Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone AGOPENVAS:1361412562310902194
HistoryJun 22, 2010 - 12:00 a.m.

Adobe Flash Player/Air Multiple Vulnerabilities (Jun 2010) - Linux

2010-06-2200:00:00
Copyright (C) 2010 Greenbone AG
plugins.openvas.org
13

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.9 High

AI Score

Confidence

High

0.355 Low

EPSS

Percentile

97.2%

JSON

Adobe Flash Player/Air is prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.902194");
  script_version("2024-02-08T14:36:53+0000");
  script_tag(name:"last_modification", value:"2024-02-08 14:36:53 +0000 (Thu, 08 Feb 2024)");
  script_tag(name:"creation_date", value:"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)");
  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2008-4546", "CVE-2009-3793", "CVE-2010-1297", "CVE-2010-2160",
                "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164",
                "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169",
                "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172", "CVE-2010-2173",
                "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177",
                "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181",
                "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185",
                "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188", "CVE-2010-2189");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_name("Adobe Flash Player/Air Multiple Vulnerabilities (Jun 2010) - Linux");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/1421");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/40759");
  script_xref(name:"URL", value:"http://securitytracker.com/alerts/2010/Jun/1024086.html");
  script_xref(name:"URL", value:"http://www.adobe.com/support/security/bulletins/apsb10-14.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_family("General");
  script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
  script_mandatory_keys("Adobe/Air_or_Flash_or_Reader/Linux/Installed");

  script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to obtain sensitive
  information or cause a denial of service.");

  script_tag(name:"affected", value:"Adobe AIR version prior to 2.0.2.12610,
  Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on Linux.");

  script_tag(name:"insight", value:"The flaws are due to input validation errors, memory corruptions,
  array indexing, use-after-free, integer and buffer overflows, and
  invalid pointers when processing malformed Flash content.");

  script_tag(name:"solution", value:"Update to Adobe Air 2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2.");

  script_tag(name:"summary", value:"Adobe Flash Player/Air is prone to multiple vulnerabilities.");

  script_tag(name:"qod_type", value:"executable_version");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

cpe_list = make_list("cpe:/a:adobe:flash_player",
                     "cpe:/a:adobe:adobe_air");

if(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];
cpe  = infos["cpe"];

if(cpe == "cpe:/a:adobe:flash_player") {
  if(version_is_less(version:vers, test_version:"9.0.277.0") ||
     version_in_range(version:vers, test_version:"10.0", test_version2:"10.0.45.1")) {
    report = report_fixed_ver(installed_version:vers, fixed_version:"9.0.277.0/10.0.45.2", install_path:path);
    security_message(port:0, data:report);
    exit(0);
  }
} else if(cpe == "cpe:/a:adobe:adobe_air") {
  if(version_is_less(version:vers, test_version:"2.0.2.12610")) {
    report = report_fixed_ver(installed_version:vers, fixed_version:"2.0.2.12610", install_path:path);
    security_message(port:0, data:report);
    exit(0);
  }
}

exit(99);

Related

openvas 14
nessus 14
redhat 2
securityvulns 12
freebsd 1
suse 1
cvelist 25
nvd 26
ubuntucve 26
prion 26
cve 26
gentoo 1
checkpoint_advisories 4
saint 3
seebug 6
exploitpack 1
zdi 5
cert 1
canvas 1
packetstorm 1
threatpost 1
metasploit 1
attackerkb 1
openvas
openvas
Adobe Flash Player/Air Multiple Vulnerabilities (Jun 2010) - Windows
2010-06-22 00:00:00
Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)
2010-06-22 00:00:00
FreeBSD Ports: linux-flashplugin
2010-07-06 00:00:00
nessus
nessus
RHEL 3 / 4 : flash-plugin (RHSA-2010:0470)
2013-01-24 00:00:00
RHEL 5 : flash-plugin (RHSA-2010:0464)
2013-01-24 00:00:00
Flash Player < 9.0.277.0 / 10.1.53.63 Multiple Vulnerabilities (APSB10-14)
2010-06-10 00:00:00
redhat
redhat
(RHSA-2010:0470) Critical: flash-plugin security update
2010-06-14 00:00:00
(RHSA-2010:0464) Critical: flash-plugin security update
2010-06-11 00:00:00
securityvulns
securityvulns
Adobe Flash Player / Acrobat / Reader memory corruptions
2010-06-26 00:00:00
Security update available for Adobe Flash Player
2010-06-11 00:00:00
[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager &#40;SIM&#41; for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities
2010-07-18 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2008-10-02 00:00:00
suse
suse
remote code execution in flash-player
2010-06-11 17:44:20
cvelist
cvelist
CVE-2010-2176
2010-06-15 17:48:00
CVE-2010-2187
2010-06-15 17:48:00
CVE-2010-2160
2010-06-15 17:48:00
nvd
nvd
CVE-2010-2176
2010-06-15 18:00:01
CVE-2010-2160
2010-06-15 18:00:01
CVE-2010-2171
2010-06-15 18:00:01
ubuntucve
ubuntucve
CVE-2010-2188
2010-06-15 00:00:00
CVE-2010-2177
2010-06-15 00:00:00
CVE-2010-2171
2010-06-15 00:00:00
prion
prion
Memory corruption
2010-06-15 18:00:00
Memory corruption
2010-06-15 18:00:00
Memory corruption
2010-06-15 18:00:00
cve
cve
CVE-2010-2166
2010-06-15 18:00:01
CVE-2010-2178
2010-06-15 18:00:01
CVE-2010-2187
2010-06-15 18:00:01
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2011-01-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Embedded Image Integer Overflow (APSB10-14; CVE-2010-2170)
2010-06-17 00:00:00
Adobe Multiple Products authplay.dll PDF File Code Execution - Ver2 (CVE-2010-1297)
2014-03-31 00:00:00
Adobe Flash Player authplay.dll Component Code Execution (APSA10-01; CVE-2010-1297)
2010-06-07 00:00:00
saint
saint
Adobe Reader authplay.dll newfunction Memory Corruption
2010-06-17 00:00:00
Adobe Reader authplay.dll newfunction Memory Corruption
2010-06-17 00:00:00
Adobe Reader authplay.dll newfunction Memory Corruption
2010-06-17 00:00:00
seebug
seebug
Adobe Acrobat Reader and Flash Player - “newclass” invalid pointer
2014-07-02 00:00:00
Adobe Flash Player DefineBit标签JPEG解析内存破坏漏洞
2010-06-23 00:00:00
Adobe Flash Player "newfunction" Invalid Pointer Use
2014-07-01 00:00:00
exploitpack
exploitpack
Adobe Acrobat Reader and Flash Player - newclass Invalid Pointer
2010-09-01 00:00:00
zdi
zdi
Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution Vulnerability
2010-06-16 00:00:00
Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability
2010-06-25 00:00:00
Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability
2010-06-21 00:00:00
cert
cert
Adobe Flash ActionScript AVM2 newfunction vulnerability
2010-06-07 00:00:00
canvas
canvas
Immunity Canvas: FLASH_NEWFUNCTION
2010-06-08 18:30:00
packetstorm
packetstorm
Adobe Flash Player newfucntion Invalid Pointer Use
2010-06-15 00:00:00
threatpost
threatpost
Adobe to Release Flash Patch June 10
2010-06-08 10:56:42
metasploit
metasploit
Adobe Flash Player "newfunction" Invalid Pointer Use
2010-06-10 20:28:05
attackerkb
attackerkb
CVE-2010-1297
2010-06-08 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.9 High

AI Score

Confidence

High

0.355 Low

EPSS

Percentile

97.2%

JSON
Related for OPENVAS:1361412562310902194
openvas14nessus14redhat2securityvulns12freebsd1suse1cvelist25nvd26ubuntucve26prion26cve26gentoo1checkpoint_advisories4saint3seebug6exploitpack1zdi5cert1canvas1packetstorm1threatpost1metasploit1attackerkb1