Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FLASH_PLAYER_12_0_0_44.NASL
HistoryFeb 04, 2014 - 12:00 a.m.

Flash Player for Mac <= 11.7.700.260 / 12.0.0.43 Unspecified Remote Code Execution (APSB14-04)

2014-02-0400:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.260 / 11.8.x / 11.9.x / 12.0.0.43. It is, therefore, potentially affected by an unspecified vulnerability that could lead to arbitrary code execution.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72285);
  script_version("1.11");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2014-0497");
  script_bugtraq_id(65327);

  script_name(english:"Flash Player for Mac <= 11.7.700.260 / 12.0.0.43 Unspecified Remote Code Execution (APSB14-04)");
  script_summary(english:"Checks version of Flash Player");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host has a browser plugin that is affected by a
code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its version, the instance of Flash Player installed on the
remote Mac OS X host is equal or prior to 11.7.700.260 / 11.8.x / 11.9.x
/ 12.0.0.43.  It is, therefore, potentially affected by an unspecified
vulnerability that could lead to arbitrary code execution.");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-04.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash Player version 11.7.700.261 / 12.0.0.44 or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0497");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Integer Underflow Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_flash_player_installed.nasl");
  script_require_keys("MacOSX/Flash_Player/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");
path = get_kb_item_or_exit("MacOSX/Flash_Player/Path");

# nb: we're checking for versions less than *or equal to* the cutoff!
extended_cutoff_version = "11.7.700.260";
extended_fixed_version = "11.7.700.261";

standard_cutoff_version = "12.0.0.43";
standard_fixed_version  = "12.0.0.44";

fixed_version_for_report = NULL;

if (version =~ "^([0-9]|10)\.|^11\.[0-6]")
  fixed_version_for_report = extended_fixed_version;

else if (
  version =~ "^11\.7\." &&
  ver_compare(ver:version, fix:extended_cutoff_version, strict:FALSE) <= 0
) fixed_version_for_report = extended_fixed_version;

else if (version =~ "^11\.[89]\.") fixed_version_for_report = standard_fixed_version;
else if (
  version =~ "^12\.0\.0\." &&
  ver_compare(ver:version, fix:standard_cutoff_version, strict:FALSE) <= 0
) fixed_version_for_report = standard_fixed_version;

if (!isnull(fixed_version_for_report))
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fixed_version_for_report +
      '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

Related

nessus 7
packetstorm 1
seebug 2
threatpost 5
openvas 8
symantec 1
prion 1
ubuntucve 1
checkpoint_advisories 1
zdt 2
metasploit 1
freebsd 1
redhat 1
suse 3
thn 2
mageia 1
cve 1
exploitdb 1
gentoo 1
securityvulns 1
nessus
nessus
RHEL 5 / 6 : flash-plugin (RHSA-2014:0137)
2014-02-06 00:00:00
MS KB2929825: Update for Vulnerability in Adobe Flash Player in Internet Explorer
2014-02-04 00:00:00
openSUSE Security Update : flash-player (openSUSE-SU-2014:0197-1)
2014-06-13 00:00:00
packetstorm
packetstorm
Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-05 00:00:00
seebug
seebug
Adobe Flash Player ζ•΄ζ•°ε †ζ ˆδΈ‹ζΊ’θΏœη¨‹ε‘½δ»€ζ‰§θ‘Œ
2014-05-08 00:00:00
Adobe Flash Player Integer Underflow Remote Code Execution
2014-07-01 00:00:00
threatpost
threatpost
Emergency Adobe Flash Player Security Update Patches 0Day
2014-02-04 14:21:26
Kaspersky Provides Details on Latest Adobe Flash Zero Day
2014-02-05 11:05:57
Darkhotel APT Group Targeting Top Executives in Long-Term Campaign
2014-11-10 10:41:41
openvas
openvas
openSUSE: Security Advisory for update (openSUSE-SU-2014:0203-1)
2014-02-11 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2014:0221-1)
2015-10-16 00:00:00
Adobe Flash Player Arbitrary Code Execution Vulnerability (APSB14-04) - Windows
2014-02-05 00:00:00
symantec
symantec
Adobe Flash Player CVE-2014-0497 Remote Code Execution Vulnerability
2014-02-04 00:00:00
prion
prion
Integer overflow
2014-02-05 05:15:00
ubuntucve
ubuntucve
CVE-2014-0497
2014-02-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Integer Underflow Remote Code Execution (APSB14-04: CVE-2014-0497)
2014-02-07 00:00:00
zdt
zdt
Adobe Flash Player Integer Underflow Remote Code Execution Exploit
2014-05-06 00:00:00
Integer underflow in Adobe Flash Player Exploit
2014-05-08 00:00:00
metasploit
metasploit
Adobe Flash Player Integer Underflow Remote Code Execution
2014-05-04 01:04:46
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2014-02-04 00:00:00
redhat
redhat
(RHSA-2014:0137) Critical: flash-plugin security update
2014-02-05 00:00:00
suse
suse
update flash-player to 11.2.202.336 (critical)
2014-02-06 19:04:14
Security update for flash-player (important)
2014-02-11 19:04:32
flash-player to 11.2.202.336 (critical)
2014-02-06 14:04:13
thn
thn
Adobe issues Emergency Flash Player update to patch critical zero-day threat
2014-02-05 04:13:00
Hacking Team Flash Zero-Day Linked to Cyber Attacks on South Korea and Japan
2015-07-09 01:20:00
mageia
mageia
Updated flash-player-plugin packages fix CVE-2014-0497
2014-02-05 19:35:26
cve
cve
CVE-2014-0497
2014-02-05 05:15:00
exploitdb
exploitdb
Adobe Flash Player - Integer Underflow Remote Code Execution (Metasploit)
2014-05-06 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-02-06 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2014-05-04 00:00:00
JSON
Related for MACOSX_FLASH_PLAYER_12_0_0_44.NASL
nessus7packetstorm1seebug2threatpost5openvas8symantec1prion1ubuntucve1checkpoint_advisories1zdt2metasploit1freebsd1redhat1suse3thn2mageia1cve1exploitdb1gentoo1securityvulns1