ID OPENVAS:136141256231063435 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing updates announced in
advisory RHSA-2009:0334.
The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.
Multiple input validation flaws were found in the way Flash Player
displayed certain SWF (Shockwave Flash) content. An attacker could use
these flaws to create a specially-crafted SWF file that could cause
flash-plugin to crash, or, possibly, execute arbitrary code when the victim
loaded a page containing the specially-crafted SWF content. (CVE-2009-0520,
CVE-2009-0519)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 9.0.159.0.
# OpenVAS Vulnerability Test
# $Id: RHSA_2009_0334.nasl 9350 2018-04-06 07:03:33Z cfischer $
# Description: Auto-generated from advisory RHSA-2009:0334 ()
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_summary = "The remote host is missing updates announced in
advisory RHSA-2009:0334.
The flash-plugin package contains a Firefox-compatible Adobe Flash Player
Web browser plug-in.
Multiple input validation flaws were found in the way Flash Player
displayed certain SWF (Shockwave Flash) content. An attacker could use
these flaws to create a specially-crafted SWF file that could cause
flash-plugin to crash, or, possibly, execute arbitrary code when the victim
loaded a page containing the specially-crafted SWF content. (CVE-2009-0520,
CVE-2009-0519)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 9.0.159.0.";
tag_solution = "Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.63435");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)");
script_cve_id("CVE-2009-0519", "CVE-2009-0520");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("RedHat Security Advisory RHSA-2009:0334");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name : "URL" , value : "http://rhn.redhat.com/errata/RHSA-2009-0334.html");
script_xref(name : "URL" , value : "http://www.redhat.com/security/updates/classification/#critical");
script_xref(name : "URL" , value : "http://www.adobe.com/support/security/bulletins/apsb09-01.html");
script_xref(name : "URL" , value : "http://www.adobe.com/products/flashplayer/");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"flash-plugin", rpm:"flash-plugin~9.0.159.0~1.el3.with.oss", rls:"RHENT_3")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"flash-plugin", rpm:"flash-plugin~9.0.159.0~1.el4", rls:"RHENT_4")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231063435", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Security Advisory RHSA-2009:0334", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0334.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.", "published": "2009-03-02T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063435", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": ["http://rhn.redhat.com/errata/RHSA-2009-0334.html", "http://www.redhat.com/security/updates/classification/#critical", "http://www.adobe.com/products/flashplayer/", "http://www.adobe.com/support/security/bulletins/apsb09-01.html"], "cvelist": ["CVE-2009-0520", "CVE-2009-0519"], "lastseen": "2018-04-06T11:38:04", "viewCount": 1, "enchantments": {"score": {"value": 9.2, "vector": "NONE", "modified": "2018-04-06T11:38:04", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0520", "CVE-2009-0519"]}, {"type": "openvas", "idList": ["OPENVAS:800359", "OPENVAS:1361412562310800359", "OPENVAS:136141256231063468", "OPENVAS:136141256231064565", "OPENVAS:63468", "OPENVAS:136141256231063434", "OPENVAS:64565", "OPENVAS:63435", "OPENVAS:1361412562310800360", "OPENVAS:63434"]}, {"type": "redhat", "idList": ["RHSA-2009:0332", "RHSA-2009:0334"]}, {"type": "suse", "idList": ["SUSE-SA:2009:011"]}, {"type": "nessus", "idList": ["SUSE_11_0_FLASH-PLAYER-090226.NASL", "SUSE_11_FLASH-PLAYER-090316.NASL", "SUSE_11_1_FLASH-PLAYER-090225.NASL", "REDHAT-RHSA-2009-0334.NASL", "FLASH_PLAYER_APSB09_01.NASL", "REDHAT-RHSA-2009-0332.NASL", "GENTOO_GLSA-200903-23.NASL", "MACOSX_SECUPD2009-002.NASL", "SUSE_FLASH-PLAYER-6022.NASL", "SUSE_FLASH-PLAYER-6020.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:32811"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21381", "SECURITYVULNS:DOC:21825", "SECURITYVULNS:VULN:9689"]}, {"type": "seebug", "idList": ["SSV:4828"]}, {"type": "gentoo", "idList": ["GLSA-200903-23"]}], "modified": "2018-04-06T11:38:04", "rev": 2}, "vulnersScore": 9.2}, "pluginID": "136141256231063435", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0334.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0334 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0334.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63435\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0334\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0334.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/products/flashplayer/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~9.0.159.0~1.el3.with.oss\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~9.0.159.0~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Red Hat Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:39:59", "description": "Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.", "edition": 6, "cvss3": {}, "published": "2009-02-26T16:17:00", "title": "CVE-2009-0519", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0519"], "modified": "2017-09-29T01:33:00", "cpe": ["cpe:/a:adobe:flex:3.0", "cpe:/a:adobe:flash_player:8.0.24.0", "cpe:/a:adobe:air:1.5", "cpe:/a:adobe:flash_player:9.0.31.0", "cpe:/a:adobe:flash_player:7.0.1", "cpe:/a:adobe:flash_player:8.0.39.0", "cpe:/a:adobe:flash_player:9.0.112.0", "cpe:/a:adobe:flash_player:9.0.20", "cpe:/a:adobe:flash_player:8.0.35.0", "cpe:/a:adobe:flash_player:7.0.70.0", "cpe:/a:adobe:flash_player:7.1.1", "cpe:/a:adobe:flash_player:9.0.16", "cpe:/a:adobe:flash_player:7.1", "cpe:/a:adobe:flash_player:9.0.124.0", "cpe:/a:adobe:flash_player:7.0.69.0", "cpe:/a:adobe:flash_player:7.2", "cpe:/a:adobe:flash_player:cs3", "cpe:/a:adobe:flash_player:10.0.12.36", "cpe:/a:adobe:flash_player:9.0.47.0", "cpe:/a:adobe:flash_player:8.0.34.0", "cpe:/a:adobe:flash_player:9.0.48.0", "cpe:/a:adobe:flash_player:9.0.115.0", "cpe:/a:adobe:flash_player:9.0.28.0", "cpe:/a:adobe:flash_player:9.0.28", "cpe:/a:adobe:flash_player:8.0", "cpe:/a:adobe:flash_player:7.0.63", "cpe:/a:adobe:flash_player:9.0.20.0", "cpe:/a:adobe:flash_player:7.0.25", "cpe:/a:adobe:flash_player:9.0.114.0", "cpe:/a:adobe:flash_player:10.0.0.584", "cpe:/a:adobe:flash_player:cs4", "cpe:/a:adobe:flash_player:10.0.12.10", "cpe:/a:adobe:flash_player:7.0", "cpe:/a:adobe:flash_player:9.0.45.0", "cpe:/a:adobe:flash_player_for_linux:10.0.15.3"], "id": "CVE-2009-0519", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0519", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_for_linux:10.0.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:39:59", "description": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"", "edition": 6, "cvss3": {}, "published": "2009-02-26T16:17:00", "title": "CVE-2009-0520", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0520"], "modified": "2017-09-29T01:33:00", "cpe": ["cpe:/a:adobe:flex:3.0", "cpe:/a:adobe:flash_player:8.0.24.0", "cpe:/a:adobe:air:1.5", "cpe:/a:adobe:flash_player:9.0.31.0", "cpe:/a:adobe:flash_player:7.0.1", "cpe:/a:adobe:flash_player:8.0.39.0", "cpe:/a:adobe:flash_player:9.0.112.0", "cpe:/a:adobe:flash_player:9.0.20", "cpe:/a:adobe:flash_player:8.0.35.0", "cpe:/a:adobe:flash_player:7.0.70.0", "cpe:/a:adobe:flash_player:7.1.1", "cpe:/a:adobe:flash_player:9.0.16", "cpe:/a:adobe:flash_player:7.1", "cpe:/a:adobe:flash_player:9.0.124.0", "cpe:/a:adobe:flash_player:7.0.69.0", "cpe:/a:adobe:flash_player:7.2", "cpe:/a:adobe:flash_player:cs3", "cpe:/a:adobe:flash_player:10.0.12.36", "cpe:/a:adobe:flash_player:9.0.47.0", "cpe:/a:adobe:flash_player:8.0.34.0", "cpe:/a:adobe:flash_player:9.0.48.0", "cpe:/a:adobe:flash_player:9.0.115.0", "cpe:/a:adobe:flash_player:9.0.28.0", "cpe:/a:adobe:flash_player:9.0.28", "cpe:/a:adobe:flash_player:8.0", "cpe:/a:adobe:flash_player:7.0.63", "cpe:/a:adobe:flash_player:9.0.20.0", "cpe:/a:adobe:flash_player:7.0.25", "cpe:/a:adobe:flash_player:9.0.114.0", "cpe:/a:adobe:flash_player:10.0.0.584", "cpe:/a:adobe:flash_player:cs4", "cpe:/a:adobe:flash_player:10.0.12.10", "cpe:/a:adobe:flash_player:7.0", "cpe:/a:adobe:flash_player:9.0.45.0", "cpe:/a:adobe:flash_player_for_linux:10.0.15.3"], "id": "CVE-2009-0520", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0520", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:cs4:*:pro:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_for_linux:10.0.15.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:cs3:*:pro:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-05-29T14:35:08", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0519", "CVE-2009-0520"], "description": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.", "modified": "2017-07-27T22:25:56", "published": "2009-02-25T05:00:00", "id": "RHSA-2009:0334", "href": "https://access.redhat.com/errata/RHSA-2009:0334", "type": "redhat", "title": "(RHSA-2009:0334) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:45", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0521"], "description": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.", "modified": "2017-07-27T07:39:59", "published": "2009-02-25T05:00:00", "id": "RHSA-2009:0332", "href": "https://access.redhat.com/errata/RHSA-2009:0332", "type": "redhat", "title": "(RHSA-2009:0332) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-27T10:55:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0520", "CVE-2009-0519"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0334.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.", "modified": "2017-07-12T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:63435", "href": "http://plugins.openvas.org/nasl.php?oid=63435", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0334", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0334.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0334 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0334.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.159.0.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63435);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0334\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0334.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/products/flashplayer/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~9.0.159.0~1.el3.with.oss\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~9.0.159.0~1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0332.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.", "modified": "2018-04-06T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:136141256231063434", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063434", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0332", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0332.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0332 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0332.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63434\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0332\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0332.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/products/flashplayer/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~10.0.22.87~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0332.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.", "modified": "2017-07-12T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:63434", "href": "http://plugins.openvas.org/nasl.php?oid=63434", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0332", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0332.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0332 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0332.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially-crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the victim\nloaded a page containing the specially-crafted SWF content. (CVE-2009-0520,\nCVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH (runtime\nlibrary search path) set in the ELF (Executable and Linking Format) header.\nA local user with write access to the directory pointed to by RPATH could\nuse this flaw to execute arbitrary code with the privileges of the user\nrunning Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.22.87.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63434);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:0332\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0332.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/products/flashplayer/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-plugin\", rpm:\"flash-plugin~10.0.22.87~1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:011.", "modified": "2018-04-06T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:136141256231063468", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063468", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:011 (flash-player)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_011.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:011 (flash-player)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute\ncode on the victim's machine (CVE-2009-0519, CVE-2009-0520,\nCVE-2009-0521).\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:011\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:011.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63468\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:011 (flash-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.22.87~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:011.", "modified": "2017-07-11T00:00:00", "published": "2009-03-02T00:00:00", "id": "OPENVAS:63468", "href": "http://plugins.openvas.org/nasl.php?oid=63468", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:011 (flash-player)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_011.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:011 (flash-player)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute\ncode on the victim's machine (CVE-2009-0519, CVE-2009-0520,\nCVE-2009-0521).\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:011\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:011.\";\n\n \n\nif(description)\n{\n script_id(63468);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009)\");\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:011 (flash-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.22.87~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:041.", "modified": "2017-07-11T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:64565", "href": "http://plugins.openvas.org/nasl.php?oid=64565", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:041 (flash-player)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_041.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:041 (flash-player)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The flash-player is a web-browser plugin that allows displaying\nanimated web-content and remote access to client hardware (mic,\nweb-cam, etc.).\n\nA specially crafted Shockwave-Flash (SWF) file could cause a\nbuffer overflow in the flash-player plugin. This buffer overflow\ncan probably be exploited to execute arbitrary code remotely.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:041\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:041.\";\n\n \n\nif(description)\n{\n script_id(64565);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:041 (flash-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.22.87~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:041.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "id": "OPENVAS:136141256231064565", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064565", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:041 (flash-player)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_041.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:041 (flash-player)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The flash-player is a web-browser plugin that allows displaying\nanimated web-content and remote access to client hardware (mic,\nweb-cam, etc.).\n\nA specially crafted Shockwave-Flash (SWF) file could cause a\nbuffer overflow in the flash-player plugin. This buffer overflow\ncan probably be exploited to execute arbitrary code remotely.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:041\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:041.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64565\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:041 (flash-player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.22.87~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.159.0~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-02T15:55:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522"], "description": "This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.", "modified": "2020-05-28T00:00:00", "published": "2009-03-10T00:00:00", "id": "OPENVAS:1361412562310800359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800359", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800359\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-03-10 11:59:23 +0100 (Tue, 10 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0522\");\n script_bugtraq_id(33890);\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34012\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause remote code\n execution, compromise system privileges or may cause exposure of sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flex version 3.x or 2.x\n\n Adobe AIR version prior to 1.5.1\n\n Adobe Flash CS3/CS4 Professional\n\n Adobe Flash Player 9 version prior to 9.0.159.0\n\n Adobe Flash Player 10 version prior to 10.0.22.87\");\n\n script_tag(name:\"insight\", value:\"- Error while processing multiple references to an unspecified object which\n can be exploited by tricking the user to accessing a malicious crafted SWF file.\n\n - Input validation error in the processing of SWF file.\n\n - Error while displaying the mouse pointer on Windows which may cause 'Clickjacking' attacks.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Update to version 1.5.1 for Adobe Air.\n\n Update to Adobe Flash Player 9.0.159.0 or 10.0.22.87 and Adobe CS3/CS4, Flex 3.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player\",\n \"cpe:/a:adobe:adobe_air\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\ncpe = infos[\"cpe\"];\n\nif(cpe == \"cpe:/a:adobe:flash_player\") {\n if(version_is_less(version:vers, test_version:\"9.0.159.0\") ||\n version_in_range(version:vers, test_version:\"10.0\", test_version2:\"10.0.22.86\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"9.0.159.0 or 10.0.22.87\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n} else if(cpe == \"cpe:/a:adobe:adobe_air\") {\n if(version_is_less(version:vers, test_version:\"1.5.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.5.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T11:06:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522"], "description": "This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.", "modified": "2017-12-21T00:00:00", "published": "2009-03-10T00:00:00", "id": "OPENVAS:800359", "href": "http://plugins.openvas.org/nasl.php?oid=800359", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln_mar09_win.nasl 8210 2017-12-21 10:26:31Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Update to version 1.5.1 for Adobe Air.\n http://get.adobe.com/air\n\n Update to Adobe Flash Player 9.0.159.0 or 10.0.22.87 and\n Adobe CS3/CS4, Flex 3\n http://get.adobe.com/flashplayer\n http://www.adobe.com/support/flashplayer/downloads.html#fp9\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause remote code\n execution, compromise system privileges or may cause exposure of sensitive information.\n\n Impact Level: System/Application\";\n\ntag_affected = \"Adobe Flex version 3.x or 2.x\n\n Adobe AIR version prior to 1.5.1\n\n Adobe Flash CS3/CS4 Professional\n\n Adobe Flash Player 9 version prior to 9.0.159.0\n\n Adobe Flash Player 10 version prior to 10.0.22.87\";\n\ntag_insight = \"- Error while processing multiple references to an unspecified object which\n can be exploited by tricking the user to accessing a malicious crafted SWF file.\n\n - Input validation error in the processing of SWF file.\n\n - Error while displaying the mouse pointer on Windows which may cause\n 'Clickjacking' attacks.\";\n\ntag_summary = \"This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800359);\n script_version(\"$Revision: 8210 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 11:26:31 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-10 11:59:23 +0100 (Tue, 10 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0522\");\n script_bugtraq_id(33890);\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34012\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:adobe:flash_player\";\nif(playerVer = get_app_version(cpe:CPE, nofork:TRUE))\n{\n # Check for Adobe Flash Player version prior to 9.0.159.0 or 10.0.22.87\n if(version_is_less(version:playerVer, test_version:\"9.0.159.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\",\n test_version2:\"10.0.22.86\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\nCPE = \"cpe:/a:adobe:adobe_air\";\nif(airVer = get_app_version(cpe:CPE))\n{\n # Check for Adobe Air version prior to 1.5.1\n if(version_is_less(version:airVer, test_version:\"1.5.1\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-14T10:55:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522", "CVE-2009-0521"], "description": "This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.", "modified": "2017-06-29T00:00:00", "published": "2009-03-10T00:00:00", "id": "OPENVAS:800360", "href": "http://plugins.openvas.org/nasl.php?oid=800360", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_mult_vuln_mar09_lin.nasl 6476 2017-06-29 07:32:00Z cfischer $\n#\n# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to version Adobe Flash Player 9.0.159.0 or 10.0.22.87\n http://get.adobe.com/flashplayer\n\n Update to version 1.5.1 for Adobe AIR\n http://get.adobe.com/air\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause remote code\n execution, compromise system privileges or may cause exposure of sensitive\n information.\n Impact Level: System/Application\";\ntag_affected = \"Adobe AIR version prior to 1.5.1\n Adobe Flash Player 9 version prior to 9.0.159.0\n Adobe Flash Player 10 version prior to 10.0.22.87\";\ntag_insight = \"- Error while processing multiple references to an unspecified object which\n can be exploited by tricking the user to access a malicious crafted\n SWF file.\n - Input validation error in the processing of SWF file.\n - Error while displaying the mouse pointer on Windows which may cause\n 'Clickjacking' attacks.\n - Error in the Linux Flash Player binaries which can cause disclosure of\n sensitive information.\";\ntag_summary = \"This host is installed with Adobe Products and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800360);\n script_version(\"$Revision: 6476 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-29 09:32:00 +0200 (Thu, 29 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-10 11:59:23 +0100 (Tue, 10 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\",\n \"CVE-2009-0521\", \"CVE-2009-0522\");\n script_bugtraq_id(33890);\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34012\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb09-01.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/Linux/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Check for Adobe Flash Player version < 9.0.159.0/10.0.22.87\nplayerVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(playerVer != NULL)\n{\n if(version_is_less(version:playerVer, test_version:\"9.0.159.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\",\n test_version2:\"10.0.22.86\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Check for Adobe Air version < 1.5.1\nairVer = get_kb_item(\"Adobe/Air/Linux/Ver\");\nif(airVer =~ \"^[0-9]\")\n{\n if(version_is_less(version:airVer, test_version:\"1.5.1\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:41:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "description": "Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0521).\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-02-26T17:08:48", "published": "2009-02-26T17:08:48", "id": "SUSE-SA:2009:011", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00004.html", "type": "suse", "title": "remote code execution in flash-player", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T14:03:08", "description": "Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).", "edition": 25, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : flash-player (flash-player-560)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2009-07-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_0_FLASH-PLAYER-090226.NASL", "href": "https://www.tenable.com/plugins/nessus/39962", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-560.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39962);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-560)\");\n script_summary(english:\"Check for the flash-player-560 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=476907\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"flash-player-9.0.159.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:33", "description": "An updated Adobe Flash Player package that fixes several security\nissues is now available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the\nvictim loaded a page containing the specially crafted SWF content.\n(CVE-2009-0520, CVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.159.0.", "edition": 24, "published": "2013-01-24T00:00:00", "title": "RHEL 3 / 4 : flash-plugin (RHSA-2009:0334)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522", "CVE-2009-0521"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2009-0334.NASL", "href": "https://www.tenable.com/plugins/nessus/63873", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0334. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63873);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\", \"CVE-2009-0522\");\n script_xref(name:\"RHSA\", value:\"2009:0334\");\n\n script_name(english:\"RHEL 3 / 4 : flash-plugin (RHSA-2009:0334)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes several security\nissues is now available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the\nvictim loaded a page containing the specially crafted SWF content.\n(CVE-2009-0520, CVE-2009-0519)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.159.0.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-0519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-0520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.adobe.com/support/security/bulletins/apsb09-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.adobe.com/products/flashplayer/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2009-0334.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"flash-plugin-9.0.159.0-1.el3.with.oss\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"flash-plugin-9.0.159.0-1.el4\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", sp:\"7\", cpu:\"i386\", reference:\"flash-plugin-9.0.159.0-1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:16", "description": "Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).", "edition": 25, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : flash-player (flash-player-560)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2009-07-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_1_FLASH-PLAYER-090225.NASL", "href": "https://www.tenable.com/plugins/nessus/40216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-560.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40216);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-560)\");\n script_summary(english:\"Check for the flash-player-560 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=476907\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"flash-player-10.0.22.87-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:54", "description": "Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).", "edition": 25, "published": "2009-02-27T00:00:00", "title": "openSUSE 10 Security Update : flash-player (flash-player-6022)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2009-02-27T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_FLASH-PLAYER-6022.NASL", "href": "https://www.tenable.com/plugins/nessus/35747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-6022.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35747);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"openSUSE 10 Security Update : flash-player (flash-player-6022)\");\n script_summary(english:\"Check for the flash-player-6022 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine (CVE-2009-0519, CVE-2009-0520, CVE-2009-0114,\nCVE-2009-0521).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"flash-player-9.0.159.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:10:31", "description": "Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine. (CVE-2009-0519 / CVE-2009-0520 /\nCVE-2009-0114 / CVE-2009-0521)", "edition": 25, "published": "2009-09-24T00:00:00", "title": "SuSE 11 Security Update : flash-player (SAT Patch Number 612)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2009-09-24T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:flash-player"], "id": "SUSE_11_FLASH-PLAYER-090316.NASL", "href": "https://www.tenable.com/plugins/nessus/41391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41391);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"SuSE 11 Security Update : flash-player (SAT Patch Number 612)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine. (CVE-2009-0519 / CVE-2009-0520 /\nCVE-2009-0114 / CVE-2009-0521)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=476907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0114.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0521.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 612.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"flash-player-10.0.22.87-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:32", "description": "An updated Adobe Flash Player package that fixes several security\nissues is now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the\nvictim loaded a page containing the specially crafted SWF content.\n(CVE-2009-0520, CVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH\n(runtime library search path) set in the ELF (Executable and Linking\nFormat) header. A local user with write access to the directory\npointed to by RPATH could use this flaw to execute arbitrary code with\nthe privileges of the user running Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.0.22.87.", "edition": 26, "published": "2013-01-24T00:00:00", "title": "RHEL 5 : flash-plugin (RHSA-2009:0332)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522", "CVE-2009-0521"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "p-cpe:/a:redhat:enterprise_linux:flash-plugin"], "id": "REDHAT-RHSA-2009-0332.NASL", "href": "https://www.tenable.com/plugins/nessus/63872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0332. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63872);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\", \"CVE-2009-0522\");\n script_bugtraq_id(33880, 33889, 33890);\n script_xref(name:\"RHSA\", value:\"2009:0332\");\n\n script_name(english:\"RHEL 5 : flash-plugin (RHSA-2009:0332)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes several security\nissues is now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nMultiple input validation flaws were found in the way Flash Player\ndisplayed certain SWF (Shockwave Flash) content. An attacker could use\nthese flaws to create a specially crafted SWF file that could cause\nflash-plugin to crash, or, possibly, execute arbitrary code when the\nvictim loaded a page containing the specially crafted SWF content.\n(CVE-2009-0520, CVE-2009-0519)\n\nIt was discovered that Adobe Flash Player had an insecure RPATH\n(runtime library search path) set in the ELF (Executable and Linking\nFormat) header. A local user with write access to the directory\npointed to by RPATH could use this flaw to execute arbitrary code with\nthe privileges of the user running Adobe Flash Player. (CVE-2009-0521)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.0.22.87.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0521\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb09-01.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb09-01.html\"\n );\n # http://www.adobe.com/products/flashplayer/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/products/flashplayer/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0332\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:0332\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-10.0.22.87-1.el5\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:54", "description": "Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine. (CVE-2009-0519 / CVE-2009-0520 /\nCVE-2009-0114 / CVE-2009-0521)", "edition": 25, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 6020)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0521"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FLASH-PLAYER-6020.NASL", "href": "https://www.tenable.com/plugins/nessus/51730", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51730);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 6020)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted swf files could cause a buffer overflow in\nflash-player. Attackers could potentially exploit that to execute code\non the victim's machine. (CVE-2009-0519 / CVE-2009-0520 /\nCVE-2009-0114 / CVE-2009-0521)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0114.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0519.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-0521.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6020.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 119, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"flash-player-9.0.159.0-0.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T02:46:20", "description": "The remote Windows host contains a version of Adobe Flash Player that \nis earlier than 9.0.159.0 / 10.0.22.87. Such versions are reportedly \naffected by multiple vulnerabilities : \n\n - A buffer overflow issue that could allow an attacker \n to execute arbitrary code with the privileges of the \n user running the application. (CVE-2009-0520) \n\n - An input validation vulnerability that leads to a denial \n of service attack and could possibly allow for an attacker \n to execute arbitrary code. (CVE-2009-0519) \n\n - A vulnerability in the Flash Player settings manager that \n could contribute to a clickjacking attack. (CVE-2009-0014) \n\n - A vulnerability with the mouse pointer display that could \n contribute to a clickjacking attack. (CVE-2009-0522)", "edition": 27, "published": "2009-02-26T00:00:00", "title": "Flash Player 9.0.159.0 / 10.0.22.87 Multiple Vulnerabilities (APSB09-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0014", "CVE-2009-0114", "CVE-2009-0520", "CVE-2009-0519", "CVE-2009-0522"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB09_01.NASL", "href": "https://www.tenable.com/plugins/nessus/35742", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35742);\n script_version(\"1.17\");\n\n script_cve_id(\n \"CVE-2009-0114\", \n \"CVE-2009-0519\", \n \"CVE-2009-0520\", \n \"CVE-2009-0522\"\n );\n script_bugtraq_id(33880, 33890);\n\n script_name(english:\"Flash Player 9.0.159.0 / 10.0.22.87 Multiple Vulnerabilities (APSB09-01)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote Windows host contains a browser plugin that is affected by \nmultiple vulnerabilities.\" );\n\n script_set_attribute( attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe Flash Player that \nis earlier than 9.0.159.0 / 10.0.22.87. Such versions are reportedly \naffected by multiple vulnerabilities : \n\n - A buffer overflow issue that could allow an attacker \n to execute arbitrary code with the privileges of the \n user running the application. (CVE-2009-0520) \n\n - An input validation vulnerability that leads to a denial \n of service attack and could possibly allow for an attacker \n to execute arbitrary code. (CVE-2009-0519) \n\n - A vulnerability in the Flash Player settings manager that \n could contribute to a clickjacking attack. (CVE-2009-0014) \n\n - A vulnerability with the mouse pointer display that could \n contribute to a clickjacking attack. (CVE-2009-0522)\" );\n\n # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=773\n script_set_attribute( attribute:\"see_also\", value:\n\"http://www.nessus.org/u?023bd92b\" );\n script_set_attribute( attribute:\"see_also\", value:\n\"http://www.adobe.com/support/security/bulletins/apsb09-01.html\" );\n\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 10.0.22.87 or later. If you are unable to \nupgrade to version 10, upgrade to version 9.0.159.0 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2009/02/24\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n exit(0);\n}\n\n#\n\nif (!get_kb_item(\"SMB/Flash_Player/installed\")) exit(0);\n\ninclude (\"global_settings.inc\");\n\n# Identify vulnerable versions.\ninfo=NULL;\n\nforeach variant (make_list(\"Plugin\", \"ActiveX\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if(!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n\n if (ver)\n {\n iver = split(ver, sep:'.',keep:FALSE);\n for(i=0;i<max_index(iver);i++)\n iver[i] = int(iver[i]);\n if (\n (\n iver[0] == 10 && iver[1] == 0 &&\n (\n iver[2] < 12 ||\n (iver[2] == 12 && iver[3] <= 36)\n )\n ) ||\n (iver[0] == 9 && iver[1] == 0 && iver[2] < 159) ||\n iver[0] < 9\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += ' - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n }\n else if (variant == \"ActiveX\")\n {\n info += ' - ActiveX control (for Internet Explorer) :\\n';\n }\n info += ' ' + file + ', ' + ver + '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n if (report_verbosity > 0)\n {\n # nb: each vulnerable instance adds 2 lines to 'info'.\n if (max_index(split(info)) > 2) s = \"s\";\n else s = \"\";\n\n report = string(\n \"\\n\",\n \"Nessus has identified the following vulnerable instance\", s, \" of Flash\\n\",\n \"Player installed on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:28", "description": "The remote host is affected by the vulnerability described in GLSA-200903-23\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player:\n The access scope of SystemsetClipboard() allows ActionScript\n programs to execute the method without user interaction\n (CVE-2008-3873).\n The access scope of FileReference.browse() and\n FileReference.download() allows ActionScript programs to execute the\n methods without user interaction (CVE-2008-4401).\n The Settings Manager controls can be disguised as normal graphical\n elements. This so-called 'clickjacking' vulnerability was disclosed by\n Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security,\n Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of\n TopsecTianRongXin (CVE-2008-4503).\n Adan Barth (UC Berkely) and Collin Jackson (Stanford University)\n discovered a flaw occurring when interpreting HTTP response headers\n (CVE-2008-4818).\n Nathan McFeters and Rob Carter of Ernst and Young's Advanced\n Security Center are credited for finding an unspecified vulnerability\n facilitating DNS rebinding attacks (CVE-2008-4819).\n When used in a Mozilla browser, Adobe Flash Player does not\n properly interpret jar: URLs, according to a report by Gregory\n Fleischer of pseudo-flaw.net (CVE-2008-4821).\n Alex 'kuza55' K. reported that Adobe Flash Player does not properly\n interpret policy files (CVE-2008-4822).\n The vendor credits Stefano Di Paola of Minded Security for\n reporting that an ActionScript attribute is not interpreted properly\n (CVE-2008-4823).\n Riley Hassell and Josh Zelonis of iSEC Partners reported multiple\n input validation errors (CVE-2008-4824).\n The aforementioned researchers also reported that ActionScript 2\n does not verify a member element's size when performing several known\n and other unspecified actions, that DefineConstantPool accepts an\n untrusted input value for a 'constant count' and that character\n elements are not validated when retrieved from a data structure,\n possibly resulting in a NULL pointer dereference (CVE-2008-5361,\n CVE-2008-5362, CVE-2008-5363).\n The vendor reported an unspecified arbitrary code execution\n vulnerability (CVE-2008-5499).\n Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the\n Settings Manager related to 'clickjacking' (CVE-2009-0114).\n The vendor credits Roee Hay from IBM Rational Application Security\n for reporting an input validation error when processing SWF files\n (CVE-2009-0519).\n Javier Vicente Vallejo reported via the iDefense VCP that Adobe\n Flash does not remove object references properly, leading to a freed\n memory dereference (CVE-2009-0520).\n Josh Bressers of Red Hat and Tavis Ormandy of the Google Security\n Team reported an untrusted search path vulnerability\n (CVE-2009-0521).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user or a Denial of Service (crash). Furthermore a\n remote attacker could gain access to sensitive information, disclose\n memory contents by enticing a user to open a specially crafted PDF file\n inside a Flash application, modify the victim's clipboard or render it\n temporarily unusable, persuade a user into uploading or downloading\n files, bypass security restrictions with the assistance of the user to\n gain access to camera and microphone, conduct Cross-Site Scripting and\n HTTP Header Splitting attacks, bypass the 'non-root domain policy' of\n Flash, and gain escalated privileges.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "published": "2009-03-11T00:00:00", "title": "GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5362", "CVE-2009-0114", "CVE-2008-5361", "CVE-2009-0520", "CVE-2008-4824", "CVE-2008-5499", "CVE-2008-3873", "CVE-2008-5363", "CVE-2008-4823", "CVE-2008-4822", "CVE-2008-4818", "CVE-2008-4819", "CVE-2009-0519", "CVE-2008-4401", "CVE-2008-4503", "CVE-2009-0521", "CVE-2008-4821"], "modified": "2009-03-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-200903-23.NASL", "href": "https://www.tenable.com/plugins/nessus/35904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-23.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35904);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-3873\", \"CVE-2008-4401\", \"CVE-2008-4503\", \"CVE-2008-4818\", \"CVE-2008-4819\", \"CVE-2008-4821\", \"CVE-2008-4822\", \"CVE-2008-4823\", \"CVE-2008-4824\", \"CVE-2008-5361\", \"CVE-2008-5362\", \"CVE-2008-5363\", \"CVE-2008-5499\", \"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_bugtraq_id(31117, 31537, 32896, 33880, 33889, 33890);\n script_xref(name:\"GLSA\", value:\"200903-23\");\n\n script_name(english:\"GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-23\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player:\n The access scope of SystemsetClipboard() allows ActionScript\n programs to execute the method without user interaction\n (CVE-2008-3873).\n The access scope of FileReference.browse() and\n FileReference.download() allows ActionScript programs to execute the\n methods without user interaction (CVE-2008-4401).\n The Settings Manager controls can be disguised as normal graphical\n elements. This so-called 'clickjacking' vulnerability was disclosed by\n Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security,\n Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of\n TopsecTianRongXin (CVE-2008-4503).\n Adan Barth (UC Berkely) and Collin Jackson (Stanford University)\n discovered a flaw occurring when interpreting HTTP response headers\n (CVE-2008-4818).\n Nathan McFeters and Rob Carter of Ernst and Young's Advanced\n Security Center are credited for finding an unspecified vulnerability\n facilitating DNS rebinding attacks (CVE-2008-4819).\n When used in a Mozilla browser, Adobe Flash Player does not\n properly interpret jar: URLs, according to a report by Gregory\n Fleischer of pseudo-flaw.net (CVE-2008-4821).\n Alex 'kuza55' K. reported that Adobe Flash Player does not properly\n interpret policy files (CVE-2008-4822).\n The vendor credits Stefano Di Paola of Minded Security for\n reporting that an ActionScript attribute is not interpreted properly\n (CVE-2008-4823).\n Riley Hassell and Josh Zelonis of iSEC Partners reported multiple\n input validation errors (CVE-2008-4824).\n The aforementioned researchers also reported that ActionScript 2\n does not verify a member element's size when performing several known\n and other unspecified actions, that DefineConstantPool accepts an\n untrusted input value for a 'constant count' and that character\n elements are not validated when retrieved from a data structure,\n possibly resulting in a NULL pointer dereference (CVE-2008-5361,\n CVE-2008-5362, CVE-2008-5363).\n The vendor reported an unspecified arbitrary code execution\n vulnerability (CVE-2008-5499).\n Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the\n Settings Manager related to 'clickjacking' (CVE-2009-0114).\n The vendor credits Roee Hay from IBM Rational Application Security\n for reporting an input validation error when processing SWF files\n (CVE-2009-0519).\n Javier Vicente Vallejo reported via the iDefense VCP that Adobe\n Flash does not remove object references properly, leading to a freed\n memory dereference (CVE-2009-0520).\n Josh Bressers of Red Hat and Tavis Ormandy of the Google Security\n Team reported an untrusted search path vulnerability\n (CVE-2009-0521).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user or a Denial of Service (crash). Furthermore a\n remote attacker could gain access to sensitive information, disclose\n memory contents by enticing a user to open a specially crafted PDF file\n inside a Flash application, modify the victim's clipboard or render it\n temporarily unusable, persuade a user into uploading or downloading\n files, bypass security restrictions with the assistance of the user to\n gain access to camera and microphone, conduct Cross-Site Scripting and\n HTTP Header Splitting attacks, bypass the 'non-root domain policy' of\n Flash, and gain escalated privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.0.22.87'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 79, 94, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 10.0.22.87\"), vulnerable:make_list(\"lt 10.0.22.87\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T03:41:13", "description": "The remote host is running a version of Mac OS X 10.4 that does not\nhave Security Update 2009-002 applied.\n\nThis security update contains fixes for the following products :\n\n - Apache\n - ATS\n - BIND\n - CoreGraphics\n - Cscope\n - CUPS\n - Disk Images\n - enscript\n - Flash Player plug-in\n - Help Viewer\n - IPSec\n - Kerberos\n - Launch Services\n - libxml\n - Net-SNMP\n - Network Time\n - OpenSSL\n - QuickDraw Manager\n - Spotlight\n - system_cmds\n - telnet\n - Terminal\n - X11", "edition": 27, "published": "2009-05-13T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2009-002)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3652", "CVE-2009-0010", "CVE-2009-0847", "CVE-2009-0946", "CVE-2009-0943", "CVE-2008-2939", "CVE-2009-0021", "CVE-2009-0164", "CVE-2009-0114", "CVE-2009-0846", "CVE-2009-0520", "CVE-2007-2754", "CVE-2004-1185", "CVE-2004-1184", "CVE-2009-0149", "CVE-2009-0148", "CVE-2008-5077", "CVE-2008-3529", "CVE-2009-0156", "CVE-2009-0159", "CVE-2009-0165", "CVE-2006-0747", "CVE-2009-0944", "CVE-2009-0147", "CVE-2008-3863", "CVE-2009-0519", "CVE-2009-0154", "CVE-2008-3651", "CVE-2009-0158", "CVE-2009-0145", "CVE-2008-4309", "CVE-2009-0942", "CVE-2009-0146", "CVE-2009-0160", "CVE-2009-0025", "CVE-2008-3790", "CVE-2004-1186"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2009-002.NASL", "href": "https://www.tenable.com/plugins/nessus/38743", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3004) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38743);\n script_version(\"1.24\");\n\n script_cve_id(\"CVE-2004-1184\", \"CVE-2004-1185\", \"CVE-2004-1186\", \"CVE-2006-0747\", \"CVE-2007-2754\",\n \"CVE-2008-2939\", \"CVE-2008-3529\", \"CVE-2008-3651\", \"CVE-2008-3652\", \"CVE-2008-3790\",\n \"CVE-2008-3863\", \"CVE-2008-4309\", \"CVE-2008-5077\", \"CVE-2009-0010\", \"CVE-2009-0021\",\n \"CVE-2009-0025\", \"CVE-2009-0114\", \"CVE-2009-0145\", \"CVE-2009-0146\", \"CVE-2009-0147\",\n \"CVE-2009-0148\", \"CVE-2009-0149\", \"CVE-2009-0154\", \"CVE-2009-0156\", \"CVE-2009-0158\",\n \"CVE-2009-0159\", \"CVE-2009-0160\", \"CVE-2009-0164\", \"CVE-2009-0165\", \"CVE-2009-0519\",\n \"CVE-2009-0520\", \"CVE-2009-0846\", \"CVE-2009-0847\", \"CVE-2009-0942\", \"CVE-2009-0943\",\n \"CVE-2009-0944\", \"CVE-2009-0946\");\n script_bugtraq_id(30087, 30657, 33890, 34408, 34409, 34481, 34550, 34568, 34665, 34805,\n 34932, 34937, 34938, 34939, 34941, 34942, 34947, 34948, 34950, 34952, 34962);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2009-002)\");\n script_summary(english:\"Check for the presence of Security Update 2009-002\");\n\n script_set_attribute( attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\" );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.4 that does not\nhave Security Update 2009-002 applied.\n\nThis security update contains fixes for the following products :\n\n - Apache\n - ATS\n - BIND\n - CoreGraphics\n - Cscope\n - CUPS\n - Disk Images\n - enscript\n - Flash Player plug-in\n - Help Viewer\n - IPSec\n - Kerberos\n - Launch Services\n - libxml\n - Net-SNMP\n - Network Time\n - OpenSSL\n - QuickDraw Manager\n - Spotlight\n - system_cmds\n - telnet\n - Terminal\n - X11\" );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3549\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/May/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2009-002 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 94, 119, 189, 200, 287, 399);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2009/05/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2009/05/12\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n#\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0);\n\nif (egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname))\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if (!packages) exit(0);\n\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2009-00[2-5]|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-03T17:50:40", "description": "Adobe Flash Player 9/10 Invalid Object Reference Remote Code Execution Vulnerability. CVE-2009-0520. Remote exploit for unix platform", "published": "2009-02-24T00:00:00", "type": "exploitdb", "title": "Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0520"], "modified": "2009-02-24T00:00:00", "id": "EDB-ID:32811", "href": "https://www.exploit-db.com/exploits/32811/", "sourceData": "source: http://www.securityfocus.com/bid/33880/info\r\n\r\nAdobe Flash Player is prone to a remote code-execution vulnerability.\r\n\r\nAn attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.\r\n\r\nVersions prior to Flash Player 10.0.12.36 are vulnerable. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32811.rar", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/32811/"}], "seebug": [{"lastseen": "2017-11-19T18:57:57", "description": "BUGTRAQ ID: 33880\r\nCVE(CAN) ID: CVE-2009-0520\r\n\r\nFlash Player\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684FLASH\u64ad\u653e\u5668\u3002\r\n\r\n\u5728\u5904\u7406Shockwave Flash\u6587\u4ef6\u65f6Flash Player\u4f1a\u8bd5\u56fe\u521b\u5efa\u7279\u5b9a\u7684\u5bf9\u8c61\u53ca\u591a\u4e2a\u6307\u5411\u8be5\u5bf9\u8c61\u7684\u5f15\u7528\uff0c\u4e4b\u540e\u4f1a\u91ca\u653e\u5bf9\u8c61\u5e76\u5220\u9664\u5173\u8054\u7684\u5f15\u7528\uff0c\u4f46\u5f15\u7528\u53ef\u80fd\u9519\u8bef\u7684\u4ecd\u4fdd\u6301\u6307\u5411\u5bf9\u8c61\u3002\u65e0\u6548\u7684\u5bf9\u8c61\u4f4d\u4e8e\u672a\u521d\u59cb\u5316\u7684\u5185\u5b58\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u63a7\u5236\u8be5\u5185\u5b58\u533a\u4ee5\u83b7\u5f97\u6267\u884c\u63a7\u5236\u6743\u3002\n\nAdobe Flash Player 10.x\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.adobe.com/go/getflashplayer target=_blank rel=external nofollow>http://www.adobe.com/go/getflashplayer</a>", "published": "2009-02-26T00:00:00", "title": "Adobe Flash Player\u65e0\u6548\u5bf9\u8c61\u5f15\u7528\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0520"], "modified": "2009-02-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4828", "id": "SSV:4828", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "securityvulns": [{"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-0520"], "description": "Invalid processing of virtual functions.", "edition": 1, "modified": "2009-02-25T00:00:00", "published": "2009-02-25T00:00:00", "id": "SECURITYVULNS:VULN:9689", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9689", "title": "Adobe Flash Player code execution", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2009-0520"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\niDefense Security Advisory 02.24.09\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nFeb 24, 2009\r\n\r\nI. BACKGROUND\r\n\r\nAdobe Flash Player is a very popular web browser plugin. It is available\r\nfor multiple web browsers and platforms, including Windows, Linux and\r\nMacOS. Flash Player enables web browsers to display rich multimedia\r\ncontent, such as online videos, and is often a requirement for popular\r\nwebsites.\r\n\r\nFor more information, see the vendor's site found at the following link.\r\n\r\nhttp://www.adobe.com/products/flashplayer\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a invalid object reference vulnerability in Adobe\r\nSystems Inc.'s Flash Player could allow an attacker to execute arbitrary\r\ncode with the privileges of the current user.\r\n\r\nDuring the processing of a Shockwave Flash file, a particular object can\r\nbe created, along with multiple references that point to the object. The\r\nobject can be destroyed and its associated references removed. However a\r\nreference can incorrectly remain pointing to the object. The invalid\r\nobject resides in uninitialized memory, which the attacker may control\r\nto gain arbitrary execution control.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability results in the execution of arbitrary\r\ncode with the privileges of the user viewing the web page. To exploit\r\nthis vulnerability, a targeted user must load a malicious Shockwave\r\nFlash file created by an attacker. An attacker typically accomplishes\r\nthis via social engineering or injecting content into a compromised,\r\ntrusted site.\r\n\r\nUtilizing various techniques, an attacker is able to re-allocate and\r\ncontrol the memory used by the destroyed object. This allows the\r\nattacker to subvert execution when a virtual function is called via the\r\ninvalid reference.\r\n\r\nIV. DETECTION\r\n\r\niDefense has confirmed the existence of this vulnerability in latest\r\nversion of Flash Player, version 9.0.124.0. Previous versions may also\r\nbe affected.\r\n\r\nExploitation of this vulnerability was tested on Windows XP SP3 and\r\nWindows Vista SP1. iDefense believe that all platforms supported by\r\nFlash Player are affected by this vulnerability, including Linux and\r\nMacOS.\r\n\r\nV. WORKAROUND\r\n\r\nA Internet Explorer plugin is available to temporarily block and unblock\r\nFlash content using a single click. Only trusted sites should be\r\nunblocked when using this plugin. More information is available at\r\nhttp://flash.melameth.com.\r\n\r\nA Firefox plugin is available to temporarily block and unblock Flash\r\ncontent using a single click. Only trusted sites should be unblocked\r\nwhen using this plugin. More information is available at:\r\nhttp://flashblock.mozdev.org.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nAdobe has released a patch which addresses this issue. For more\r\ninformation, consult their advisory (APSB09-01) at the following URL:\r\n\r\nhttp://www.adobe.com/support/flashplayer/\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2009-0520 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n08/25/2008 - Initial Contact\r\n09/22/2008 - PoC Requested\r\n11/05/2008 - PoC Sent\r\n11/06/2008 - Clarification requested\r\n12/05/2008 - Clarification Sent\r\n12/07/2008 - Additional Clarification Sent\r\n02/19/2009 - Draft bulletin received\r\n02/24/2009 - Coordinated Public Disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Javier Vicente Vallejo,\r\nhttp://www.vallejo.cc.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2009 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFJpD1jbjs6HoxIfBkRApISAJwPJQ+NVFVuunwT3xQ8oBwPOBIgKACfR6FI\r\nCDuo0gjNPYmFcp/qNk0zL/g=\r\n=3Cf1\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-02-25T00:00:00", "published": "2009-02-25T00:00:00", "id": "SECURITYVULNS:DOC:21381", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21381", "title": "iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2009-0150", "CVE-2009-0152", "CVE-2008-3652", "CVE-2008-3659", "CVE-2008-3655", "CVE-2008-2383", "CVE-2009-0010", "CVE-2009-0847", "CVE-2009-0946", "CVE-2009-0943", "CVE-2009-0844", "CVE-2008-2939", "CVE-2009-0021", "CVE-2009-0157", "CVE-2008-3530", "CVE-2009-0164", "CVE-2009-0114", "CVE-2008-2666", "CVE-2009-0162", "CVE-2009-0144", "CVE-2009-0846", "CVE-2009-0520", "CVE-2009-0040", "CVE-2007-2754", "CVE-2008-2371", "CVE-2008-3443", "CVE-2004-1185", "CVE-2004-1184", "CVE-2008-3658", "CVE-2009-0149", "CVE-2008-3660", "CVE-2009-0148", "CVE-2008-5077", "CVE-2008-3529", "CVE-2009-0156", "CVE-2009-0945", "CVE-2009-0159", "CVE-2009-0165", "CVE-2008-3657", "CVE-2006-0747", "CVE-2009-0944", "CVE-2008-2829", "CVE-2009-0147", "CVE-2008-3863", "CVE-2009-0519", "CVE-2009-0154", "CVE-2008-3651", "CVE-2009-0158", "CVE-2009-0145", "CVE-2008-4309", "CVE-2008-1382", "CVE-2009-0942", "CVE-2008-5557", "CVE-2009-0155", "CVE-2008-1517", "CVE-2009-0146", "CVE-2009-0160", "CVE-2008-0456", "CVE-2009-0025", "CVE-2008-3790", "CVE-2009-0161", "CVE-2009-0153", "CVE-2009-0845", "CVE-2004-1186", "CVE-2008-3656", "CVE-2008-2665"], "description": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7\r\n\r\n * Last Modified: May 12, 2009\r\n * Article: HT3549\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nProduct Security, Mac OS X 10.5\r\nSecurity Update 2009-002 / Mac OS X v10.5.7\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache's handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by applying the Apache patch for version 2.0.63. Further information is available via the Apache web site at http://httpd.apache.org/ Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache 2.2.9's handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by updating Apache to version 2.2.11. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-0456\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Web sites that allow users to control the name of a served file may be vulnerable to HTTP response injection\r\n\r\n Description: A request forgery issue exists in Apache. Apache does not escape filenames when negotiating the correct content type to send to a remote browser. A user who can publish files with specially crafted names to a web site can substitute their own response for any web page hosted on the system. This update addresses the issue by escaping filenames in content negotiation responses.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2009-0154\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n BIND\r\n\r\n CVE-ID: CVE-2009-0025\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: BIND is susceptible to a spoofing attack if configured to use DNSSEC\r\n\r\n Description: BIND incorrectly checks the return value of the OpenSSL DSA_do_verify function. On systems using the DNS Security Extensions (DNSSEC) protocol, a maliciously crafted DSA certificate could bypass the validation, which may lead to a spoofing attack. By default, DNSSEC is not enabled. This update addresses the issue by updating BIND to version 9.3.6-P1 on Mac OS X v10.4, and version 9.4.3-P1 for Mac OS X v10.5 systems. Further information is available via the ISC web site at https://www.isc.org/\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0144\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Applications that use CFNetwork may send secure cookies in unencrypted HTTP requests\r\n\r\n Description: An implementation issue exists in CFNetwork's parsing of Set-Cookie headers, which may result in certain cookies being unexpectedly sent over a non-encrypted connection. This issue affects non-RFC compliant Set-Cookie headers that are accepted for compatibility reasons. This may result in applications that use CFNetwork, such as Safari, sending sensitive information in unencrypted HTTP requests. This update addresses the issue through improved parsing of Set-Cookie headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Andrew Mortensen of the University of Michigan for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0157\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of overly long HTTP headers in CFNetwork. Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of HTTP headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Moritz Jodeit of n.runs AG for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0145\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds and error checking.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0155\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in CoreGraphics' handling of PDF files may result in a heap buffer overflow. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Barry K. Nathan for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple heap buffer overflows exist in CoreGraphics' handling of PDF files containing JBIG2 streams. Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Apple, Alin Rad Pop of Secunia Research, and Will Dormann of CERT/CC for reporting this issue.\r\n\r\n *\r\n\r\n Cscope\r\n\r\n CVE-ID: CVE-2009-0148\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted source file with Cscope may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Cscope's handling of long file system path names. Using Cscope to process a maliciously crafted source file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2009-0164\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted web site may lead to unauthorized access of the Web Interface of CUPS\r\n\r\n Description: Under certain circumstances, the Web Interface of CUPS 1.3.9 and earlier may be accessible to attackers through DNS rebinding attacks. In the default configuration, this may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs. This update addresses the issue by performing additional validation of the Host header. Credit: Apple.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0150\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Tiller Beauchamp of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0149\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n enscript\r\n\r\n CVE-ID: CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in enscript\r\n\r\n Description: enscript is updated to version 1.6.4 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the gnu web site at http://www.gnu.org/software/enscript/\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2009-0519, CVE-2009-0520, CVE-2009-0114\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.x systems to version 10.0.22.87, and to version 9.0.159.0 on Mac OS X v10.4.11 systems. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-01.html\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0942\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer loads Cascading Style Sheets referenced in URL parameters without validating that the referenced style sheets are located within a registered help book. A malicious "help:" URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of file system paths when loading stylesheets. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0943\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "help:" URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer does not validate that full paths to HTML documents are within registered help books. A malicious "help:" URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of "help:" URLs. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n iChat\r\n\r\n CVE-ID: CVE-2009-0152\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: iChat AIM communications configured for SSL may downgrade to plaintext\r\n\r\n Description: iChat supports Secure Sockets Layer (SSL) for AOL Instant Messenger and Jabber accounts. iChat automatically disables SSL for AOL Instant Messenger accounts when it is unable to connect, and sends subsequent communications in plain text until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic from an affected system may obtain the contents of AOL Instant Messenger conversations. This update addresses the issue by changing the behavior of iChat to always attempt to use SSL, and to use less secure channels only if the "Require SSL" preference is not enabled. This issue does not affect systems prior to Mac OS X v10.5, as they do not support SSL for iChat accounts.\r\n\r\n *\r\n\r\n International Components for Unicode\r\n\r\n CVE-ID: CVE-2009-0153\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Maliciously crafted content may bypass website filters and result in cross-site scripting\r\n\r\n Description: An implementation issue exists in ICU's handling of certain character encodings. Using ICU to convert invalid byte sequences to Unicode may result in over-consumption, where trailing bytes are considered part of the original character. This may be leveraged by an attacker to bypass filters on websites that attempt to mitigate cross-site scripting. This update addresses the issue through improved handling of invalid byte sequences. This issue does not affect systems prior to Mac OS X v10.5. Credit to Chris Weber of Casaba Security for reporting this issue.\r\n\r\n *\r\n\r\n IPSec\r\n\r\n CVE-ID: CVE-2008-3651, CVE-2008-3652\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service\r\n\r\n Description: Multiple memory leaks exist in the racoon daemon in ipsec-tools before 0.7.1, which may lead to a denial of service. This update addresses the issues through improved memory management.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0845\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: A null pointer dereference issue exists in the Kerberos SPNEGO support. Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue by adding a check for a null pointer. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0846, CVE-2009-0847\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in Kerberos' handling of ASN.1 encoded messages. Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0844\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: An out-of-bounds memory access exists in Kerberos. Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2008-1517\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A local user may obtain system privileges\r\n\r\n Description: An unchecked index issue exists in the kernel's handling of workqueues, which may lead to an unexpected system shutdown or arbitrary code execution with Kernel privileges. This update addresses the issue through improved index checking. Credit to an anonymous researcher working with Verisign iDefense VCP for reporting this issue.\r\n\r\n *\r\n\r\n Launch Services\r\n\r\n CVE-ID: CVE-2009-0156\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Mach-O executable may cause Finder to repeatedly terminate and relaunch\r\n\r\n Description: An out-of-bounds memory read access exists in Launch Services. Downloading a maliciously crafted Mach-O executable may cause the Finder to repeatedly terminate and relaunch. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n libxml\r\n\r\n CVE-ID: CVE-2008-3529\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n Net-SNMP\r\n\r\n CVE-ID: CVE-2008-4309\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote attacker may terminate the operation of the SNMP service\r\n\r\n Description: An integer overflow exists in the netsnmp_create_subtree_cache function. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. This update addresses the issue by applying the Net-SNMP patches on Mac OS X v10.4.11 systems, and by updating net_snmp to version 5.4.2.1 on Mac OS X v10.5.x systems. The SNMP service is not enabled by default on Mac OS X or Mac OS X Server.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0021\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Network Time is susceptible to a spoofing attack if NTP authentication is enabled\r\n\r\n Description: The ntpd daemon incorrectly checks the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this may allow a maliciously crafted signature to bypass the cryptographic signature validation, which may lead to a time spoofing attack. By default, NTP authentication is not enabled. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0159\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Using the ntpq command to request peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the ntpq program. When the ntpq program is used to request peer information from a remote time server, a maliciously crafted response may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2008-3530\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote user may be able to cause an unexpected system shutdown\r\n\r\n Description: When IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 "Packet Too Big" messages may cause an unexpected system shutdown. This update addresses the issue through improved handling of ICMPv6 messages.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2008-5077\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification\r\n\r\n Description: Several functions within the OpenSSL library incorrectly check the result value of the EVP_VerifyFinal function. A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification for DSA and ECDSA keys. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666, CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.6\r\n\r\n Description: PHP is updated to version 5.2.8 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0160\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickDraw's handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit: Apple.\r\n * QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0010\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in the handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Damian Put and Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Ruby 1.8.6\r\n\r\n Description: Multiple vulnerabilities exist in Ruby 1.8.6. This update addresses the issues by updating Ruby to version 1.8.6-p287. Further information is available via the Ruby web site at http://www.ruby-lang.org/en/security/\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2009-0161\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Ruby programs may accept revoked certificates\r\n\r\n Description: An incomplete error check exists in Ruby's use of the OpenSSL library. The OpenSSL::OCSP Ruby module may interpret an invalid response as an OCSP validation of the certificate. This update addresses the issue through improved error checking while verifying OCSP responses.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2009-0162\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution\r\n\r\n Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.\r\n\r\n *\r\n\r\n Spotlight\r\n\r\n CVE-ID: CVE-2009-0944\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the Mac OS X Microsoft Office Spotlight Importer. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Office files.\r\n\r\n *\r\n\r\n system_cmds\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: The "login" command always runs the default shell with normal priority\r\n\r\n Description: The "login" command starts an interactive shell after a local user is authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority. This update addresses the issue by respecting the priority setting of the calling process if the caller is the superuser or the user who was successfully logged in.\r\n\r\n *\r\n\r\n telnet\r\n\r\n CVE-ID: CVE-2009-0158\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in telnet command. Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2009-0945\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4.11 and Mac OS X Server v10.4.11, updating to Safari 3.2.3 will address this issue. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2006-0747, CVE-2007-2754\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.1.4\r\n\r\n Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by updating FreeType to version 2.3.8. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-2383\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution\r\n\r\n Description: The xterm program supports a command sequence known as DECRQSS that can be used to return information about the current terminal. The information returned is sent as terminal input similar to keyboard input by a user. Within an xterm terminal, displaying maliciously crafted data containing such sequences may result in command injection. This update addresses the issue by performing additional validation of the output data. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-1382, CVE-2009-0040\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.26\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.26, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating libpng to version 1.2.35. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html These issues do not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.3.8\r\n\r\n Description: Multiple integer overflows exist in FreeType v2.3.8, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit to Tavis Ormandy of the Google Security Team for reporting these issues.\r\n", "edition": 1, "modified": "2009-05-14T00:00:00", "published": "2009-05-14T00:00:00", "id": "SECURITYVULNS:DOC:21825", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21825", "title": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5362", "CVE-2009-0114", "CVE-2008-5361", "CVE-2009-0520", "CVE-2008-4824", "CVE-2008-5499", "CVE-2008-3873", "CVE-2008-5363", "CVE-2008-4823", "CVE-2008-4822", "CVE-2008-4818", "CVE-2008-4819", "CVE-2009-0519", "CVE-2008-4401", "CVE-2008-4503", "CVE-2009-0521", "CVE-2008-4821"], "edition": 1, "description": "### Background\n\nThe Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player: \n\n * The access scope of SystemsetClipboard() allows ActionScript programs to execute the method without user interaction (CVE-2008-3873).\n * The access scope of FileReference.browse() and FileReference.download() allows ActionScript programs to execute the methods without user interaction (CVE-2008-4401).\n * The Settings Manager controls can be disguised as normal graphical elements. This so-called \"clickjacking\" vulnerability was disclosed by Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin (CVE-2008-4503).\n * Adan Barth (UC Berkely) and Collin Jackson (Stanford University) discovered a flaw occurring when interpreting HTTP response headers (CVE-2008-4818).\n * Nathan McFeters and Rob Carter of Ernst and Young's Advanced Security Center are credited for finding an unspecified vulnerability facilitating DNS rebinding attacks (CVE-2008-4819).\n * When used in a Mozilla browser, Adobe Flash Player does not properly interpret jar: URLs, according to a report by Gregory Fleischer of pseudo-flaw.net (CVE-2008-4821).\n * Alex \"kuza55\" K. reported that Adobe Flash Player does not properly interpret policy files (CVE-2008-4822).\n * The vendor credits Stefano Di Paola of Minded Security for reporting that an ActionScript attribute is not interpreted properly (CVE-2008-4823).\n * Riley Hassell and Josh Zelonis of iSEC Partners reported multiple input validation errors (CVE-2008-4824).\n * The aforementioned researchers also reported that ActionScript 2 does not verify a member element's size when performing several known and other unspecified actions, that DefineConstantPool accepts an untrusted input value for a \"constant count\" and that character elements are not validated when retrieved from a data structure, possibly resulting in a null-pointer dereference (CVE-2008-5361, CVE-2008-5362, CVE-2008-5363).\n * The vendor reported an unspecified arbitrary code execution vulnerability (CVE-2008-5499).\n * Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the Settings Manager related to \"clickjacking\" (CVE-2009-0114).\n * The vendor credits Roee Hay from IBM Rational Application Security for reporting an input validation error when processing SWF files (CVE-2009-0519).\n * Javier Vicente Vallejo reported via the iDefense VCP that Adobe Flash does not remove object references properly, leading to a freed memory dereference (CVE-2009-0520).\n * Josh Bressers of Red Hat and Tavis Ormandy of the Google Security Team reported an untrusted search path vulnerability (CVE-2009-0521).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user or a Denial of Service (crash). Furthermore a remote attacker could gain access to sensitive information, disclose memory contents by enticing a user to open a specially crafted PDF file inside a Flash application, modify the victim's clipboard or render it temporarily unusable, persuade a user into uploading or downloading files, bypass security restrictions with the assistance of the user to gain access to camera and microphone, conduct Cross-Site Scripting and HTTP Header Splitting attacks, bypass the \"non-root domain policy\" of Flash, and gain escalated privileges. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-10.0.22.87\"", "modified": "2009-05-28T00:00:00", "published": "2009-03-10T00:00:00", "id": "GLSA-200903-23", "href": "https://security.gentoo.org/glsa/200903-23", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
