Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FLASH_PLAYER_APSB15-25.NASL
HistoryOct 13, 2015 - 12:00 a.m.

Adobe Flash Player for Mac <= 19.0.0.185 Multiple Vulnerabilities (APSB15-25)

2015-10-1300:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 19.0.0.185. It is, therefore, affected by multiple vulnerabilities :

  • An unspecified vulnerability exists related to the defense-in-depth feature in the Flash Broker API. No other details are available. (CVE-2015-5569)

  • Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
    (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634)

  • A unspecified vulnerability exists that can be exploited by a remote attacker to bypass the same-origin policy, allowing the disclosure of sensitive information.
    (CVE-2015-7628)

  • Multiple unspecified use-after-free errors exist that can be exploited by a remote attacker to deference already freed memory, potentially allowing the execution of arbitrary code. (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644)

  • An unspecified buffer overflow condition exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code.
    (CVE-2015-7632)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(86370);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/20");

  script_cve_id(
    "CVE-2015-5569",
    "CVE-2015-7625",
    "CVE-2015-7626",
    "CVE-2015-7627",
    "CVE-2015-7628",
    "CVE-2015-7629",
    "CVE-2015-7630",
    "CVE-2015-7631",
    "CVE-2015-7632",
    "CVE-2015-7633",
    "CVE-2015-7634",
    "CVE-2015-7643",
    "CVE-2015-7644"
  );

  script_name(english:"Adobe Flash Player for Mac <= 19.0.0.185 Multiple Vulnerabilities (APSB15-25)");
  script_summary(english:"Checks the version of Flash Player.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host has a browser plugin installed that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Flash Player installed on the remote Mac OS X
host is equal or prior to version 19.0.0.185. It is, therefore,
affected by multiple vulnerabilities :

  - An unspecified vulnerability exists related to the
    defense-in-depth feature in the Flash Broker API. No
    other details are available. (CVE-2015-5569)

  - Multiple unspecified memory corruption issues exist due
    to improper validation of user-supplied input. A remote
    attacker can exploit this to execute arbitrary code.
    (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627,
    CVE-2015-7630, CVE-2015-7633, CVE-2015-7634)

  - A unspecified vulnerability exists that can be exploited
    by a remote attacker to bypass the same-origin policy,
    allowing the disclosure of sensitive information.
    (CVE-2015-7628)

  - Multiple unspecified use-after-free errors exist that
    can be exploited by a remote attacker to deference
    already freed memory, potentially allowing the
    execution of arbitrary code. (CVE-2015-7629,
    CVE-2015-7631, CVE-2015-7643, CVE-2015-7644)

  - An unspecified buffer overflow condition exists due to
    improper validation of user-supplied input. An attacker
    can exploit this to execute arbitrary code.
    (CVE-2015-7632)");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-25.html");
  # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash Player version 19.0.0.207 or later.

Alternatively, Adobe has made version 18.0.0.252 available for those
installations that cannot be upgraded to the latest version.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7644");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/10/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_flash_player_installed.nasl");
  script_require_keys("MacOSX/Flash_Player/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");
path = get_kb_item_or_exit("MacOSX/Flash_Player/Path");

fix = FALSE;
if(version =~ "^19\." && ver_compare(ver:version, fix:"19.0.0.185", strict:FALSE) <= 0)
  fix = "19.0.0.207";
else if(ver_compare(ver:version, fix:"18.0.0.241") <= 0)
  fix = "18.0.0.252";

if (fix)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_hole(port:0, extra:report);
  }
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

Related

suse 4
nessus 13
altlinux 2
redhat 2
freebsd 1
openvas 8
archlinux 1
mageia 1
prion 21
cve 21
ubuntucve 21
checkpoint_advisories 8
gentoo 1
zdi 4
kaspersky 1
jvn 1
symantec 1
suse
suse
Security update for Adobe Flash Player (important)
2015-10-14 18:09:47
Security update for flash-player (important)
2015-10-14 17:11:22
Security update for flash-player (important)
2015-10-14 17:10:32
nessus
nessus
FreeBSD : flash -- multiple vulnerabilities (a63f2c06-726b-11e5-a12b-bcaec565249c)
2015-10-15 00:00:00
Adobe Flash Player <= 19.0.0.185 Multiple Vulnerabilities (APSB15-25)
2015-10-13 00:00:00
MS KB3099406: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
2015-10-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt54
2015-10-14 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt54
2015-10-14 00:00:00
redhat
redhat
(RHSA-2015:1893) Critical: flash-plugin security update
2015-10-15 00:00:00
(RHSA-2015:2024) Critical: flash-plugin security update
2015-11-11 00:00:00
freebsd
freebsd
flash -- multiple vulnerabilities
2015-10-13 00:00:00
openvas
openvas
SUSE: Security Advisory for flash-player (SUSE-SU-2015:1740-1)
2015-10-16 00:00:00
Mageia: Security Advisory (MGASA-2015-0399)
2015-10-15 00:00:00
Adobe Air Multiple Vulnerabilities -01 (Oct 2015) - Windows
2015-10-16 00:00:00
archlinux
archlinux
flashplugin: multiple issues
2015-10-14 00:00:00
mageia
mageia
Updated flash-player-plugin packages fixes security vulnerabilities
2015-10-14 08:55:15
prion
prion
Memory corruption
2015-10-14 23:59:00
Memory corruption
2015-10-15 00:00:00
Memory corruption
2015-10-15 00:00:00
cve
cve
CVE-2015-7633
2015-10-15 00:00:00
CVE-2015-7630
2015-10-15 00:00:00
CVE-2015-7625
2015-10-14 23:59:00
ubuntucve
ubuntucve
CVE-2015-7627
2015-10-15 00:00:00
CVE-2015-7633
2015-10-15 00:00:00
CVE-2015-7625
2015-10-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB15-25: CVE-2015-7625; CVE-2015-7626)
2015-10-29 00:00:00
Adobe Flash Player Memory Corruption (APSB15-25: CVE-2015-7627)
2015-10-29 00:00:00
Adobe Flash Player Memory Corruption (APSB15-25: CVE-2015-7633)
2015-10-29 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-11-17 00:00:00
zdi
zdi
Adobe Flash TextFormat tabStops Use-After-Free Remote Code Execution Vulnerability
2015-10-13 00:00:00
Adobe Flash Loader loadBytes Buffer Overflow Remote Code Execution Vulnerability
2015-10-13 00:00:00
Adobe Flash TextLine validity Use-After-Free Remote Code Execution Vulnerability
2015-10-13 00:00:00
kaspersky
kaspersky
KLA10679 Multiple vulnerabilities in Adobe Flash Player & AIR
2015-10-13 00:00:00
jvn
jvn
JVN#22533124: Adobe Flash Player issue where iframe contents may be overwritten
2015-12-17 00:00:00
symantec
symantec
Adobe Flash Player and AIR CVE-2015-7632 Buffer Overflow Vulnerability
2015-10-13 00:00:00
JSON
Related for MACOSX_FLASH_PLAYER_APSB15-25.NASL
suse4nessus13altlinux2redhat2freebsd1openvas8archlinux1mageia1prion21cve21ubuntucve21checkpoint_advisories8gentoo1zdi4kaspersky1jvn1symantec1