Lucene search
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_GOOGLE_CHROME_39_0_2171_71.NASLHistoryNov 26, 2014 - 12:00 a.m.
Google Chrome < 39.0.2171.71 Flash Player Remote Code Execution (Mac OS X)
2014-11-2600:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.829 High
EPSS
Percentile
98.5%
The version of Google Chrome installed on the remote Mac OS X host is prior to 39.0.2171.71. It is, therefore, affected by a remote code execution vulnerability in the included Flash Player plugin, which is due to the processing of a dereferenced memory pointer.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(79579);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");
script_cve_id("CVE-2014-8439");
script_bugtraq_id(71289);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");
script_name(english:"Google Chrome < 39.0.2171.71 Flash Player Remote Code Execution (Mac OS X)");
script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is affected by a
remote code execution vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Google Chrome installed on the remote Mac OS X host is
prior to 39.0.2171.71. It is, therefore, affected by a remote code
execution vulnerability in the included Flash Player plugin, which is
due to the processing of a dereferenced memory pointer.");
# http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_25.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4bb46c17");
script_set_attribute(attribute:"solution", value:
"Upgrade to Google Chrome 39.0.2171.71 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8439");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/25");
script_set_attribute(attribute:"patch_publication_date", value:"2014/11/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_google_chrome_installed.nbin");
script_require_keys("MacOSX/Google Chrome/Installed");
exit(0);
}
include("google_chrome_version.inc");
get_kb_item_or_exit("MacOSX/Google Chrome/Installed");
google_chrome_check_version(fix:'39.0.2171.71', severity:SECURITY_HOLE, xss:FALSE);
Related
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB14-26: CVE-2014-8439)
2014-12-17 00:00:00
nessus
nessus
Google Chrome < 39.0.2171.71 Flash Player Remote Code Execution
2014-11-26 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2014:1915)
2014-11-27 00:00:00
openSUSE Security Update : flash-player (openSUSE-SU-2014:1562-1)
2014-12-06 00:00:00
openvas
openvas
SUSE: Security Advisory for flash-player (SUSE-SU-2014:1545-1)
2015-10-15 00:00:00
Mageia: Security Advisory (MGASA-2014-0497)
2022-01-28 00:00:00
Adobe AIR Multiple Vulnerabilities (APSB14-22) - Mac OS X
2014-10-20 00:00:00
suse
suse
Security update for flash-player (important)
2014-12-03 01:04:47
Security update for flashplayer to version 11.2.202.424 (critical)
2014-11-27 08:05:19
Security update for flash-player (important)
2014-12-05 10:06:29
cvelist
cvelist
CVE-2014-8439
2014-11-25 23:00:00
redhat
redhat
(RHSA-2014:1915) Critical: flash-plugin security update
2014-11-26 00:00:00
ubuntucve
ubuntucve
CVE-2014-8439
2014-11-25 00:00:00
cisa_kev
cisa_kev
Adobe Flash Player Dereferenced Pointer Vulnerability
2022-05-25 00:00:00
cve
cve
CVE-2014-8439
2014-11-25 23:59:00
attackerkb
attackerkb
CVE-2014-8439
2014-11-25 00:00:00
prion
prion
Null pointer dereference
2014-11-25 23:59:00
nvd
nvd
CVE-2014-8439
2014-11-25 23:59:00
mageia
mageia
Updated flash-player-plugin packages fix CVE-2014-8439
2014-11-26 20:29:06
thn
thn
threatpost
threatpost
December 2014 Adobe Reader, Acrobat Security Patches
2014-12-05 09:19:13
Adobe Releases Emergency Flash Player Patch
2014-11-25 13:22:26
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-12-11 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.829 High
EPSS
Percentile
98.5%
Related for MACOSX_GOOGLE_CHROME_39_0_2171_71.NASL