DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310812716", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-01)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "published": "2018-01-10T00:00:00", "modified": "2019-10-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812716", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"], "cvelist": ["CVE-2018-4871"], "lastseen": "2019-10-24T21:13:33", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB18-01"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0016"]}, {"type": "cve", "idList": ["CVE-2018-4871"]}, {"type": "freebsd", "idList": ["9C016563-F582-11E7-B33C-6451062F0F7A"]}, {"type": "gentoo", "idList": ["GLSA-201803-08"]}, {"type": "kaspersky", "idList": ["KLA11171"]}, {"type": "mscve", "idList": ["MS:ADV180001"]}, {"type": "nessus", "idList": ["700429.PRM", "FLASH_PLAYER_APSB18-01.NASL", "FREEBSD_PKG_9C016563F58211E7B33C6451062F0F7A.NASL", "GENTOO_GLSA-201803-08.NASL", "MACOSX_FLASH_PLAYER_APSB18-01.NASL", "REDHAT-RHSA-2018-0081.NASL", "SMB_NT_MS18_JAN_4056887.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812717", "OPENVAS:1361412562310812718", "OPENVAS:1361412562310812719", "OPENVAS:1361412562310812720", "OPENVAS:1361412562310812721", "OPENVAS:1361412562310812722"]}, {"type": "redhat", "idList": ["RHSA-2018:0081"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-4871"]}, {"type": "thn", "idList": ["THN:ED087560040A02BCB1F68DE406A7F577"]}, {"type": "threatpost", "idList": ["THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034"]}, {"type": "zdi", "idList": ["ZDI-18-124"]}], "rev": 4}, "score": {"value": 6.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB18-01"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0016"]}, {"type": "cve", "idList": ["CVE-2018-4871"]}, {"type": "freebsd", "idList": ["9C016563-F582-11E7-B33C-6451062F0F7A"]}, {"type": "gentoo", "idList": ["GLSA-201803-08"]}, {"type": "kaspersky", "idList": ["KLA11171"]}, {"type": "mscve", "idList": ["MS:ADV180001"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-01.NASL", "FREEBSD_PKG_9C016563F58211E7B33C6451062F0F7A.NASL", "GENTOO_GLSA-201803-08.NASL", "REDHAT-RHSA-2018-0081.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812717", "OPENVAS:1361412562310812718", "OPENVAS:1361412562310812719", "OPENVAS:1361412562310812720", "OPENVAS:1361412562310812721", "OPENVAS:1361412562310812722"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-4871"]}, {"type": "thn", "idList": ["THN:ED087560040A02BCB1F68DE406A7F577"]}, {"type": "threatpost", "idList": ["THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034"]}, {"type": "zdi", "idList": ["ZDI-18-124"]}]}, "exploitation": null, "vulnersScore": 6.7}, "pluginID": "1361412562310812716", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-01)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812716\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:07:31 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-01)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 28.0.0.137 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.137 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645485642}}

{"openvas": [{"lastseen": "2019-10-24T21:15:01", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812720", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812720\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:20:07 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 28.0.0.137\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 28.0.0.137, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:43", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812721", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812721\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:22:31 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 28.0.0.137\n within Google Chrome on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 28.0.0.137, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-19T19:25:18", "description": "This host is missing a critical security\n update according to Microsoft KB4056887.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Flash Player Security Update (KB4056887)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2020-06-17T00:00:00", "id": "OPENVAS:1361412562310812722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812722", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Security Update (KB4056887)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812722\");\n script_version(\"2020-06-17T13:37:18+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-17 13:37:18 +0000 (Wed, 17 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:35:52 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Security Update (KB4056887)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4056887.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exist due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1511 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1607 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1703 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1709 for x32/x64 Edition\n\n - Microsoft Windows 10 x32/x64 Edition\n\n - Microsoft Windows 8.1 for x32/x64 Edition\n\n - Microsoft Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/4056887\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path = path + \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 28.0.0.137\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:29", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-01)-Mac OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812718", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-01)-Mac OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812718\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:13:18 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-01)-Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 28.0.0.137 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.137 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:20", "description": "This host is installed with Adobe Flash Player\n and is prone to information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812719", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812719", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812719\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:17:07 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-01)- Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exist due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 28.0.0.137\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 28.0.0.137, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-24T21:13:59", "description": "This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.", "cvss3": {}, "published": "2018-01-10T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-01)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310812717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812717", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-01)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812717\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 15:11:38 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-01)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to an out-of-bounds\n read error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will lead to information exposure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 28.0.0.137 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 28.0.0.137 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"28.0.0.137\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"28.0.0.137\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2022-04-12T16:24:03", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 28.0.0.126. It is, therefore, affected by a an out-of-bounds read vulnerability.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "Adobe Flash Player <= 28.0.0.126 (APSB18-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB18-01.NASL", "href": "https://www.tenable.com/plugins/nessus/105691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105691);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n\n script_name(english:\"Adobe Flash Player <= 28.0.0.126 (APSB18-01)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by an out-of-bounds read vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 28.0.0.126. It is,\ntherefore, affected by a an out-of-bounds read vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 28.0.0.137 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 28.0.0.126\n if (ver_compare(ver:ver,fix:\"28.0.0.126\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"28.0.0.137\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"28.0.0.137\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 28.0.0.137\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 28.0.0.137 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:info);\n\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-30T01:47:17", "description": "The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 28.0.0.126. It is, therefore, affected by a an out-of-bounds read vulnerability.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "Adobe Flash Player for Mac <= 28.0.0.126 (APSB18-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB18-01.NASL", "href": "https://www.tenable.com/plugins/nessus/105692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105692);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n\n script_name(english:\"Adobe Flash Player for Mac <= 28.0.0.126 (APSB18-01)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OSX host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote macOS or Mac\nOS X host is equal or prior to version 28.0.0.126. It is,\ntherefore, affected by a an out-of-bounds read vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 28.0.0.137 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\ncutoff_version = \"28.0.0.126\";\nfix = \"28.0.0.137\";\n# We're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-30T01:48:13", "description": "Adobe reports :\n\n- This update resolves an out-of-bounds read vulnerability that could lead to information disclosure (CVE-2018-4871).", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "FreeBSD : Flash Player -- information disclosure (9c016563-f582-11e7-b33c-6451062f0f7a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_9C016563F58211E7B33C6451062F0F7A.NASL", "href": "https://www.tenable.com/plugins/nessus/105712", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105712);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/11/10 11:49:47\");\n\n script_cve_id(\"CVE-2018-4871\");\n\n script_name(english:\"FreeBSD : Flash Player -- information disclosure (9c016563-f582-11e7-b33c-6451062f0f7a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\n- This update resolves an out-of-bounds read vulnerability that could\nlead to information disclosure (CVE-2018-4871).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\"\n );\n # https://vuxml.freebsd.org/freebsd/9c016563-f582-11e7-b33c-6451062f0f7a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da36d8ea\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplayer<28.0.0.137\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:27:41", "description": "Versions of Adobe Flash Player prior to 28.0.0.137 are unpatched, and therefore affected by an out-of-bounds read vulnerability.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "published": "2019-03-20T00:00:00", "type": "nessus", "title": "Flash Player < 28.0.0.137 Information Disclosure (APSB18-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-04-09T00:00:00", "cpe": ["cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"], "id": "700429.PRM", "href": "https://www.tenable.com/plugins/nnm/700429", "sourceData": "Binary data 700429.prm", "cvss": {"score": 7.1, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-09-30T01:48:13", "description": "The remote Windows host is missing security update KB4056887. It is, therefore, affected by a an out-of-bounds read vulnerability.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "KB4056887: Security update for Adobe Flash Player (January 2018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS18_JAN_4056887.NASL", "href": "https://www.tenable.com/plugins/nessus/105693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105693);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-4871\");\n script_bugtraq_id(102465);\n script_xref(name:\"MSKB\", value:\"4056887\");\n script_xref(name:\"MSFT\", value:\"MS17-4056887\");\n\n script_name(english:\"KB4056887: Security update for Adobe Flash Player (January 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4056887. It is,\ntherefore, affected by a an out-of-bounds read vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\");\n # https://support.microsoft.com/en-us/help/4056887/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d0e603fd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4056887 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4871\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-01\";\nkbs = make_list('4056887');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 28.0.0.126\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"28.0.0.126\", strict:FALSE) <= 0)\n fix = \"28.0.0.137\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-01', kb:'4056887', report);\n security_report_v4(severity:SECURITY_WARNING, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-30T01:47:35", "description": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-01-11T00:00:00", "type": "nessus", "title": "RHEL 6 : flash-plugin (RHSA-2018:0081)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-11305", "CVE-2018-4871"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0081.NASL", "href": "https://www.tenable.com/plugins/nessus/105743", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0081. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105743);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-11305\", \"CVE-2018-4871\");\n script_xref(name:\"RHSA\", value:\"2018:0081\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2018:0081)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletins listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to disclose\nsensitive information or modify its settings when the victim loaded a\npage containing the malicious SWF content. (CVE-2017-11305,\nCVE-2018-4871)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-11305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4871\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0081\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-28.0.0.137-1.el6_9\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-03-27T15:37:01", "description": "The remote host is affected by the vulnerability described in GLSA-201803-08 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-19T00:00:00", "type": "nessus", "title": "GLSA-201803-08 : Adobe Flash Player: Multiple vulnerabilities (Underminer)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4871", "CVE-2018-4877", "CVE-2018-4878", "CVE-2018-4919", "CVE-2018-4920"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201803-08.NASL", "href": "https://www.tenable.com/plugins/nessus/108434", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-08.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108434);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2018-4871\", \"CVE-2018-4877\", \"CVE-2018-4878\", \"CVE-2018-4919\", \"CVE-2018-4920\");\n script_xref(name:\"GLSA\", value:\"201803-08\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"GLSA-201803-08 : Adobe Flash Player: Multiple vulnerabilities (Underminer)\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-08\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-29.0.0.113'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 29.0.0.113\"), vulnerable:make_list(\"lt 29.0.0.113\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Adobe Flash Player 28.0.0.137 addresses an important out-of-bounds read vulnerability that could lead to information exposure (CVE-2018-4871). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-12T19:49:32", "type": "mageia", "title": "Updated flash-player-plugin package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-12T19:49:32", "id": "MGASA-2018-0072", "href": "https://advisories.mageia.org/MGASA-2018-0072.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2022-06-08T05:20:28", "description": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T20:20:03", "type": "redhatcve", "title": "CVE-2018-4871", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2022-06-08T04:20:35", "id": "RH:CVE-2018-4871", "href": "https://access.redhat.com/security/cve/cve-2018-4871", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nAdobe reports:\n\n\nThis update resolves an out-of-bounds read vulnerability that\n\t could lead to information disclosure (CVE-2018-4871).\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "freebsd", "title": "Flash Player -- information disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-09T00:00:00", "id": "9C016563-F582-11E7-B33C-6451062F0F7A", "href": "https://vuxml.freebsd.org/freebsd/9c016563-f582-11e7-b33c-6451062f0f7a.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "mscve": [{"lastseen": "2021-12-06T18:25:20", "description": "This security update addresses the following vulnerability, which is described in Adobe Security Bulletin [APSB18-01](<http://helpx.adobe.com/security/products/flash-player/apsb18-01.html>): CVE-2018-4871.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-09T08:00:00", "type": "mscve", "title": "January 2018 Adobe Flash Security Update", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-09T08:00:00", "id": "MS:ADV180001", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV180001", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:31:11", "description": "A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Out-of-bounds Read (APSB18-01: CVE-2018-4871)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-09T00:00:00", "id": "CPAI-2018-0016", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "adobe": [{"lastseen": "2021-09-30T17:39:46", "description": "Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address an [important]() out-of-bounds read vulnerability that could lead to information exposure. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-09T00:00:00", "type": "adobe", "title": "APSB18-01 Security updates available for Adobe Flash Player", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-09T00:00:00", "id": "APSB18-01", "href": "https://helpx.adobe.com/security/products/flash-player/apsb18-01.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T17:37:06", "description": "An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-09T21:29:00", "type": "cve", "title": "CVE-2018-4871", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2021-09-08T17:21:00", "cpe": ["cpe:/a:adobe:flash_player:28.0.0.126", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0"], "id": "CVE-2018-4871", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4871", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:28.0.0.126:*:*:*:*:internet_explorer_11:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.126:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.126:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:28.0.0.126:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2022-01-31T21:54:57", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ATF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-18T00:00:00", "type": "zdi", "title": "Adobe Flash ATF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2018-01-18T00:00:00", "id": "ZDI-18-124", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-124/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "kaspersky": [{"lastseen": "2021-08-18T11:15:22", "description": "### *Detect date*:\n01/09/2017\n\n### *Severity*:\nWarning\n\n### *Description*:\nOut-of-bounds read vulnerability in Adobe Flash Player can be exploited locally to obtain sensitive information.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 28.0.0.137\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Flash Player](<https://get.adobe.com/ru/flashplayer/>)\n\n### *Original advisories*:\n[APSB18-01](<https://helpx.adobe.com/security/products/flash-player/apsb18-01.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2018-4871](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4871>)5.0Critical\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-09T00:00:00", "type": "kaspersky", "title": "KLA11171 OSI vulnerability in Adobe Flash Player", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871"], "modified": "2020-06-18T00:00:00", "id": "KLA11171", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11171/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2022-04-18T19:30:33", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.137.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-10T20:44:27", "type": "redhat", "title": "(RHSA-2018:0081) Important: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11305", "CVE-2018-4871"], "modified": "2018-06-07T14:21:41", "id": "RHSA-2018:0081", "href": "https://access.redhat.com/errata/RHSA-2018:0081", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "threatpost": [{"lastseen": "2019-03-14T05:46:49", "description": "The South Korean Computer Emergency Response Team issued a warning Wednesday of a new Adobe Flash Player zero-day spotted in the wild. The security bulletin warns that the attacks are focused on South Koreans and involve malicious Microsoft Word documents.\n\nAccording to the South Korean Computer Emergency Response Team (KR-CERT), the zero-day is believed to be a Flash SWF file embedded in MS Word documents. Impacted is Adobe\u2019s most recent Flash Player 28.0.0.137 and earlier.\n\n\u201cAn attacker may be able to convince a user to open a Microsoft Office document, web page, or spam mail containing a Flash file,\u201d according to a machine translation [of the KR-CERT security bulletin](<https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998>).\n\nAdobe released a security advisory on Thursday acknowledging the vulnerability and attacks.\n\n> \u201cAdobe is aware of a report that an exploit for [CVE-2018-4878](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>) exists in the wild, and is being used in limited, targeted attacks against Windows users. Adobe will address this vulnerability in a release planned for the week of February 5,\u201d according the advisory.\n\nAdobe said the zero-day is exploiting the vulnerability CVE-2018-4878, a critical remote code execution bug. According to Adobe it was discovered in Adobe Flash Player before 28.0.0.137. Adobe credits KR-CERT for reporting this issue.\n\nAdobe said affected products are versions of Adobe Flash Player Desktop Runtime (Win/Mac), Adobe Flash Player for Google Chrome (Win/Mac/Linux/Chrome OS), Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (Win 10 &amp; 8.1) and Adobe Flash Player Desktop Runtime (Linux). A complete list is [available here](<https://helpx.adobe.com/security/products/flash-player/apsa18-01.html>).\n\nSimon Choi, a security researcher with the South Korean security firm Hauri, claimed on Twitter that the zero-day vulnerability originated in North Korea and has been in use since mid-November 2017. Targeted are South Koreans researching online for information about North Korea.\n\n> Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea. (no patch yet) [pic.twitter.com/bbjg1CKmHh](<https://t.co/bbjg1CKmHh>)\n> \n> \u2014 Simon Choi (@issuemakerslab) [February 1, 2018](<https://twitter.com/issuemakerslab/status/959006385550778369?ref_src=twsrc%5Etfw>)\n\nKR-CERT is recommending users refrain from using Microsoft\u2019s Internet Explorer browser and use Mozilla\u2019s Firefox browser instead.\n\nOn Thursday Adobe recommended:\n\n> \u201cBeginning with Flash Player 27, administrators have the ability to change Flash Player\u2019s behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide. Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode,\u201d Adobe said.\n", "cvss3": {}, "published": "2018-02-01T15:40:55", "type": "threatpost", "title": "Adobe Flash Player Zero-Day Spotted in the Wild", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-4871", "CVE-2018-4878", "CVE-2019-0797"], "modified": "2018-02-01T15:40:55", "id": "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2", "href": "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2022-01-17T19:04:30", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-29.0.0.113\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-03-19T00:00:00", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4871", "CVE-2018-4877", "CVE-2018-4878", "CVE-2018-4919", "CVE-2018-4920"], "modified": "2018-03-19T00:00:00", "id": "GLSA-201803-08", "href": "https://security.gentoo.org/glsa/201803-08", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2018-01-27T09:17:17", "description": "[](<https://2.bp.blogspot.com/-beOJSQDFs8E/WlWzGhDEy1I/AAAAAAAAvao/HtLyZwdkdO0s6swi2W8MGUFOiL97VBjtACLcBGAs/s1600/microsoft-windows-update.png>)\n\nIf you think that only CPU updates that address this year's major security flaws\u2014[Meltdown and Spectre](<https://thehackernews.com/2018/01/meltdown-spectre-patches.html>)\u2014are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to. \n \nMicrosoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been actively exploited by several threat groups in the wild. \n \nSixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework. \n \nThe zero-day vulnerability ([CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>)), described by Microsoft as a memory corruption flaw in Office, is already being targeted in the wild by several threat actor groups in the past few months. \n \nThe vulnerability, discovered by several researchers from Chinese companies Tencent and Qihoo 360, ACROS Security's 0Patch Team, and Check Point Software Technologies, can be exploited for remote code execution by tricking a targeted user into opening a specially crafted malicious Word file in MS Office or WordPad. \n \nAccording to the company, this security flaw is related to CVE-2017-11882\u2014a 17-year-old [vulnerability in the Equation Editor](<https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html>) functionality (EQNEDT32.EXE), which Microsoft addressed in November. \n \nWhen researchers at 0Patch were analysing CVE-2017-11882, they discovered a new, related vulnerability (CVE-2018-0802). More details of CVE-2018-0802 can be found in a [blog post](<https://research.checkpoint.com/another-office-equation-rce-vulnerability/>) published by Check Point. \n \nBesides CVE-2018-0802, the company has addressed nine more remote code execution and memory disclosure vulnerabilities in MS Office. \n \nA spoofing vulnerability (CVE-2018-0819) in Microsoft Outlook for MAC, which has been listed as publicly disclosed ([Mailsploit attack](<https://thehackernews.com/2017/12/email-spoofing-client.html>)), has also addressed by the company. The vulnerability does not allow some versions Outlook for Mac to handle the encoding and display of email addresses properly, causing antivirus or anti-spam scanning not to work as intended. \n \nMicrosoft also addressed a certificate validation bypass vulnerability (CVE-2018-0786) in .NET Framework (and .NET Core) that could allow malware authors to show their invalid certificates as valid. \n \n\"An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose,\" describes Microsoft. \"This action disregards the Enhanced Key Usage taggings.\" \n \nThe company has also patched a total of 15 vulnerabilities in the scripting engine used by Microsoft Edge and Internet Explorer. \n \nAll these flaws could be exploited for remote code execution by tricking a targeted user into opening a specially-crafted webpage that triggers a memory corruption error, though none of these has been exploited in the wild yet. \n \nMeanwhile, Adobe has [patched](<https://helpx.adobe.com/security/products/flash-player/apsb18-01.html>) a single, out of bounds read flaw (CVE-2018-4871) this month that could allow for information disclosure, though no active exploits have been seen in the wild. \n \nUsers are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers. \n \nFor installing security updates, simply head on to Settings \u2192 Update &amp; security \u2192 Windows Update \u2192 Check for updates, or you can install the updates manually.\n", "cvss3": {}, "published": "2018-01-09T19:35:00", "type": "thn", "title": "Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-11882", "CVE-2018-0802", "CVE-2018-0819", "CVE-2018-4871", "CVE-2018-0786"], "modified": "2018-01-11T07:11:17", "id": "THN:ED087560040A02BCB1F68DE406A7F577", "href": "https://thehackernews.com/2018/01/microsoft-security-patch.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2018-01-26T09:59:23", "description": "\n\nLast week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of \u201cspeculative execution\u201d of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.\n\nIn order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro\u2019s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.\n\nOn January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit [Trend Micro Business Support](<https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates>) to get additional information.\n\n**TippingPoint Product Updates**\n\nEarlier this week, we released the following new releases for TippingPoint products:\n\n__Security Management System (SMS) Patches__\n\nThe following patches include minor enhancements, bug fixes and address security issues:\n\n**SMS Version** | **Patch** | **Software** \n---|---|--- \nSMS v4.4.0 | 2 | SMS_Patch-4.4.0.57192.2.pkg \nSMS v4.5.0 | 1 | SMS_Patch-4.5.0.98012.1.pkg \nSMS v4.6.0 | 1 | SMS_Patch-4.6.0.101914.1.pkg \nSMS v5.0.0 | 1 | SMS_Patch-5.0.0.106258.1.pkg \n \n \n\n__TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)__\n\nVersion 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.\n\nTOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.\n\nFor the complete list of enhancements and changes, customers can refer to the product release notes located on the [Threat Management Center (TMC) website](<https://tmc.tippingpoint.com/>) or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.\n\n**Microsoft Updates**\n\nDue to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0741 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0743 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0744 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0745 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0746 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0747 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0748 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0749 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0750 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0751 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0752 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0753 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0754 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0758 | 30160 | \nCVE-2018-0762 | 30167 | \nCVE-2018-0766 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0767 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0768 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0769 | 30168 | \nCVE-2018-0770 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0772 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0773 | 30169 | \nCVE-2018-0774 | 30185 | \nCVE-2018-0775 | 30186 | \nCVE-2018-0776 | 30164 | \nCVE-2018-0777 | 30162 | \nCVE-2018-0778 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0780 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0781 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0788 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0800 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0803 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0818 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [January 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/1/9/the-january-2018-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0764 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0784 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0785 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0786 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0789 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0790 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0791 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0792 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0793 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0794 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0795 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0796 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0797 | 30163 | \nCVE-2018-0798 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0799 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0801 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0802 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0804 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0805 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0806 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0807 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0812 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0819 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB18-01 | CVE-2018-4871 | 30201 | \n \n \n\n**Zero-Day Filters**\n\nThere are five new zero-day filters covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (5)_**\n\n| \n\n * 29948: ZDI-CAN-5154: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29962: ZDI-CAN-5210: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29967: ZDI-CAN-5223: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29973: ZDI-CAN-5239: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-1-2018/>).", "cvss3": {}, "published": "2018-01-12T15:09:44", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of January 8, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0741", "CVE-2018-0743", "CVE-2018-0744", "CVE-2018-0745", "CVE-2018-0746", "CVE-2018-0747", "CVE-2018-0748", "CVE-2018-0749", "CVE-2018-0750", "CVE-2018-0751", "CVE-2018-0752", "CVE-2018-0753", "CVE-2018-0754", "CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0764", "CVE-2018-0766", "CVE-2018-0767", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0780", "CVE-2018-0781", "CVE-2018-0784", "CVE-2018-0785", "CVE-2018-0786", "CVE-2018-0788", "CVE-2018-0789", "CVE-2018-0790", "CVE-2018-0791", "CVE-2018-0792", "CVE-2018-0793", "CVE-2018-0794", "CVE-2018-0795", "CVE-2018-0796", "CVE-2018-0797", "CVE-2018-0798", "CVE-2018-0799", "CVE-2018-0800", "CVE-2018-0801", "CVE-2018-0802", "CVE-2018-0803", "CVE-2018-0804", "CVE-2018-0805", "CVE-2018-0806", "CVE-2018-0807", "CVE-2018-0812", "CVE-2018-0818", "CVE-2018-0819", "CVE-2018-4871"], "modified": "2018-01-12T15:09:44", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-8-2018/", "id": "TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}