security update
2012-11-07 00:00:00
prion
prion
Buffer overflow
2012-11-07 05:41:00
Buffer overflow
2012-11-07 05:41:00
Buffer overflow
2012-11-07 05:41:00
ubuntucve
ubuntucve
CVE-2012-5276
2012-11-07 00:00:00
CVE-2012-5274
2012-11-07 00:00:00
CVE-2012-5277
2012-11-07 00:00:00
cve
cve
CVE-2012-5276
2012-11-07 05:41:00
CVE-2012-5275
2012-11-07 05:41:00
CVE-2012-5277
2012-11-07 05:41:00
cvelist
cvelist
CVE-2012-5275
2012-11-07 02:00:00
CVE-2012-5274
2012-11-07 02:00:00
CVE-2012-5277
2012-11-07 02:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player and AIR Security Bypass (APSB12-24; CVE-2012-5278)
2012-12-30 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2013-09-14 00:00:00
JSON
Related for MACOSX_FLASH_PLAYER_11_5_502_110.NASL
openvas15nessus11suse4freebsd1thn1redhat1prion7ubuntucve7cve7cvelist7checkpoint_advisories1gentoo1