Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_KB3044132.NASL
HistoryMar 13, 2015 - 12:00 a.m.

MS KB3044132: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

2015-03-1300:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
JSON

The remote Windows host is missing KB3044132. It is, therefore, affected by the following vulnerabilities :

  • Multiple memory corruption issues exist due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)

  • Multiple type confusions flaws exist, which an attacker can exploit to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)

  • An unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)

  • An integer overflow condition exists due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0338)

  • An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
    (CVE-2015-0340)

  • Multiple use-after-free errors exist that can allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(81732);
  script_version("1.17");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id(
    "CVE-2015-0332",
    "CVE-2015-0333",
    "CVE-2015-0334",
    "CVE-2015-0335",
    "CVE-2015-0336",
    "CVE-2015-0337",
    "CVE-2015-0338",
    "CVE-2015-0339",
    "CVE-2015-0340",
    "CVE-2015-0341",
    "CVE-2015-0342"
  );
  script_bugtraq_id(
    73080,
    73081,
    73082,
    73083,
    73084,
    73085,
    73086,
    73087,
    73088,
    73089,
    73091
  );
  script_xref(name:"EDB-ID", value:"36962");
  script_xref(name:"MSKB", value:"3044132");

  script_name(english:"MS KB3044132: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer");
  script_summary(english:"Checks the version of the ActiveX control.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a browser plugin that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing KB3044132. It is, therefore,
affected by the following vulnerabilities :

  - Multiple memory corruption issues exist due to not
    properly validating user input, which an attacker can
    exploit to execute arbitrary code. (CVE-2015-0332,
    CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)

  - Multiple type confusions flaws exist, which an attacker
    can exploit to execute arbitrary code. (CVE-2015-0334,
    CVE-2015-0336)

  - An unspecified flaw exists that allows an attacker to
    bypass cross-domain policy. (CVE-2015-0337)

  - An integer overflow condition exists due to not properly
    validating user input, which an attacker can exploit to
    execute arbitrary code. (CVE-2015-0338)

  - An unspecified flaw exists that allows an attacker to
    bypass restrictions and upload arbitrary files.
    (CVE-2015-0340)

  - Multiple use-after-free errors exist that can allow an
    attacker to deference already freed memory and execute
    arbitrary code. (CVE-2015-0341, CVE-2015-0342)");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/3044132/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-05.html");
  script_set_attribute(attribute:"solution", value:
"Install Microsoft KB3044132.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0342");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player NetConnection Type Confusion');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_keys("SMB/Registry/Enumerated", "SMB/WindowsVersion");
  script_require_ports(139, 445);

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_activex_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

if (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, "activex_init()");

# Adobe Flash Player CLSID
clsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';

file = activex_get_filename(clsid:clsid);
if (isnull(file))
{
  activex_end();
  audit(AUDIT_FN_FAIL, "activex_get_filename", "NULL");
}
if (!file)
{
  activex_end();
  audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);
}

# Get its version.
version = activex_get_fileversion(clsid:clsid);
if (!version)
{
  activex_end();
  audit(AUDIT_VER_FAIL, file);
}

info = '';

iver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(iver); i++)
 iver[i] = int(iver[i]);

# < 17.0.0.134
if (
  (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&
  (
    iver[0] < 17 ||
    (
      iver[0] == 17 &&
      (
        (iver[1] == 0 && iver[2] == 0 && iver[3] < 134)
      )
    )
  )
)
{
  info = '\n  Path              : ' + file +
         '\n  Installed version : ' + version +
         '\n  Fixed version     : 17.0.0.134' +
         '\n';
}

port = kb_smb_transport();

if (info != '')
{
  if (report_verbosity > 0)
  {
    if (report_paranoia > 1)
    {
      report = info +
        '\n' +
        'Note, though, that Nessus did not check whether the kill bit was\n' +
        "set for the control's CLSID because of the Report Paranoia setting" + '\n' +
        'in effect when this scan was run.\n';
    }
    else
    {
      report = info +
        '\n' +
        'Moreover, its kill bit is not set so it is accessible via Internet\n' +
        'Explorer.\n';
    }
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_HOST_NOT, 'affected');
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
adobeflash_playercpe:/a:adobe:flash_player

References

Related

nessus 13
altlinux 2
redhat 1
openvas 6
archlinux 1
mageia 1
freebsd 1
gentoo 1
suse 5
thn 1
cve 11
ubuntucve 11
prion 11
kaspersky 1
googleprojectzero 1
checkpoint_advisories 11
hackerone 1
symantec 3
zdt 2
packetstorm 1
zdi 1
metasploit 1
exploitdb 1
threatpost 5
nessus
nessus
Flash Player < 17.0 Multiple Vulnerabilities (APSB15-05)
2015-03-27 00:00:00
SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:0491-1)
2015-05-20 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2015:0697)
2015-03-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt42
2015-03-13 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt42
2015-03-13 00:00:00
redhat
redhat
(RHSA-2015:0697) Critical: flash-plugin security update
2015-03-17 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities - 01 Mar15 (Linux)
2015-03-17 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 Mar15 (Windows)
2015-03-20 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 Mar15 (Mac OS X)
2015-03-17 00:00:00
archlinux
archlinux
flashplugin: multiple issues
2015-03-16 00:00:00
mageia
mageia
Updated flash-player-plugin package fixes security vulnerabilities
2015-03-14 21:44:24
freebsd
freebsd
Adobe Flash Player -- critical vulnerabilities
2015-03-12 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-03-16 00:00:00
suse
suse
Security update for flash-player (critical)
2015-03-13 18:04:51
Security update for flash-player (critical)
2015-03-13 12:05:10
flashplayer to version 11.2.202.451 (important)
2015-03-14 11:04:48
thn
thn
Adobe Flash Player Update Patches 11 Critical Vulnerabilities
2015-03-12 21:28:00
cve
cve
CVE-2015-0333
2015-03-13 17:59:00
CVE-2015-0339
2015-03-13 17:59:00
CVE-2015-0335
2015-03-13 17:59:00
ubuntucve
ubuntucve
CVE-2015-0332
2015-03-13 00:00:00
CVE-2015-0335
2015-03-13 00:00:00
CVE-2015-0339
2015-03-13 00:00:00
prion
prion
Memory corruption
2015-03-13 17:59:00
Memory corruption
2015-03-13 17:59:00
Memory corruption
2015-03-13 17:59:00
kaspersky
kaspersky
KLA10462 Multiple vulnerabilities in Adobe Flash Player
2015-03-12 00:00:00
googleprojectzero
googleprojectzero
A Tale of Two Exploits
2015-04-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0337)
2015-03-23 00:00:00
Adobe Flash Player Use After Free Remote Code Execution (APSB15-05: CVE-2015-0341)
2015-03-24 00:00:00
Adobe Flash Player Integer Overflow Remote Code Execution (APSB15-05: CVE-2015-0338)
2015-03-23 00:00:00
hackerone
hackerone
Internet Bug Bounty: Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome
2015-03-12 23:35:49
symantec
symantec
Adobe Flash Player CVE-2015-0339 Unspecified Memory Corruption Vulnerability
2015-03-12 00:00:00
Adobe Flash Player CVE-2015-0338 Remote Integer Overflow Vulnerability
2015-03-12 00:00:00
Adobe Flash Player CVE-2015-0336 Type Confusion Remote Code Execution Vulnerability
2015-03-12 00:00:00
zdt
zdt
Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability
2015-03-16 00:00:00
Adobe Flash Player NetConnection Type Confusion Exploit
2015-05-08 00:00:00
packetstorm
packetstorm
Adobe Flash Player NetConnection Type Confusion
2015-05-07 00:00:00
zdi
zdi
Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability
2015-03-12 00:00:00
metasploit
metasploit
Adobe Flash Player NetConnection Type Confusion
2015-05-27 22:05:10
exploitdb
exploitdb
Adobe Flash Player - NetConnection Type Confusion (Metasploit)
2015-05-08 00:00:00
threatpost
threatpost
Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0
2015-05-28 13:57:47
Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS
2018-11-20 20:49:30
Chrome Browser Bug Under Active Attack
2021-06-10 20:07:53
JSON
Related for SMB_KB3044132.NASL
nessus13altlinux2redhat1openvas6archlinux1mageia1freebsd1gentoo1suse5thn1cve11ubuntucve11prion11kaspersky1googleprojectzero1checkpoint_advisories11hackerone1symantec3zdt2packetstorm1zdi1metasploit1exploitdb1threatpost5