Search...

RHEL 6 : flash-plugin (RHSA-2017:2457)

2017-08-11T00:00:00

ID REDHAT-RHSA-2017-2457.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update upgrades Flash Player to version 26.0.0.151.

Security Fix(es) :

This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-3085, CVE-2017-3106)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:2457. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(102411);
  script_version("3.9");
  script_cvs_date("Date: 2019/10/24 15:35:43");

  script_cve_id("CVE-2017-3085", "CVE-2017-3106");
  script_xref(name:"RHSA", value:"2017:2457");

  script_name(english:"RHEL 6 : flash-plugin (RHSA-2017:2457)");
  script_summary(english:"Checks the rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for flash-plugin is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.

This update upgrades Flash Player to version 26.0.0.151.

Security Fix(es) :

* This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities, detailed in the Adobe Security Bulletin listed
in the References section, could allow an attacker to create a
specially crafted SWF file that would cause flash-plugin to crash,
execute arbitrary code, or disclose sensitive information when the
victim loaded a page containing the malicious SWF content.
(CVE-2017-3085, CVE-2017-3106)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2017:2457"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-3085"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-3106"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected flash-plugin package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:flash-plugin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" &gt;!&lt; release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$" && "s390" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2017:2457";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", reference:"flash-plugin-26.0.0.151-1.el6_9")) flag++;

  if (flag)
  {
    flash_plugin_caveat = '\n' +
      'NOTE: This vulnerability check only applies to RedHat released\n' +
      'versions of the flash-plugin package. This check does not apply to\n' +
      'Adobe released versions of the flash-plugin package, which are\n' +
      'versioned similarly and cause collisions in detection.\n\n' +

      'If you are certain you are running the Adobe released package of\n' +
      'flash-plugin and are running a version of it equal or higher to the\n' +
      'RedHat version listed above then you can consider this a false\n' +
      'positive.\n';
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-plugin");
  }
}

JSON Vulners Source

Initial Source

{"id": "REDHAT-RHSA-2017-2457.NASL", "bulletinFamily": "scanner", "title": "RHEL 6 : flash-plugin (RHSA-2017:2457)", "description": "An update for flash-plugin is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 26.0.0.151.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to crash,\nexecute arbitrary code, or disclose sensitive information when the\nvictim loaded a page containing the malicious SWF content.\n(CVE-2017-3085, CVE-2017-3106)", "published": "2017-08-11T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/102411", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2017-3106", "https://access.redhat.com/security/cve/cve-2017-3085", "https://access.redhat.com/errata/RHSA-2017:2457", "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html"], "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "type": "nessus", "lastseen": "2021-01-01T05:08:22", "edition": 28, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-3085", "CVE-2017-3106"]}, {"type": "freebsd", "idList": ["7E3D3E9A-7D8F-11E7-A02B-D43D7EF03AA6"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811614", "OPENVAS:1361412562310811612", "OPENVAS:1361412562310811608", "OPENVAS:1361412562310811611", "OPENVAS:1361412562310811609", "OPENVAS:1361412562310811610", "OPENVAS:1361412562310811607"]}, {"type": "kaspersky", "idList": ["KLA11085", "KLA11847"]}, {"type": "threatpost", "idList": ["THREATPOST:0DA89F3073B593D654296439701F8B41", "THREATPOST:84E0102880A8F8A5B1931093D8BE5775"]}, {"type": "archlinux", "idList": ["ASA-201708-1", "ASA-201708-2"]}, {"type": "redhat", "idList": ["RHSA-2017:2457"]}, {"type": "nessus", "idList": ["SMB_NT_MS17_AUG_4034662.NASL", "GENTOO_GLSA-201709-16.NASL", "FLASH_PLAYER_APSB17-23.NASL", "MACOSX_FLASH_PLAYER_APSB17-23.NASL", "FREEBSD_PKG_7E3D3E9A7D8F11E7A02BD43D7EF03AA6.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201709-16"]}, {"type": "myhack58", "idList": ["MYHACK58:62201788740"]}, {"type": "zdi", "idList": ["ZDI-17-634"]}, {"type": "cert", "idList": ["VU:672268"]}, {"type": "exploitdb", "idList": ["EDB-ID:42480"]}, {"type": "zdt", "idList": ["1337DAY-ID-28302"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:3BC4D55C7B197F32FEF9A2D171ACD8AB"]}], "modified": "2021-01-01T05:08:22", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-01-01T05:08:22", "rev": 2}, "vulnersScore": 9.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2457. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102411);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_xref(name:\"RHSA\", value:\"2017:2457\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2017:2457)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 26.0.0.151.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to crash,\nexecute arbitrary code, or disclose sensitive information when the\nvictim loaded a page containing the malicious SWF content.\n(CVE-2017-3085, CVE-2017-3106)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3106\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2457\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-26.0.0.151-1.el6_9\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "102411", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T20:13:31", "description": "Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-11T19:29:00", "title": "CVE-2017-3085", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3085"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/a:adobe:flash_player:26.0.0.137"], "id": "CVE-2017-3085", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3085", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:edge:*:*", "cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:internet_explorer_11:*:*", "cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:chrome:*:*"]}, {"lastseen": "2020-12-09T20:13:31", "description": "Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-11T19:29:00", "title": "CVE-2017-3106", "type": "cve", "cwe": ["CWE-704"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3106"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/a:adobe:flash_player:26.0.0.137"], "id": "CVE-2017-3106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3106", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:edge:*:*", "cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:internet_explorer_11:*:*", "cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:26.0.0.137:*:*:*:*:chrome:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:32:13", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "\nAdobe reports:\n\n\nThese updates resolve security bypass vulnerability that\n\t could lead to information disclosure (CVE-2017-3085).\nThese updates resolve type confusion vulnerability that\n\t could lead to remote code execution (CVE-2017-3106).\n\n\n", "edition": 5, "modified": "2017-08-08T00:00:00", "published": "2017-08-08T00:00:00", "id": "7E3D3E9A-7D8F-11E7-A02B-D43D7EF03AA6", "href": "https://vuxml.freebsd.org/freebsd/7e3d3e9a-7d8f-11e7-a02b-d43d7ef03aa6.html", "title": "Flash Player -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-06-08T23:24:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "This host is missing a critical security\n update according to Microsoft KB4034662.", "modified": "2020-06-04T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811614", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811614", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Multiple Flash Player Vulnerabilities (4034662)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Multiple Flash Player Vulnerabilities (4034662)\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811614\");\n script_version(\"2020-06-04T12:11:49+0000\");\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 12:11:49 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 10:42:50 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Microsoft IE And Microsoft Edge Multiple Flash Player Vulnerabilities (4034662)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4034662.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A security bypass vulnerability.\n\n - A type confusion.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute remote code and can get\n sensitive information.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1511 for x32/x64\n\n - Microsoft Windows 10 Version 1607 for x32/x64\n\n - Microsoft Windows 10 Version 1703 for x32/x64\n\n - Microsoft Windows 10 x32/x64\n\n - Microsoft Windows 8.1 for x32/x64 Edition and\n\n - Microsoft Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/4034662\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-17.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path += \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"26.0.0.151\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 26.0.0.151\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:20:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811612", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811612", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- Linux", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811612\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 10:42:01 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A security bypass vulnerability.\n\n - A type confusion.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute remote code and can get\n sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 26.0.0.151\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 26.0.0.151, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"26.0.0.151\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"26.0.0.151\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:19:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811610", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811610", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811610\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 10:42:00 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A security bypass vulnerability.\n\n - A type confusion.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute remote code and can get\n sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 26.0.0.151\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 26.0.0.151, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"26.0.0.151\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"26.0.0.151\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:15:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811607", "type": "openvas", "title": "Adobe Flash Player Security Updates( apsb17-23 )-Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb17-23 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811607\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 10:41:50 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Adobe Flash Player Security Updates( apsb17-23 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A security bypass vulnerability.\n\n - A type confusion.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute remote code and can get\n sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 26.0.0.151 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 26.0.0.151, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"26.0.0.151\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"26.0.0.151\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:20:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811608", "type": "openvas", "title": "Adobe Flash Player Security Updates( apsb17-23 )-MAC OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb17-23 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811608\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 10:41:51 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Adobe Flash Player Security Updates( apsb17-23 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A security bypass vulnerability.\n\n - A type confusion.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute remote code and can get\n sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 26.0.0.151 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 26.0.0.151, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"26.0.0.151\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"26.0.0.151\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:20:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811611", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- MAC OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811611\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 10:42:02 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update( apsb17-23 )- MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A security bypass vulnerability.\n\n - A type confusion.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute remote code and can get\n sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 26.0.0.151\n within Google Chrome on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 26.0.0.151, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"26.0.0.151\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"26.0.0.151\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:19:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-08-09T00:00:00", "id": "OPENVAS:1361412562310811609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310811609", "type": "openvas", "title": "Adobe Flash Player Security Updates( apsb17-23 )-Linux", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb17-23 )-Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.811609\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-08-09 10:41:52 +0530 (Wed, 09 Aug 2017)\");\n script_name(\"Adobe Flash Player Security Updates( apsb17-23 )-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A security bypass vulnerability.\n\n - A type confusion.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to execute remote code and can get\n sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 26.0.0.151 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 26.0.0.151, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"26.0.0.151\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"26.0.0.151\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:53:18", "bulletinFamily": "info", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "Adobe today pushed out its first Flash Player update since announcing two weeks ago that it would[ stop distributing and updating the software in 2020](<https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html>). \n\nFlash has been at the center of many targeted attacks and exploit kit activity, and despite numerous improvements to the product including sandboxing and attempts to kill off entire classes of vulnerabilities, many security conscious users will soon have their way with Flash going end-of-life.\n\nToday, as part of its regular Patch Tuesday update, Adobe patched two vulnerabilities in Flash, including a critical type-confusion vulnerability that could allow attackers to run code on a compromised computer. \n\nUsers should ensure they are running version 26.0.0.151 of Flash Player for Windows, Macintosh, Linux and ChromeOS. Versions 26.0.0.137 and earlier are affected by these two bugs on all platforms, Adobe said in its [advisory](<https://helpx.adobe.com/security/products/flash-player/apsb17-23.html>). \n\nThe type-confusion vulnerability, CVE-2017-3106, was privately reported by Google Project Zero\u2019s Natalie Silvanovich and Mateusz Jurczyk.\n\nThe second vulnerability, CVE-2017-3085, patched today is a security bypass vulnerability that could lead to information disclosure, Adobe said. It was reported by the Zero Day Initiative, and was given a severity rating of important by Adobe. \n\nAdobe also updated its Acrobat and Reader products, addressing 67 vulnerabilities including dozens of critical memory corruption, use-after-free and heap overflow bugs that expose compromised machines to remote code execution. Also patched were a number of other bugs rated important in severity, most of which lead to information disclosure. \n\nAdobe said it is not aware of public exploits for any of these vulnerabilities. \n\nVersions 2017.009.20058 and earlier of Acrobat and Reader DC, 2017.008.30051 and earlier of Acrobat and Acrobat Reader 2017, 2015.006.30306 and earlier of Acrobat and Reader DC Classic Track, and 11.0.20 and earlier of Acrobat and Reader XI are affected on Windows and Macintosh platforms, Adobe said in its [advisory](<https://helpx.adobe.com/security/products/acrobat/apsb17-24.html>).\n\nAdobe also patched three vulnerabilities in its Experience Manager, the company\u2019s content management platform. Two of the vulnerabilities lead to information disclosure, one in which the product version number is leaked, and another where internal information is leaked in output, Adobe said in its [advisory](<https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html>). Both are rated moderate severity.\n\nThe third bug, rated important, could lead to code execution. The vulnerability occurs because of insufficient file type validation during upload, Adobe said. Versions 6.0, 6.1, 6.2 and 6.3 are affected on all platforms. \n\nFinally, Adobe also updated its ebook reader, Digital Editions, patching two critical remote code execution vulnerabilities, as well as a less severe memory corruption bug that leads to memory address disclsoure. \n\nAdobe said in its [advisory](<https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html>) that versions 4.5.5 and earlier are affected and users should update to version 4.5.6 on all platforms. \n", "modified": "2017-08-08T17:40:16", "published": "2017-08-08T13:40:16", "id": "THREATPOST:84E0102880A8F8A5B1931093D8BE5775", "href": "https://threatpost.com/flash-player-marches-toward-end-patches-two-code-execution-bugs-in-latest-update/127288/", "type": "threatpost", "title": "Flash Player Marches Toward End, Patches Two Code Execution Bugs in Latest Update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:53:17", "bulletinFamily": "info", "cvelist": ["CVE-2017-3085"], "description": "One of the patches included in Tuesday\u2019s Adobe [Flash Player update](<https://helpx.adobe.com/security/products/flash-player/apsb17-23.html>) was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue.\n\nDutch researcher Bjorn Ruytenberg [disclosed details](<https://blog.bjornweb.nl/2017/08/flash-remote-sandbox-escape-windows-user-credentials-leak/>) after Adobe updated the soon-to-be deprecated Flash Player on Tuesday to version 26. Flash Player 23, released close to a year ago, closed off a local sandbox escape, but Ruytenberg found the update failed to address the vulnerability locally if networking was enabled, or remotely.\n\nExploiting the vulnerability would allow an attacker to connect a compromised computer to an attacker\u2019s remote Windows SMB server. An attack allows for the redirection of traffic to the remote SMB server and the interception of Windows credentials.\n\n\u201cThe attack complexity is very low,\u201d Ruytenberg told Threatpost.\n\nThe researcher pointed out that an attacker could use any number of typical infection vectors to infect victims\u2019 machines, including hosting a site that serves a malicious Flash application, or by embedding a Flash file in an Office document. Attackers could also hit victims via email or Windows file sharing by enticing them to open a local HTML file that embeds the malicious Flash application.\n\n\u201cIn this scenario, the Flash application would run in the \u2018local-with-networking\u2019 as opposed to the default \u2018remote sandbox (but both sandboxes are vulnerable),\u201d Ruytenberg said.\n\nIn Flash 23, Adobe updated its sandbox policies, improving input validation along the way, which should have prevented Flash from connected to a remote server. Ruytenberg discovered that he could use a two-year-old Windows redirect-to-SMB vulnerability to again exploit the Flash bug. The attack works only on Internet Explorer and Firefox, Ruytenberg said; Chrome and Microsoft Edge are not affected, he said, preventing Flash from connecting to the SMB server.\n\nRuytenberg said in Flash 23, Adobe no longer allowed the software to load resources from an SMB server, rejecting UNC and File-style paths; any paths that are not prefixed with HTTP or HTTPS. Ruytenberg discovered that he could change the requested path after it had passed input validation by abusing the Redirect-to-SMB bug.\n\n\u201cBy setting the HTTP Location header and an appropriate response code (e.g. 301, 302), this vulnerability can be used to redirect HTTP requests to a malicious SMB server,\u201d he wrote in his report, adding that the vulnerability affects IE, Firefox and any third-party applications using them.\n\nSpecifically, Ruytenberg\u2019s attack was able to abuse Flash\u2019s cross-domain policy file which, he said, dictates when Flash is allowed to load resources from another domain. He discovered that the cross-domain policy is requested from the same host serving the attacker\u2019s Flash application. Therefore, he built a new policy with lesser restrictions and was successful in forcing Flash to connect to the remote SMB server and capture incoming requests including the victim\u2019s user credentials.\n\n\u201cThe report I disclosed demonstrates this vulnerability was fixed improperly as the new sandbox policies can be circumvented,\u201d Ruytenberg said. \u201cThis week\u2019s patch should indeed fix the vulnerability.\u201d\n\nAdobe addressed the vulnerability, CVE-2017-3085, Tuesday, giving it a severity rating of important and calling it a security bypass vulnerability. It was one of two vulnerabilities addressed in Tuesday\u2019s update.\n", "modified": "2017-08-21T20:15:50", "published": "2017-08-10T15:00:38", "id": "THREATPOST:0DA89F3073B593D654296439701F8B41", "href": "https://threatpost.com/patched-flash-player-sandbox-escape-leaked-windows-credentials/127378/", "type": "threatpost", "title": "Patched Flash Player Sandbox Escape Leaked Windows Credentials", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:52:45", "bulletinFamily": "info", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "### *Detect date*:\n08/08/2017\n\n### *Severity*:\nWarning\n\n### *Description*:\nThis security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin [APSB17-23](<http://helpx.adobe.com/security/products/flash-player/apsb17-23.html>):\n\nCVE-2017-3085, CVE-2017-3106\n\n### *Affected products*:\nAdobe Flash Player earlier than 26.0.0.151\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[ADV170010](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170010>) \n\n\n### *Related products*:\n[Adobe Flash](<https://threats.kaspersky.com/en/product/Adobe-Flash/>)\n\n### *KB list*:\n[4034662](<http://support.microsoft.com/kb/4034662>)", "edition": 1, "modified": "2020-07-08T00:00:00", "published": "2017-08-08T00:00:00", "id": "KLA11847", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11847", "title": "\r KLA11847Microsoft Advisory for Adobe Flash ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:53:28", "bulletinFamily": "info", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "### *Detect date*:\n08/08/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Flash Player versions earlier than 26.0.0.151. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 26.0.0.151\n\n### *Solution*:\nUpdate to the latest versions \n[Download Adobe Flash Player](<https://get.adobe.com/flashplayer/>)\n\n### *Original advisories*:\n[Adobe Security Bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb17-23.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2017-3085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3085>)5.0Critical \n[CVE-2017-3106](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3106>)9.3Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 43, "modified": "2020-06-18T00:00:00", "published": "2017-08-08T00:00:00", "id": "KLA11085", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11085", "title": "\r KLA11085Multiple vulnerabilities in Adobe Flash Player ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "Arch Linux Security Advisory ASA-201708-1\n=========================================\n\nSeverity: Critical\nDate : 2017-08-10\nCVE-ID : CVE-2017-3085 CVE-2017-3106\nPackage : lib32-flashplugin\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-372\n\nSummary\n=======\n\nThe package lib32-flashplugin before version 26.0.0.151-1 is vulnerable\nto multiple issues including arbitrary code execution and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 26.0.0.151-1.\n\n# pacman -Syu \"lib32-flashplugin>=26.0.0.151-1\"\n\nThe problems have been fixed upstream in version 26.0.0.151.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-3085 (information disclosure)\n\nAn information disclosure flaw has been found in Adobe Flash player <\n26.0.0.151.\n\n- CVE-2017-3106 (arbitrary code execution)\n\nA type confusion issue has been found in Adobe Flash player <\n26.0.0.151, leading to remote code execution.\n\nImpact\n======\n\nA remote attacker might be able to access sensitive information or\nexecute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://helpx.adobe.com/security/products/flash-player/apsb17-23.html\nhttps://security.archlinux.org/CVE-2017-3085\nhttps://security.archlinux.org/CVE-2017-3106", "modified": "2017-08-10T00:00:00", "published": "2017-08-10T00:00:00", "id": "ASA-201708-1", "href": "https://security.archlinux.org/ASA-201708-1", "type": "archlinux", "title": "[ASA-201708-1] lib32-flashplugin: multiple issues", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "Arch Linux Security Advisory ASA-201708-2\n=========================================\n\nSeverity: Critical\nDate : 2017-08-10\nCVE-ID : CVE-2017-3085 CVE-2017-3106\nPackage : flashplugin\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-373\n\nSummary\n=======\n\nThe package flashplugin before version 26.0.0.151-1 is vulnerable to\nmultiple issues including arbitrary code execution and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 26.0.0.151-1.\n\n# pacman -Syu \"flashplugin>=26.0.0.151-1\"\n\nThe problems have been fixed upstream in version 26.0.0.151.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-3085 (information disclosure)\n\nAn information disclosure flaw has been found in Adobe Flash player <\n26.0.0.151.\n\n- CVE-2017-3106 (arbitrary code execution)\n\nA type confusion issue has been found in Adobe Flash player <\n26.0.0.151, leading to remote code execution.\n\nImpact\n======\n\nA remote attacker might be able to access sensitive information or\nexecute arbitrary code on the affected host.\n\nReferences\n==========\n\nhttps://helpx.adobe.com/security/products/flash-player/apsb17-23.html\nhttps://security.archlinux.org/CVE-2017-3085\nhttps://security.archlinux.org/CVE-2017-3106", "modified": "2017-08-10T00:00:00", "published": "2017-08-10T00:00:00", "id": "ASA-201708-2", "href": "https://security.archlinux.org/ASA-201708-2", "type": "archlinux", "title": "[ASA-201708-2] flashplugin: multiple issues", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T03:30:01", "description": "The version of Adobe Flash Player installed on the remote macOS or Mac\nOS X host is equal or prior to version 26.0.0.137. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to an\n unspecified flaw. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n website containing specially crafted Flash content, to\n disclose sensitive information. (CVE-2017-3085)\n\n - A remote code execution vulnerability exists due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a website containing\n specially crafted Flash content, to execute arbitrary\n code. (CVE-2017-3106)", "edition": 28, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "Adobe Flash Player for Mac <= 26.0.0.137 Multiple Vulnerabilities (APSB17-23)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB17-23.NASL", "href": "https://www.tenable.com/plugins/nessus/102263", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102263);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_bugtraq_id(100191);\n\n script_name(english:\"Adobe Flash Player for Mac <= 26.0.0.137 Multiple Vulnerabilities (APSB17-23)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OS X host has a browser plugin installed that\nis affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote macOS or Mac\nOS X host is equal or prior to version 26.0.0.137. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to an\n unspecified flaw. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n website containing specially crafted Flash content, to\n disclose sensitive information. (CVE-2017-3085)\n\n - A remote code execution vulnerability exists due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a website containing\n specially crafted Flash content, to execute arbitrary\n code. (CVE-2017-3106)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 26.0.0.151 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\ncutoff_version = \"26.0.0.137\";\nfix = \"26.0.0.151\";\n# we're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:44:00", "description": "The remote Windows host is missing security update KB4034662. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to an\n unspecified flaw. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n website containing specially crafted Flash content, to\n disclose sensitive information. (CVE-2017-3085)\n\n - A remote code execution vulnerability exists due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a website containing\n specially crafted Flash content, to execute arbitrary\n code. (CVE-2017-3106)", "edition": 33, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "KB4034662: Security update for Adobe Flash Player (August 2017)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS17_AUG_4034662.NASL", "href": "https://www.tenable.com/plugins/nessus/102266", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102266);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/03 11:35:09\");\n\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_bugtraq_id(100191);\n script_xref(name:\"MSKB\", value:\"4034662\");\n script_xref(name:\"MSFT\", value:\"MS17-4034662\");\n\n script_name(english:\"KB4034662: Security update for Adobe Flash Player (August 2017)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4034662. It is,\ntherefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to an\n unspecified flaw. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n website containing specially crafted Flash content, to\n disclose sensitive information. (CVE-2017-3085)\n\n - A remote code execution vulnerability exists due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a website containing\n specially crafted Flash content, to execute arbitrary\n code. (CVE-2017-3106)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170010\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a5a1122e\");\n # https://support.microsoft.com/en-us/help/4034662/security-update-for-adobe-flash-player-aug-08-2017\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a8fb45ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, 10, and 2016.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS17-08\";\nkbs = make_list(\"4034662\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 26.0.0.137\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"26.0.0.137\", strict:FALSE) <= 0)\n fix = \"26.0.0.151\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS17-08', kb:'4034662', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T02:34:44", "description": "The version of Adobe Flash Player installed on the remote Windows host\nis equal or prior to version 26.0.0.137. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to an\n unspecified flaw. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n website containing specially crafted Flash content, to\n disclose sensitive information. (CVE-2017-3085)\n\n - A remote code execution vulnerability exists due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a website containing\n specially crafted Flash content, to execute arbitrary\n code. (CVE-2017-3106)", "edition": 28, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-08T00:00:00", "title": "Adobe Flash Player <= 26.0.0.137 Multiple Vulnerabilities (APSB17-23)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB17-23.NASL", "href": "https://www.tenable.com/plugins/nessus/102262", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102262);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n script_bugtraq_id(100191);\n\n script_name(english:\"Adobe Flash Player <= 26.0.0.137 Multiple Vulnerabilities (APSB17-23)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host\nis equal or prior to version 26.0.0.137. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists due to an\n unspecified flaw. An unauthenticated, remote attacker\n can exploit this, by convincing a user to visit a\n website containing specially crafted Flash content, to\n disclose sensitive information. (CVE-2017-3085)\n\n - A remote code execution vulnerability exists due to\n improper validation of user-supplied input. An\n unauthenticated, remote attacker can exploit this, by\n convincing a user to visit a website containing\n specially crafted Flash content, to execute arbitrary\n code. (CVE-2017-3106)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 26.0.0.151 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 26.0.0.137\n if (ver_compare(ver:ver,fix:\"26.0.0.137\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"26.0.0.151\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"26.0.0.151\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 26.0.0.151\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 26.0.0.151 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T10:54:20", "description": "Adobe reports :\n\n- These updates resolve security bypass vulnerability that could lead\nto information disclosure (CVE-2017-3085).\n\n- These updates resolve type confusion vulnerability that could lead\nto remote code execution (CVE-2017-3106).", "edition": 27, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-08-10T00:00:00", "title": "FreeBSD : Flash Player -- multiple vulnerabilities (7e3d3e9a-7d8f-11e7-a02b-d43d7ef03aa6)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "modified": "2017-08-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7E3D3E9A7D8F11E7A02BD43D7EF03AA6.NASL", "href": "https://www.tenable.com/plugins/nessus/102331", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102331);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-3085\", \"CVE-2017-3106\");\n\n script_name(english:\"FreeBSD : Flash Player -- multiple vulnerabilities (7e3d3e9a-7d8f-11e7-a02b-d43d7ef03aa6)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\n- These updates resolve security bypass vulnerability that could lead\nto information disclosure (CVE-2017-3085).\n\n- These updates resolve type confusion vulnerability that could lead\nto remote code execution (CVE-2017-3106).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-23.html\"\n );\n # https://vuxml.freebsd.org/freebsd/7e3d3e9a-7d8f-11e7-a02b-d43d7ef03aa6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c319da88\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplayer<26.0.0.151\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:06:21", "description": "The remote host is affected by the vulnerability described in GLSA-201709-16\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 28, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-09-25T00:00:00", "title": "GLSA-201709-16 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11282", "CVE-2017-3085", "CVE-2017-11281", "CVE-2017-3106"], "modified": "2017-09-25T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-201709-16.NASL", "href": "https://www.tenable.com/plugins/nessus/103444", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201709-16.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103444);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11281\", \"CVE-2017-11282\", \"CVE-2017-3085\", \"CVE-2017-3106\");\n script_xref(name:\"GLSA\", value:\"201709-16\");\n\n script_name(english:\"GLSA-201709-16 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201709-16\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201709-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-26.0.0.151'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 27.0.0.130-r1\"), vulnerable:make_list(\"lt 27.0.0.130-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-05-29T14:35:38", "bulletinFamily": "unix", "cvelist": ["CVE-2017-3085", "CVE-2017-3106"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 26.0.0.151.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-3085, CVE-2017-3106)", "modified": "2018-06-07T18:21:38", "published": "2017-08-10T14:21:38", "id": "RHSA-2017:2457", "href": "https://access.redhat.com/errata/RHSA-2017:2457", "type": "redhat", "title": "(RHSA-2017:2457) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2017-09-24T19:45:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11282", "CVE-2017-3085", "CVE-2017-11281", "CVE-2017-3106"], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-26.0.0.151\"", "edition": 1, "modified": "2017-09-24T00:00:00", "published": "2017-09-24T00:00:00", "href": "https://security.gentoo.org/glsa/201709-16", "id": "GLSA-201709-16", "title": "Adobe Flash Player: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "myhack58": [{"lastseen": "2017-08-21T15:15:53", "bulletinFamily": "info", "cvelist": ["CVE-2017-3085"], "edition": 1, "description": "One, Foreword \nRecently, I published about the Flash sandbox escape vulnerabilities of an article, The final result has survived ten years of the Flash Player local security sandbox died a natural death. \nBefore this vulnerability to show us the input data to verify the correctness of importance. The attacker only needs to run the Flash input mixing UNC and a file URI, it is sufficient to extract the local data, and can use Windows user credentials sent to the remote SMB Server. \nFlash Player in the 23 version to remove the local file system local-with-filesystem\uff09sandbox, from the local point of view, this treatment effectively solves these two problems. However, very interestingly, the official release notes are ignored in the remaining two sandboxes: local network local-with-networking\uff09sandbox and remote\uff08remote\uff09sandbox. So I want to know which of two sandbox questions whether it has been repaired. \nIn fact, according to initial test results, the Flash will refuse any UNC or file path. Both the sand box seems to not accept any non-HTTP form of the URL. Therefore, this poses a very interesting question: if we are able to another way to bypass this limit? Whether we can through input validation, modify the input expressions have a meaning? \nIn short, Adobe Flash may be subjected to a known Windows vulnerability. Although we can by runtime security solutions to diminish the vulnerability can cause effects, but these security solutions was originally used for a different purpose, so it can be targeted to bypass. Therefore, we can bypass the Flash Player to the newly introduced input validation mechanisms that allow the attacker to recover access Windows user credentials the ability. \nThis article analyzes my recent to Adobe reports a security vulnerability, Adobe on the vulnerability of the number of APSB17-23, the corresponding CVE number for CVE-2017-3085\u3002 \nSecond, the HTTP redirect problem \nAgain to reiterate, before that exploit the key point is to our malicious Flash applications to connect to our SMB Server. Does the client authentication of the premise, by refusing the client's access request, the server may enable a Windows client to send the user's credential information. \nAdobe seems to be very aware of this attack method. The previous version of Flash from all of the SMB on the server to load resources, but in the 23 edition, the Flash will refuse to remove any UNC as well as file form the path, the two path is SMB host representation. Now many of the paths will be the Flash refused to fall, such as\\\\\\10.0.0.1\\some\\file. txt path, and the equivalent file://///10.0.0.1/ some/file. txt path. \nWe can, however, according to Microsoft provide the URI list, to construct a variety of creative URL, but still can not get any breakthrough. In both the sandbox, regardless of which sandbox the URLLoader seems to not accept does not use HTTP or HTTPS as the prefix of those paths. Seems Adobe seems to use a whitelist mechanism to reinforce their products. \nIn this case, if we can get in through input validation, modify the request path, then what would happen? According to the previous analysis, we must use the HTTP form of the address, so we need to use the HTTP redirection feature to access a SMB host. \nFortunately, SMB and HTTP or can be combined together. The first thing that catches my mind is a Windows vulnerability, called to redirect to the SMB\uff08Redirect-to-SMB\uff09vulnerabilities. By setting the HTTP header in the Location information, and providing an appropriate response code such as 301 or 302 code, the attacker can use this vulnerability to redirect HTTP requests to a malicious SMB Server. Attack scenarios as shown below: \n! [](/Article/UploadPic/2017-8/2017821172324214. png? www. myhack58. com) \nThird, the vulnerability reproduction \nIn our attack scenario, the malicious Flash applications, and the SMB server are hosted on a single host, the host IP address of the 23. 100. 122. 2\u3002 This Flash application will run in the victims of the local host to the remote\uff08remote\uff09sandbox. That is, the Flash runtime will block access to the local file system, but allows remote connections. \nTracking the Win32 API, we found that by Redirect-to-SMB vulnerability affects a function in with. dll. Therefore, Internet Explorer and any IE browser of third-party applications are affected by the vulnerability. \nThis vulnerability has attracted much media attention, many manufacturers released a fix patch to fix their products. Then, Adobe Flash performance? We can try to redirect an outbound request GET /somefile.txt the results are as follows: \n! [](/Article/UploadPic/2017-8/2017821172324308. png? www. myhack58. com) \n#2032 error code is the Flash used to represent the stream error Stream Error code. According to previous research results, we know that in addition to the#2048 code, the other code can be used to represent a successful status. We look at the actual appear what situation: \n! [](/Article/UploadPic/2017-8/2017821172324561. png? www. myhack58. com) \nUh, looks like the Flash Player and is not subject to any influence: we returned HTTP/1.1 302 response does not trigger an SMB traffic. However, we note that \u6293\u53d6\u7684\u62a5\u6587\u4e2d\u51fa\u73b0\u4e00\u4e2aGET\u62a5\u6587\u8bf7\u6c42crossdomain.xml the. This file is cross-domain policy configuration file, when the Flash client is allowed from another domain to load the resource when it will involve this file. For example, if not through domain-b. com clear license, then hosting on domain-a. com on the Flash application will not load domain-b. com on the picture. \nThe attentive reader may notice that the Adobe of the about defining with the HTTP CORS\uff08readers can read RFC6454 learn more details of the different is, Adobe will be self-limiting in a cross-domain, cross-domain data processing. More specifically, Adobe will not go to consider the different protocols to distinguish the problem. Therefore, our attack is blocked it should be with such a security mechanism-independent: because we are trying to redirect to the SMB, which is on the same host to a different Protocol. \nInterestingly, according to the Wireshark recording, \u6211\u4eec\u53d1\u73b0\u5e94\u7528\u6b63\u5728\u8bf7\u6c42\u67d0\u53f0\u4e3b\u673a\u4e0a\u7684crossdomain.xml while this host it is running Flash applications in the same host. Therefore, we can construct a most permissive cross-domain policy. According to the Adobe Developer Guide syntax, we construct the policy as follows: \n1 \n2 \n3 \n4 \n5 \n6 \n7 \n\n\n\nFinally, we re-loaded our Flash application, to observe the implementation: \n! [](/Article/UploadPic/2017-8/2017821172324580. png? www. myhack58. com) \nSuccess! We eventually established from the injured host 23.100.122.3 to our remote server 23.100.122.2 the SMB connection. At this point, we need only repeat what we do before working on it. We can use a named SMBTrap the script to assume our malicious SMB server role, is used to capture any incoming request, including the victim's user credentials information: \n\n\n**[1] [[2]](<88740_2.htm>) [next](<88740_2.htm>)**\n", "modified": "2017-08-21T00:00:00", "published": "2017-08-21T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2017/88740.htm", "id": "MYHACK58:62201788740", "title": "In a remote sandbox, free to soar: Adobe Flash Windows user credentials disclosure vulnerability-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "zdi": [{"lastseen": "2020-06-22T11:40:03", "bulletinFamily": "info", "cvelist": ["CVE-2017-3085"], "edition": 2, "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of external resources. The issue lies in the failure to properly apply sandbox rules when following a URL redirect. An attacker can leverage this vulnerability to steal credentials under the context of the current user.", "modified": "2017-06-22T00:00:00", "published": "2017-08-08T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-17-634/", "id": "ZDI-17-634", "title": "Adobe Flash URL Redirect Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cert": [{"lastseen": "2020-09-18T20:41:25", "bulletinFamily": "info", "cvelist": ["CVE-2017-3085"], "description": "### Overview \n\nSoftware running on Microsoft Windows that utilizes HTTP requests can be forwarded to a` file:// `protocol on a malicious server, which causes Windows to automatically attempt authentication via SMB to the malicious server in some circumstances. The encrypted form of the user's credentials are then logged on the malicious server. This vulnerability is alternatively known as \"Redirect to SMB\".\n\n### Description \n\n[**CWE-201**](<http://cwe.mitre.org/data/definitions/201.html>)**: Information Exposure Through Sent Data**\n\nMany software products use HTTP requests for various features such as software update checking. A malicious user can intercept such requests (such as with a MITM proxy) and use HTTP Redirect to redirect the victim a malicious SMB server. If the redirect is a` file://` URL and the victim is running Microsoft Windows, Windows will automatically attempt to authenticate to the malicious SMB server by providing the victim's user credentials to the server. These credentials can then be logged by the malicious server. The credentials are encrypted, but may be \"brute-forced\" to break the encryption. \n \nThe following Windows API functions (available via `urlmon.dll`) have been identified as being affected:\n\n * `URLDownloadA`\n * `URLDownloadW`\n * `URLDownloadToCacheFileA`\n * `URLDownloadToCacheFileW`\n * `URLDownloadToFileA`\n * `URLDownloadToFileW`\n * `URLOpenStream`\n * `URLOpenBlockingStream`\n \n`urlmon` uses the `wininet` library for processing, therefore the affected functionality may be contained within `wininet`; it is currently not clear where the vulnerability lies. Internet Explorer and the WebBrowser component of .NET have also be reported vulnerable to this SMB redirection. For a longer description with more examples, see [Cylance's blog](<http://blog.cylance.com/redirect-to-smb>) on the issue. \n \nWhile the HTTP Redirect vector is novel, this type of issue with SMB has been well known for some time. For example, see Aaron Spangler's [report from 1997](<http://insecure.org/sploits/winnt.automatic.authentication.html>), Steve Birnbaum's [report](<http://insecure.org/sploits/win95.smb.auto-auth.html>), Paul Ashton's [report](<http://insecure.org/sploits/NT.NTLM.auto-authentication.html>), and information from [Microsoft from 2009](<https://technet.microsoft.com/en-us/library/security/974926.aspx>). Please see the full list of references at the end of this publication. \n--- \n \n### Impact \n\nAn attacker exploiting this vulnerability may obtain the victim's user credentials in an encrypted format. \n \n--- \n \n### Solution \n\nThe CERT/CC is currently unaware of a full solution to this problem. However, affected users may consider the following workarounds. \n \n--- \n \n**Block outbound SMB** \n \nConsider blocking outbound SMB connections (TCP ports 139 and 445) from the local network to the WAN. \n \n**Update NTLM group policy** \n \nThis attack may be mitigated in some circumstances by restricting NTLM via appropriate Group Policy. See [reference one](<https://technet.microsoft.com/en-us/library/jj865668\$v=ws.10\$.aspx>) and [reference two](<https://technet.microsoft.com/en-us/library/jj865676\$v=ws.10\$.aspx>) from Microsoft.[](<https://technet.microsoft.com/en-us/library/jj865668\$v=ws.10\$.aspx>)[](<https://technet.microsoft.com/en-us/library/jj865668\$v=ws.10\$.aspx>)[](<https://technet.microsoft.com/library/jj852213\$v=ws.10\$.aspx>) \n \n**Do not use NTLM for authentication by default in applications** \n \nDevelopers should ensure their software [complies with appropriate Group Policy](<http://blogs.technet.com/b/askds/archive/2009/10/08/ntlm-blocking-and-you-application-analysis-and-auditing-methodologies-in-windows-7.aspx>) and does not use NTLM for authentication by default. \n \n**Use a strong password and change passwords frequently** \n \nSince the credentials are provided to the attacker in encrypted form, a stronger password may require more time to break the encryption. Changing passwords regularly further deters brute-force attacks against the encryption. \n \n--- \n \n### Vendor Information\n\n672268\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### AVG Anti-virus Software Affected\n\nNotified: March 24, 2015 Updated: April 01, 2015 \n\n**Statement Date: April 01, 2015**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Adobe __ Affected\n\nNotified: March 24, 2015 Updated: September 05, 2017 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nIt has been reported to us that CVE-2017-3085 is a form of Redirect to SMB affecting Flash Player. Adobe's [security advisory](<https://helpx.adobe.com/security/products/flash-player/apsb17-23.html>) recommends upgrading Flash Player to at least 26.0.0.151, which has addressed the issue.\n\n### Vendor References\n\n * <https://helpx.adobe.com/security/products/flash-player/apsb17-23.html>\n\n### Microsoft Corporation Affected\n\nNotified: March 11, 2015 Updated: April 01, 2015 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Oracle Corporation Affected\n\nNotified: March 24, 2015 Updated: April 01, 2015 \n\n**Statement Date: March 31, 2015**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apple Unknown\n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Box.com __ Unknown\n\nNotified: April 14, 2015 Updated: April 14, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nAccording to the reporter, the Box Sync client may be vulnerable in certain circumstances if the user accepts an SSL prompt. CERT/CC has been unable to confirm this so far.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23672268 Feedback>).\n\n### COMODO Security Solutions, Inc. Unknown\n\nNotified: March 24, 2015 Updated: March 24, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Github __ Unknown\n\nUpdated: April 13, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nThe GitHub for Windows installer has been reported to be affected by this vulnerability.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23672268 Feedback>).\n\n### GoPro __ Unknown\n\nUpdated: April 13, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nGoPro Studio has been reported to be affected by this vulnerability.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23672268 Feedback>).\n\n### JetBrains __ Unknown\n\nUpdated: April 13, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Addendum\n\nThe following software was reported to CERT/CC to be vulnerable; this information has not been verified yet:\n\n* IntelliJ IDEA \n* PyCharm\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23672268 Feedback>).\n\n### Symantec Unknown\n\nNotified: April 17, 2015 Updated: April 17, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\n### Unify Inc Unknown\n\nNotified: April 17, 2015 Updated: April 17, 2015 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor References\n\nView all 12 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.3 | AV:N/AC:M/Au:S/C:C/I:N/A:N \nTemporal | 5.7 | E:F/RL:W/RC:C \nEnvironmental | 5.7 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://blog.cylance.com/redirect-to-smb>\n * <https://technet.microsoft.com/en-us/library/security/974926.aspx>\n * <https://technet.microsoft.com/en-us/library/security/973811.aspx>\n * <https://technet.microsoft.com/en-us/library/jj865668(v=ws.10).aspx>\n * <https://technet.microsoft.com/en-us/library/jj865676(v=ws.10).aspx>\n * <http://blogs.technet.com/b/askds/archive/2009/10/08/ntlm-blocking-and-you-application-analysis-and-auditing-methodologies-in-windows-7.aspx>\n * <https://msdn.microsoft.com/en-us/library/ms775122%28v=vs.85%29.aspx>\n * <https://msdn.microsoft.com/en-us/library/ms775123%28v=vs.85%29.aspx>\n * <https://msdn.microsoft.com/en-us/library/aa939357%28v=WinEmbedded.5%29.aspx>\n * <https://msdn.microsoft.com/en-us/library/windows/desktop/aa385483%28v=vs.85%29.aspx>\n * <https://technet.microsoft.com/library/jj852213(v=ws.10).aspx>\n * <http://insecure.org/sploits/winnt.automatic.authentication.html>\n * <http://insecure.org/sploits/win95.smb.auto-auth.html>\n * <http://insecure.org/sploits/NT.NTLM.auto-authentication.html>\n * <http://cwe.mitre.org/data/definitions/201.html>\n\n### Acknowledgements\n\nThanks to Brian Wallace of Cylance, Inc., for reporting this vulnerability.\n\nThis document was written by Garret Wassermann.\n\n### Other Information\n\n**CVE IDs:** | [None](<http://web.nvd.nist.gov/vuln/detail/None>) \n---|--- \n**Date Public:** | 2015-04-13 \n**Date First Published:** | 2015-04-13 \n**Date Last Updated: ** | 2017-09-05 21:58 UTC \n**Document Revision: ** | 67 \n", "modified": "2017-09-05T21:58:00", "published": "2015-04-13T00:00:00", "id": "VU:672268", "href": "https://www.kb.cert.org/vuls/id/672268", "type": "cert", "title": "Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitdb": [{"lastseen": "2017-08-17T21:07:16", "description": "Adobe Flash - Invoke Accesses Trait Out-of-Bounds. CVE-2017-3106. Dos exploit for Windows platform", "published": "2017-08-17T00:00:00", "type": "exploitdb", "title": "Adobe Flash - Invoke Accesses Trait Out-of-Bounds", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3106"], "modified": "2017-08-17T00:00:00", "id": "EDB-ID:42480", "href": "https://www.exploit-db.com/exploits/42480/", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1320\r\n\r\nThe attached fuzzed swf file causes the traits of an ActionScript object to be accessed out of bounds. This can probably lead to exploitable type confusion. \r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42480.zip\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/42480/"}], "zdt": [{"lastseen": "2018-02-17T21:29:39", "description": "Exploit for windows platform in category dos / poc", "edition": 1, "published": "2017-08-18T00:00:00", "title": "Adobe Flash - Invoke Accesses Trait Out-of-Bounds Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-3106"], "modified": "2017-08-18T00:00:00", "href": "https://0day.today/exploit/description/28302", "id": "1337DAY-ID-28302", "sourceData": "Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1320\r\n \r\nThe attached fuzzed swf file causes the traits of an ActionScript object to be accessed out of bounds. This can probably lead to exploitable type confusion.\n\n# 0day.today [2018-02-17] #", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/28302"}], "trendmicroblog": [{"lastseen": "2017-08-24T14:09:47", "bulletinFamily": "blog", "cvelist": ["CVE-2017-11209", "CVE-2017-11210", "CVE-2017-11211", "CVE-2017-11212", "CVE-2017-11214", "CVE-2017-11216", "CVE-2017-11217", "CVE-2017-11218", "CVE-2017-11219", "CVE-2017-11220", "CVE-2017-11221", "CVE-2017-11222", "CVE-2017-11223", "CVE-2017-11224", "CVE-2017-11226", "CVE-2017-11227", "CVE-2017-11228", "CVE-2017-11229", "CVE-2017-11230", "CVE-2017-11231", "CVE-2017-11232", "CVE-2017-11233", "CVE-2017-11234", "CVE-2017-11235", "CVE-2017-11236", "CVE-2017-11237", "CVE-2017-11238", "CVE-2017-11239", "CVE-2017-11241", "CVE-2017-11242", "CVE-2017-11243", "CVE-2017-11244", "CVE-2017-11245", "CVE-2017-11246", "CVE-2017-11248", "CVE-2017-11249", "CVE-2017-11251", "CVE-2017-11252", "CVE-2017-11254", "CVE-2017-11255", "CVE-2017-11256", "CVE-2017-11257", "CVE-2017-11258", "CVE-2017-11259", "CVE-2017-11260", "CVE-2017-11261", "CVE-2017-11262", "CVE-2017-11263", "CVE-2017-11265", "CVE-2017-11267", "CVE-2017-11268", "CVE-2017-11269", "CVE-2017-11270", "CVE-2017-11271", "CVE-2017-3085", "CVE-2017-3106", "CVE-2017-3113", "CVE-2017-3115", "CVE-2017-3116", "CVE-2017-3117", "CVE-2017-3118", "CVE-2017-3119", "CVE-2017-3120", "CVE-2017-3121", "CVE-2017-3122", "CVE-2017-3123", "CVE-2017-3124"], "description": "![](http://blog.trendmicro.com/wp-content/uploads/2016/04/TP-WeeklyBlog-300x205-300x205.jpg)\n\nOne of my favorite movies is the 1999 comedy \u201cGalaxy Quest,\u201d which features the cast of a science-fiction television series similar to Star Trek. In the movie, the crew is visited by real aliens who ask them for help against an intergalactic adversary because they believe that Galaxy Quest is a documentary of historical documents \u2013 not a TV show. There\u2019s a scene in the movie where someone pressed the button that destroys the ship. The crew makes it to the center of the ship where they can stop the process but the stop button doesn\u2019t work. The countdown to destruction continues, but when the clock hits one second, it stops. Why? Because on a TV show, the clock always stops at one second before total destruction.\n\nSometimes, we can\u2019t control the script of our real-life security world and the clock doesn\u2019t stop at one second. Yesterday, the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) (ZDI) published two zero-day advisories for vulnerabilities in Foxit Reader per the guidelines outlined in the ZDI disclosure policy. The two advisories, [ZDI-17-691](<http://www.zerodayinitiative.com/advisories/ZDI-17-691/>) and [ZDI-17-692](<http://www.zerodayinitiative.com/advisories/ZDI-17-692/>), allow remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. For more detailed analysis of the Foxit Reader vulnerabilities, you can read the ZDI blog: [Busting Myths in Foxit Reader](<https://www.zerodayinitiative.com/blog/2017/8/17/busting-myths-in-foxit-reader>).\n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before August 8, 2017. The following table maps Digital Vaccine filters to the Adobe updates. Filters marked with an (*) shipped prior to this week\u2019s DV package, providing zero-day protection for our customers. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [August 2017 Security Update Review](<https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review>) from the Zero Day Initiative:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB17-23 | CVE-2017-3085 | | Local Only \nAPSB17-23 | CVE-2017-3106 | 29353 | \nAPSB17-24 | CVE-2017-3113 | *26537 | \nAPSB17-24 | CVE-2017-3115 | *27233 | \nAPSB17-24 | CVE-2017-3116 | 29354 | \nAPSB17-24 | CVE-2017-3117 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nAPSB17-24 | CVE-2017-3118 | 29358 | \nAPSB17-24 | CVE-2017-3119 | 29359 | \nAPSB17-24 | CVE-2017-3120 | *27751 | \nAPSB17-24 | CVE-2017-3121 | *27948 | \nAPSB17-24 | CVE-2017-3122 | *28005 | \nAPSB17-24 | CVE-2017-3123 | *28032 | \nAPSB17-24 | CVE-2017-3124 | *28034 | \nAPSB17-24 | CVE-2017-11209 | *28035 | \nAPSB17-24 | CVE-2017-11210 | *28092 | \nAPSB17-24 | CVE-2017-11211 | *28218 | \nAPSB17-24 | CVE-2017-11212 | *28100 | \nAPSB17-24 | CVE-2017-11214 | *28216 | \nAPSB17-24 | CVE-2017-11216 | *27821 | \nAPSB17-24 | CVE-2017-11217 | *27812 | \nAPSB17-24 | CVE-2017-11218 | *27753 | \nAPSB17-24 | CVE-2017-11219 | *27820 | \nAPSB17-24 | CVE-2017-11220 | 29360 | \nAPSB17-24 | CVE-2017-11221 | 29413 | \nAPSB17-24 | CVE-2017-11222 | 29352 | \nAPSB17-24 | CVE-2017-11223 | *28202 | \nAPSB17-24 | CVE-2017-11224 | *28202 | \nAPSB17-24 | CVE-2017-11226 | 29349 | \nAPSB17-24 | CVE-2017-11227 | *28473 | \nAPSB17-24 | CVE-2017-11228 | *28475 | \nAPSB17-24 | CVE-2017-11229 | 29361 | \nAPSB17-24 | CVE-2017-11230 | *28476 | \nAPSB17-24 | CVE-2017-11231 | *28478 | \nAPSB17-24 | CVE-2017-11232 | *28479 | \nAPSB17-24 | CVE-2017-11233 | *28481 | \nAPSB17-24 | CVE-2017-11234 | *28543 | \nAPSB17-24 | CVE-2017-11235 | 29362 | \nAPSB17-24 | CVE-2017-11236 | 29363 | \nAPSB17-24 | CVE-2017-11237 | 29370 | \nAPSB17-24 | CVE-2017-11238 | 29371 | \nAPSB17-24 | CVE-2017-11239 | *28544 | \nAPSB17-24 | CVE-2017-11241 | *28547 | \nAPSB17-24 | CVE-2017-11242 | 28480, 28548 | \nAPSB17-24 | CVE-2017-11243 | *28663 | \nAPSB17-24 | CVE-2017-11244 | *28664 | \nAPSB17-24 | CVE-2017-11245 | *28666 | \nAPSB17-24 | CVE-2017-11246 | 29414 | \nAPSB17-24 | CVE-2017-11248 | *28463 | \nAPSB17-24 | CVE-2017-11249 | *28464 | \nAPSB17-24 | CVE-2017-11251 | 29418 | \nAPSB17-24 | CVE-2017-11252 | *28477 | \nAPSB17-24 | CVE-2017-11254 | 29350 | \nAPSB17-24 | CVE-2017-11255 | *28741 | \nAPSB17-24 | CVE-2017-11256 | *28735 | \nAPSB17-24 | CVE-2017-11257 | *28734 | \nAPSB17-24 | CVE-2017-11258 | *28732 | \nAPSB17-24 | CVE-2017-11259 | *28733 | \nAPSB17-24 | CVE-2017-11260 | *28731 | \nAPSB17-24 | CVE-2017-11261 | *28730 | \nAPSB17-24 | CVE-2017-11262 | 29355 | \nAPSB17-24 | CVE-2017-11263 | 29369 | \nAPSB17-24 | CVE-2017-11265 | *28916 | \nAPSB17-24 | CVE-2017-11267 | 29364 | \nAPSB17-24 | CVE-2017-11268 | 29365 | \nAPSB17-24 | CVE-2017-11269 | 29366 | \nAPSB17-24 | CVE-2017-11270 | 29367 | \nAPSB17-24 | CVE-2017-11271 | 29368 | \n \n \n\n**TippingPoint Operating System (TOS) v3.9.2 Release**\n\nEarlier this week, we issued a maintenance release version 3.9.2 build 4784 of the TippingPoint Operating System (TOS) for the N/NX Platform family. For the complete list of enhancements and changes, please refer to the product Release Notes located on the Threat Management center (TMC) Web site at <https://tmc.tippingpoint.com>. Customers with questions or technical assistance can contact the TippingPoint Technical Assistance Center (TAC).\n\n**Zero-Day Filters**\n\nThere are 14 new zero-day filters covering two vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website.\n\n**_Adobe (11)_**\n\n| \n\n * 29362: HTTP: Adobe Acrobat Pro DC ImageConversion JPEG Use-After-Free Vulnerability (ZDI-17-590)\n * 29363: HTTP: Adobe Acrobat Pro DC Forms Information Disclosure Vulnerability (ZDI-17-591)\n * 29364: HTTP: Adobe Acrobat Pro DC ImageConversion Memory Corruption Vulnerability (ZDI-17-621)\n * 29365: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-622)\n * 29366: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-623)\n * 29367: HTTP: Adobe Acrobat Pro DC ImageConversion Information Disclosure Vulnerability (ZDI-17-625)\n * 29368: HTTP: Adobe Acrobat Pro DC ImageConversion Memory Corruption Vulnerability (ZDI-17-629)\n * 29370: HTTP: Adobe Acrobat Pro DC Font Parsing Information Disclosure Vulnerability (ZDI-17-592)\n * 29371: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Information Disclosure Vulnerability (ZDI-17-593)\n * 29414: HTTP: Adobe Acrobat Pro ImageConversion JPEG Information Disclosure Vulnerability (ZDI-17-603)\n * 29418: HTTP: Adobe Acrobat Pro DC JPEG2000 Memory Corruption Vulnerability (ZDI-17-609)**_ _** \n---|--- \n \n**_ _**\n\n**_Trend Micro (3)_**\n\n| \n\n * 29333: HTTPS: Trend Micro SafeSync for Enterprise replace_local_disk Command Injection (ZDI-17-119)\n * 29337: HTTP: Trend Micro SafeSync for Enterprise dead_local_disk Command Injection (ZDI-17-118)\n * 29338: HTTPS: Trend Micro SafeSync for Enterprise dead_local_disk Command Injection (ZDI-17-118) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-august-7-2017/>).", "modified": "2017-08-18T12:00:42", "published": "2017-08-18T12:00:42", "href": "http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-august-14-2017/", "id": "TRENDMICROBLOG:3BC4D55C7B197F32FEF9A2D171ACD8AB", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of August 14, 2017", "type": "trendmicroblog", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}