Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2014 Greenbone AGOPENVAS:1361412562310804793
HistoryNov 14, 2014 - 12:00 a.m.

Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Windows

2014-11-1400:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
16

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

Adobe Flash Player is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

CPE = "cpe:/a:adobe:flash_player";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.804793");
  script_version("2024-02-09T14:47:30+0000");
  script_cve_id("CVE-2014-0573", "CVE-2014-0574", "CVE-2014-0576", "CVE-2014-0577",
                "CVE-2014-0581", "CVE-2014-0582", "CVE-2014-0583", "CVE-2014-0584",
                "CVE-2014-0585", "CVE-2014-0586", "CVE-2014-0588", "CVE-2014-0589",
                "CVE-2014-0590", "CVE-2014-8437", "CVE-2014-8438", "CVE-2014-8440",
                "CVE-2014-8441", "CVE-2014-8442");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 14:47:30 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"creation_date", value:"2014-11-14 11:33:04 +0530 (Fri, 14 Nov 2014)");
  script_name("Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Windows");

  script_tag(name:"summary", value:"Adobe Flash Player is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws are due to:

  - An use-after-free error.

  - A double free error.

  - Multiple type confusion errors.

  - An error related to a permission issue.

  - Multiple unspecified errors.");

  script_tag(name:"impact", value:"Successful exploitation will allow attackers
  to disclose potentially sensitive information, bypass certain security
  restrictions, and compromise a user's system.");

  script_tag(name:"affected", value:"Adobe Flash Player version before
  13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows");

  script_tag(name:"solution", value:"Upgrade to Adobe Flash Player version
  13.0.0.252 or 15.0.0.223 or later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");

  script_xref(name:"URL", value:"http://secunia.com/advisories/59978");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71033");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71035");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71036");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71037");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71038");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71039");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71040");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71041");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71042");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71043");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71044");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71045");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71046");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71047");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71048");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71049");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71050");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/71051");
  script_xref(name:"URL", value:"http://helpx.adobe.com/security/products/flash-player/apsb14-24.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2014 Greenbone AG");
  script_family("General");
  script_dependencies("gb_adobe_flash_player_detect_win.nasl");
  script_mandatory_keys("AdobeFlashPlayer/Win/Installed");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!playerVer = get_app_version(cpe:CPE)){
  exit(0);
}

if(version_is_less(version:playerVer, test_version:"13.0.0.252") ||
   version_in_range(version:playerVer, test_version:"14.0.0", test_version2:"15.0.0.222"))
{
  security_message( port: 0, data: "The target host was found to be vulnerable" );
  exit(0);
}

Related

nessus 19
suse 4
openvas 8
archlinux 1
mageia 1
redhat 1
gentoo 1
cve 18
nvd 18
cvelist 18
ubuntucve 18
prion 18
hackerone 2
symantec 3
checkpoint_advisories 15
zdt 1
threatpost 6
metasploit 1
packetstorm 1
exploitdb 1
thn 1
freebsd 1
chrome 1
nessus
nessus
SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958)
2014-11-18 00:00:00
RHEL 5 / 6 : flash-plugin (RHSA-2014:1852)
2014-11-13 00:00:00
openSUSE Security Update : flash-player (openSUSE-SU-2014:1444-1)
2014-11-19 00:00:00
suse
suse
Security update for flash-player (important)
2014-11-18 01:05:27
Security update for flash-player (important)
2014-11-18 12:04:40
Security update for Adobe Flash Player (important)
2015-04-16 13:04:48
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Mac OS X
2014-11-14 00:00:00
Adobe Flash Player Multiple Vulnerabilities (APSB14-24) - Linux
2014-11-14 00:00:00
Adobe AIR Multiple Vulnerabilities (APSB14-24) - Windows
2014-11-14 00:00:00
archlinux
archlinux
flashplugin: remote code execution
2014-11-13 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix multiple security vulnerabilities
2014-11-14 04:27:45
redhat
redhat
(RHSA-2014:1852) Critical: flash-plugin security update
2014-11-13 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-11-21 00:00:00
cve
cve
CVE-2014-0586
2014-11-11 23:55:02
CVE-2014-0585
2014-11-11 23:55:02
CVE-2014-0584
2014-11-11 23:55:02
nvd
nvd
CVE-2014-0577
2014-11-11 23:55:02
CVE-2014-0584
2014-11-11 23:55:02
CVE-2014-0590
2014-11-11 23:55:02
cvelist
cvelist
CVE-2014-0585
2014-11-11 23:00:00
CVE-2014-0590
2014-11-11 23:00:00
CVE-2014-0586
2014-11-11 23:00:00
ubuntucve
ubuntucve
CVE-2014-0590
2014-11-11 00:00:00
CVE-2014-0577
2014-11-11 00:00:00
CVE-2014-0586
2014-11-11 00:00:00
prion
prion
Type confusion
2014-11-11 23:55:00
Type confusion
2014-11-11 23:55:00
Type confusion
2014-11-11 23:55:00
hackerone
hackerone
Internet Bug Bounty: Adobe Flash Player MP4 Use-After-Free Vulnerability
2014-11-17 06:20:07
Internet Bug Bounty: Race condition in Flash workers may cause an exploitabl​e double free
2014-11-24 08:10:24
symantec
symantec
Adobe Flash Player and AIR CVE-2014-8440 Unspecified Memory Corruption Vulnerability
2014-11-11 00:00:00
Adobe Flash Player and AIR CVE-2014-0588 Use After Free Remote Code Execution Vulnerability
2014-11-11 00:00:00
Adobe Flash Player and AIR CVE-2014-0577 Type Confusion Remote Code Execution Vulnerability
2014-11-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Use After Free Code Execution (APSB14-24: CVE-2014-8438)
2015-01-25 00:00:00
Adobe Flash Player Memory Corruption (APSB14-24: CVE-2014-8440)
2014-12-10 00:00:00
Adobe Flash Player Use After Free Code Execution (APSB14-24: CVE-2014-0588)
2014-12-10 00:00:00
zdt
zdt
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory Exploit
2015-05-01 00:00:00
threatpost
threatpost
Exploit for Flash Zero Day Appears in Angler Exploit Kit
2015-01-21 11:53:31
Drupal Denial of Service Session Hijacking Patch
2014-11-20 10:03:05
Angler Exploit Kit Adds New Flash Exploit
2014-11-20 08:02:52
metasploit
metasploit
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
2015-04-29 22:52:04
packetstorm
packetstorm
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
2015-05-01 00:00:00
exploitdb
exploitdb
Adobe Flash Player - UncompressViaZlibVariant Uninitialized Memory (Metasploit)
2015-05-01 00:00:00
thn
thn
Adobe Releases Emergency Flash Player Update to Address Critical Vulnerability
2014-11-25 21:27:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-11-18 00:00:00
chrome
chrome
Stable Channel Update
2014-11-18 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON
Related for OPENVAS:1361412562310804793
nessus19suse4openvas8archlinux1mageia1redhat1gentoo1cve18nvd18cvelist18ubuntucve18prion18hackerone2symantec3checkpoint_advisories15zdt1threatpost6metasploit1packetstorm1exploitdb1thn1freebsd1chrome1