Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2015 Greenbone AGOPENVAS:1361412562310805621
HistoryMay 15, 2015 - 12:00 a.m.

Adobe Air Multiple Vulnerabilities - 01 (May 2015) - Mac OS X

2015-05-1500:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
9

6.5 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

Adobe Air is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:adobe:adobe_air";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.805621");
  script_version("2024-02-09T05:06:25+0000");
  script_cve_id("CVE-2015-3077", "CVE-2015-3078", "CVE-2015-3079", "CVE-2015-3080",
                "CVE-2015-3081", "CVE-2015-3082", "CVE-2015-3083", "CVE-2015-3084",
                "CVE-2015-3085", "CVE-2015-3086", "CVE-2015-3087", "CVE-2015-3088",
                "CVE-2015-3089", "CVE-2015-3090", "CVE-2015-3091", "CVE-2015-3092",
                "CVE-2015-3093");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
  script_tag(name:"creation_date", value:"2015-05-15 14:07:44 +0530 (Fri, 15 May 2015)");
  script_tag(name:"qod_type", value:"registry");
  script_name("Adobe Air Multiple Vulnerabilities - 01 (May 2015) - Mac OS X");

  script_tag(name:"summary", value:"Adobe Air is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to:

  - Improper validation of user supplied input.

  - A flaw in the Broker that is due to the BrokerCreateFile method not properly
    sanitizing user input.

  - An integer overflow condition that is triggered as user-supplied input is
    not properly validated.

  - An overflow condition that is triggered as user-supplied input is not
    properly validated.

  - Multiple unspecified memory disclosure flaws in Adobe Flash Player.

  - Multiple unspecified type confusion flaws in Adobe Flash Player.

  - Multiple unspecified flaws in Adobe Flash Player.

  - A use-after-free error Adobe Flash Player.

  - An unspecified TOCTOU flaw in Adobe Flash Player.");

  script_tag(name:"impact", value:"Successful exploitation will allow a
  context-dependent attacker to corrupt memory and potentially execute arbitrary
  code, bypass security restrictions and gain access to sensitive information,
  bypass protected mode, bypass validation mechanisms and write arbitrary data,
  bypass the sandbox when chained with another vulnerability, bypass ASLR
  protection mechanisms.");

  script_tag(name:"affected", value:"Adobe Air versions before 17.0.0.172 on
  Mac OS X.");

  script_tag(name:"solution", value:"Upgrade to Adobe Air version 17.0.0.172
  or later.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"URL", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74614");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74605");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74612");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74608");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74613");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74610");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74616");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74609");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74617");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_adobe_prdts_detect_macosx.nasl");
  script_mandatory_keys("Adobe/Air/MacOSX/Version");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!vers = get_app_version(cpe:CPE))
  exit(0);

if(version_is_less(version:vers, test_version:"17.0.0.172"))
{
  report = 'Installed version: ' + vers + '\n' +
           'Fixed version:     ' + "17.0.0.172" + '\n';
  security_message(data:report);
  exit(0);
}

Related

openvas 7
redhat 1
nessus 16
gentoo 1
altlinux 2
mageia 1
suse 3
securityvulns 1
freebsd 1
kaspersky 2
cve 17
ubuntucve 17
cvelist 17
prion 17
checkpoint_advisories 16
zdt 7
zdi 1
googleprojectzero 2
packetstorm 1
metasploit 1
exploitdb 1
hackerone 1
threatpost 1
openvas
openvas
Adobe Air Multiple Vulnerabilities - 01 (May 2015) - Windows
2015-05-15 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 (May 2015) - Mac OS X
2015-05-15 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 (May 2015) - Linux
2015-05-15 00:00:00
redhat
redhat
(RHSA-2015:1005) Critical: flash-plugin security update
2015-05-13 00:00:00
nessus
nessus
RHEL 5 / 6 : flash-plugin (RHSA-2015:1005)
2015-05-13 00:00:00
Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)
2015-06-12 00:00:00
openSUSE Security Update : flash-player (openSUSE-2015-372)
2015-05-20 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-05-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt44
2015-05-15 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt44
2015-05-15 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2015-05-12 22:37:48
suse
suse
Security update for flash-player (important)
2015-05-16 00:05:04
Security update for flash-player (important)
2015-05-19 17:04:53
Security update for flash-player (important)
2015-05-14 20:04:55
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2015-05-13 00:00:00
freebsd
freebsd
Adobe Flash Player -- critical vulnerabilities
2015-05-12 00:00:00
kaspersky
kaspersky
KLA10576 Flash Player update for Google Chrome
2015-05-12 00:00:00
KLA10574 Multiple vulnerabilities in Adobe Flash Player
2015-05-12 00:00:00
cve
cve
CVE-2015-3090
2015-05-13 11:00:00
CVE-2015-3078
2015-05-13 11:00:00
CVE-2015-3093
2015-05-13 11:00:00
ubuntucve
ubuntucve
CVE-2015-3078
2015-05-13 00:00:00
CVE-2015-3089
2015-05-13 00:00:00
CVE-2015-3093
2015-05-13 00:00:00
cvelist
cvelist
CVE-2015-3078
2015-05-13 10:00:00
CVE-2015-3090
2015-05-13 10:00:00
CVE-2015-3089
2015-05-13 10:00:00
prion
prion
Memory corruption
2015-05-13 11:00:00
Memory corruption
2015-05-13 11:00:00
Memory corruption
2015-05-13 11:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Validation Bypass (APSB15-09: CVE-2015-3085; CVE-2015-3082)
2015-06-02 00:00:00
Adobe Flash Player Memory Leak (APSB15-09: CVE-2015-3091)
2015-06-09 00:00:00
Adobe Flash Player Memory Corruption (APSB15-09: CVE-2015-3093)
2015-06-07 00:00:00
zdt
zdt
Flash Player Integer Overflow in Function.apply Exploit
2015-08-19 00:00:00
Flash AVSS.setSubscribedTags Use After Free Memory Corruption Exploit
2015-08-19 00:00:00
Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash Exploit
2015-08-19 00:00:00
zdi
zdi
(Pwn2Own) Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability
2015-05-12 00:00:00
googleprojectzero
googleprojectzero
One Perfect Bug: Exploiting Type Confusion in Flash
2015-07-20 00:00:00
Attacking ECMAScript Engines with Redefinition
2015-08-17 00:00:00
packetstorm
packetstorm
Adobe Flash Player ShaderJob Buffer Overflow
2015-06-19 00:00:00
metasploit
metasploit
Adobe Flash Player ShaderJob Buffer Overflow
2015-06-18 17:36:14
exploitdb
exploitdb
Adobe Flash Player - ShaderJob Buffer Overflow (Metasploit)
2015-06-24 00:00:00
hackerone
hackerone
Internet Bug Bounty: Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079)
2015-06-30 14:33:56
threatpost
threatpost
Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0
2015-05-28 13:57:47

6.5 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON
Related for OPENVAS:1361412562310805621
openvas7redhat1nessus16gentoo1altlinux2mageia1suse3securityvulns1freebsd1kaspersky2cve17ubuntucve17cvelist17prion17checkpoint_advisories16zdt7zdi1googleprojectzero2packetstorm1metasploit1exploitdb1hackerone1threatpost1