Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_KB3004150.NASL
HistoryNov 12, 2014 - 12:00 a.m.

MS KB3004150: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

2014-11-1200:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37
JSON

The remote host is missing KB3004150. It is, therefore, affected by the following vulnerabilities :

  • Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)

  • Multiple use-after-free vulnerabilities could result in arbitrary code execution. (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438, CVE-2014-0574)

  • Multiple type confusion vulnerabilities could result in arbitrary code execution. (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)

  • Multiple heap-based buffer overflow vulnerabilities can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-0583, CVE-2014-0582, CVE-2014-0589)

  • A permission issue that allows a remote attacker to gain elevated privileges. (CVE-2014-8442)

  • An information disclosure vulnerability can be exploited to disclose secret session tokens. (CVE-2014-8437)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79145);
  script_version("1.13");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id(
    "CVE-2014-0573",
    "CVE-2014-0574",
    "CVE-2014-0576",
    "CVE-2014-0577",
    "CVE-2014-0581",
    "CVE-2014-0582",
    "CVE-2014-0583",
    "CVE-2014-0584",
    "CVE-2014-0585",
    "CVE-2014-0586",
    "CVE-2014-0588",
    "CVE-2014-0589",
    "CVE-2014-0590",
    "CVE-2014-8437",
    "CVE-2014-8438",
    "CVE-2014-8440",
    "CVE-2014-8441",
    "CVE-2014-8442"
  );
  script_bugtraq_id(
    71033,
    71035,
    71036,
    71037,
    71038,
    71039,
    71040,
    71041,
    71042,
    71043,
    71044,
    71045,
    71046,
    71047,
    71048,
    71049,
    71050,
    71051
  );
  script_xref(name:"MSKB", value:"3004150");

  script_name(english:"MS KB3004150: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer");
  script_summary(english:"Checks version of ActiveX control.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a browser plugin that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing KB3004150. It is, therefore, affected by
the following vulnerabilities :

  - Multiple memory corruption vulnerabilities allow an
    attacker to execute arbitrary code. (CVE-2014-0576,
    CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)

  - Multiple use-after-free vulnerabilities could result in
    arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,
    CVE-2014-8438, CVE-2014-0574)

  - Multiple type confusion vulnerabilities could result in
    arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,
    CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)

  - Multiple heap-based buffer overflow vulnerabilities can
    be exploited to execute arbitrary code or elevate
    privileges. (CVE-2014-0583, CVE-2014-0582,
    CVE-2014-0589)

  - A permission issue that allows a remote attacker to gain
    elevated privileges. (CVE-2014-8442)

  - An information disclosure vulnerability can be exploited
    to disclose secret session tokens. (CVE-2014-8437)");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-24.html");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/3004150/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash");
  script_set_attribute(attribute:"solution", value:
"Install Microsoft KB3004150.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8441");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_keys("SMB/Registry/Enumerated", "SMB/WindowsVersion");
  script_require_ports(139, 445);

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_activex_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

if (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, "activex_init()");

# Adobe Flash Player CLSID
clsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';

file = activex_get_filename(clsid:clsid);
if (isnull(file))
{
  activex_end();
  audit(AUDIT_FN_FAIL, "activex_get_filename", "NULL");
}
if (!file)
{
  activex_end();
  audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);
}

# Get its version.
version = activex_get_fileversion(clsid:clsid);
if (!version)
{
  activex_end();
  audit(AUDIT_VER_FAIL, file);
}

info = '';

iver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(iver); i++)
 iver[i] = int(iver[i]);

# < 15.0.0.223
if (
  (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&
  (
    iver[0] < 15 ||
    (
      iver[0] == 15 &&
      (
        (iver[1] == 0 && iver[2] == 0 && iver[3] < 223)
      )
    )
  )
)
{
  info = '\n  Path              : ' + file +
         '\n  Installed version : ' + version +
         '\n  Fixed version     : 15.0.0.223' +
         '\n';
}

port = kb_smb_transport();

if (info != '')
{
  if (report_verbosity > 0)
  {
    if (report_paranoia > 1)
    {
      report = info +
        '\n' +
        'Note, though, that Nessus did not check whether the kill bit was\n' +
        "set for the control's CLSID because of the Report Paranoia setting" + '\n' +
        'in effect when this scan was run.\n';
    }
    else
    {
      report = info +
        '\n' +
        'Moreover, its kill bit is not set so it is accessible via Internet\n' +
        'Explorer.\n';
    }
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_HOST_NOT, 'affected');
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
adobeflash_playercpe:/a:adobe:flash_player

References

Related

nessus 18
suse 4
openvas 9
archlinux 1
redhat 1
mageia 1
gentoo 1
cvelist 18
cve 18
prion 18
ubuntucve 18
checkpoint_advisories 15
threatpost 6
packetstorm 1
zdt 1
metasploit 1
hackerone 2
symantec 3
exploitdb 1
thn 1
freebsd 1
chrome 1
nessus
nessus
SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)
2014-11-18 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2014:1852)
2014-11-13 00:00:00
Flash Player <= 15.0.0.189 Multiple Vulnerabilities (APSB14-24)
2014-11-12 00:00:00
suse
suse
Security update for flash-player (important)
2014-11-18 12:04:40
Security update for flash-player (important)
2014-11-18 01:05:27
Security update for Adobe Flash Player (important)
2015-04-16 13:04:48
openvas
openvas
SUSE: Security Advisory for flash-player (SUSE-SU-2014:1442-1)
2015-10-16 00:00:00
Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Linux
2014-11-14 00:00:00
Adobe AIR Multiple Vulnerabilities (APSB14-24) - Windows
2014-11-14 00:00:00
archlinux
archlinux
flashplugin: remote code execution
2014-11-13 00:00:00
redhat
redhat
(RHSA-2014:1852) Critical: flash-plugin security update
2014-11-13 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix multiple security vulnerabilities
2014-11-14 04:27:45
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-11-21 00:00:00
cvelist
cvelist
CVE-2014-0585
2014-11-11 23:00:00
CVE-2014-0590
2014-11-11 23:00:00
CVE-2014-0577
2014-11-11 23:00:00
cve
cve
CVE-2014-0586
2014-11-11 23:55:00
CVE-2014-0585
2014-11-11 23:55:00
CVE-2014-0577
2014-11-11 23:55:00
prion
prion
Type confusion
2014-11-11 23:55:00
Type confusion
2014-11-11 23:55:00
Type confusion
2014-11-11 23:55:00
ubuntucve
ubuntucve
CVE-2014-0590
2014-11-11 00:00:00
CVE-2014-0585
2014-11-11 00:00:00
CVE-2014-0584
2014-11-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Use After Free Code Execution (APSB14-24: CVE-2014-8438)
2015-01-25 00:00:00
Adobe Flash Player Memory Corruption (APSB14-24: CVE-2014-8440)
2014-12-10 00:00:00
Adobe Flash Player Heap Buffer Overflow (APSB14-24: CVE-2014-0589)
2015-02-03 00:00:00
threatpost
threatpost
Citadel Variant Targets Password Managers
2014-11-19 14:54:34
Angler Exploit Kit Adds New Flash Exploit
2014-11-20 08:02:52
Exploit for Flash Zero Day Appears in Angler Exploit Kit
2015-01-21 11:53:31
packetstorm
packetstorm
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
2015-05-01 00:00:00
zdt
zdt
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory Exploit
2015-05-01 00:00:00
metasploit
metasploit
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
2015-04-29 22:52:04
hackerone
hackerone
Internet Bug Bounty: Adobe Flash Player MP4 Use-After-Free Vulnerability
2014-11-17 06:20:07
Internet Bug Bounty: Race condition in Flash workers may cause an exploitabl​e double free
2014-11-24 08:10:24
symantec
symantec
Adobe Flash Player and AIR CVE-2014-8440 Unspecified Memory Corruption Vulnerability
2014-11-11 00:00:00
Adobe Flash Player and AIR CVE-2014-0577 Type Confusion Remote Code Execution Vulnerability
2014-11-11 00:00:00
Adobe Flash Player and AIR CVE-2014-0588 Use After Free Remote Code Execution Vulnerability
2014-11-11 00:00:00
exploitdb
exploitdb
Adobe Flash Player - UncompressViaZlibVariant Uninitialized Memory (Metasploit)
2015-05-01 00:00:00
thn
thn
Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability
2014-11-25 21:27:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-11-18 00:00:00
chrome
chrome
Stable Channel Update
2014-11-18 00:00:00
JSON
Related for SMB_KB3004150.NASL
nessus18suse4openvas9archlinux1redhat1mageia1gentoo1cvelist18cve18prion18ubuntucve18checkpoint_advisories15threatpost6packetstorm1zdt1metasploit1hackerone2symantec3exploitdb1thn1freebsd1chrome1