Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)
2011-11-16T00:00:00
ID OPENVAS:1361412562310902750 Type openvas Reporter Copyright (C) 2011 SecPod Modified 2020-05-28T00:00:00
Description
This host is installed with Adobe Flash Player/Air and is prone to
multiple vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
#
# Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)
#
# Authors:
# Madhuri D <dmadhuri@secpod.com>
#
# Copyright:
# Copyright (C) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.902750");
script_version("2020-05-28T14:41:23+0000");
script_cve_id("CVE-2011-2445", "CVE-2011-2450", "CVE-2011-2451", "CVE-2011-2452",
"CVE-2011-2453", "CVE-2011-2454", "CVE-2011-2455", "CVE-2011-2456",
"CVE-2011-2457", "CVE-2011-2458", "CVE-2011-2459", "CVE-2011-2460");
script_bugtraq_id(50625, 50619, 50623, 50622, 50618, 50626, 50627, 50624,
50621, 50629, 50620, 50628);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)");
script_tag(name:"creation_date", value:"2011-11-16 11:45:29 +0530 (Wed, 16 Nov 2011)");
script_name("Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)");
script_xref(name:"URL", value:"http://secunia.com/advisories/46818/");
script_xref(name:"URL", value:"http://www.adobe.com/support/security/bulletins/apsb11-28.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 SecPod");
script_family("General");
script_dependencies("gb_adobe_flash_player_detect_win.nasl");
script_mandatory_keys("Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to execute arbitrary
code or cause a denial of service (memory corruption) via unspecified vectors.");
script_tag(name:"affected", value:"Adobe AIR version prior to 3.1.0.4880 on Windows
Adobe Flash Player version prior to 10.3.183.11 and 11.x through 11.0.1.152 on Windows.");
script_tag(name:"insight", value:"The flaws are due to memory corruption, heap corruption, buffer
overflow, stack overflow errors that could lead to code execution.");
script_tag(name:"summary", value:"This host is installed with Adobe Flash Player/Air and is prone to
multiple vulnerabilities.");
script_tag(name:"solution", value:"Update to Adobe Air version 3.1.0.4880 or later
Update to Adobe Flash Player version 10.3.183.11 or 11.1.102.55 or later");
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
cpe_list = make_list("cpe:/a:adobe:flash_player",
"cpe:/a:adobe:adobe_air");
if(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))
exit(0);
vers = infos["version"];
path = infos["location"];
cpe = infos["cpe"];
if(cpe == "cpe:/a:adobe:flash_player") {
if(version_is_less(version:vers, test_version:"10.3.183.11") ||
version_in_range(version:vers, test_version:"11.0", test_version2:"11.0.1.152")) {
report = report_fixed_ver(installed_version:vers, fixed_version:"10.3.183.11 or 11.1.102.55", install_path:path);
security_message(port:0, data:report);
exit(0);
}
} else if(cpe == "cpe:/a:adobe:adobe_air") {
if(version_is_less(version:vers, test_version:"3.1.0.4880")) {
report = report_fixed_ver(installed_version:vers, fixed_version:"3.1.0.4880", install_path:path);
security_message(port:0, data:report);
exit(0);
}
}
exit(99);
{"id": "OPENVAS:1361412562310902750", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)", "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "published": "2011-11-16T00:00:00", "modified": "2020-05-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902750", "reporter": "Copyright (C) 2011 SecPod", "references": ["http://www.adobe.com/support/security/bulletins/apsb11-28.html", "http://secunia.com/advisories/46818/"], "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "lastseen": "2020-06-02T15:54:20", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:902752", "OPENVAS:1361412562310902751", "OPENVAS:902751", "OPENVAS:1361412562310902752", "OPENVAS:136141256231070604", "OPENVAS:70604", "OPENVAS:902750", "OPENVAS:136141256231071317", "OPENVAS:71317"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:1240-1", "OPENSUSE-SU-2011:1240-2", "SUSE-SA:2011:043", "SUSE-SU-2011:1244-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12035", "SECURITYVULNS:DOC:27474"]}, {"type": "freebsd", "idList": ["0E8E1212-0CE5-11E1-849B-003067B2972C"]}, {"type": "nessus", "idList": ["SUSE_11_FLASH-PLAYER-111111.NASL", "ADOBE_AIR_APSB11-28.NASL", "FREEBSD_PKG_0E8E12120CE511E1849B003067B2972C.NASL", "SOLARIS11_FLASH_20120207.NASL", "SUSE_11_4_FLASH-PLAYER-111115.NASL", "OPENSUSE-2011-4.NASL", "SUSE_FLASH-PLAYER-7832.NASL", "SUSE_11_3_FLASH-PLAYER-110921.NASL", "FLASH_PLAYER_APSB11-28.NASL", "SUSE_11_4_FLASH-PLAYER-111111.NASL"]}, {"type": "redhat", "idList": ["RHSA-2011:1445"]}, {"type": "gentoo", "idList": ["GLSA-201204-07"]}, {"type": "cve", "idList": ["CVE-2011-2458", "CVE-2011-2457", "CVE-2011-2453", "CVE-2011-2455", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2460", "CVE-2011-2445", "CVE-2011-2454", "CVE-2011-2456"]}, {"type": "symantec", "idList": ["SMNTC-50622"]}, {"type": "seebug", "idList": ["SSV:23200"]}], "modified": "2020-06-02T15:54:20", "rev": 2}, "score": {"value": 10.1, "vector": "NONE", "modified": "2020-06-02T15:54:20", "rev": 2}, "vulnersScore": 10.1}, "pluginID": "1361412562310902750", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902750\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\",\n \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\",\n \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n script_bugtraq_id(50625, 50619, 50623, 50622, 50618, 50626, 50627, 50624,\n 50621, 50629, 50620, 50628);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-11-16 11:45:29 +0530 (Wed, 16 Nov 2011)\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46818/\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via unspecified vectors.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version prior to 3.1.0.4880 on Windows\n\n Adobe Flash Player version prior to 10.3.183.11 and 11.x through 11.0.1.152 on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruption, heap corruption, buffer\n overflow, stack overflow errors that could lead to code execution.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Update to Adobe Air version 3.1.0.4880 or later\n\n Update to Adobe Flash Player version 10.3.183.11 or 11.1.102.55 or later\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player\",\n \"cpe:/a:adobe:adobe_air\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\ncpe = infos[\"cpe\"];\n\nif(cpe == \"cpe:/a:adobe:flash_player\") {\n if(version_is_less(version:vers, test_version:\"10.3.183.11\") ||\n version_in_range(version:vers, test_version:\"11.0\", test_version2:\"11.0.1.152\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"10.3.183.11 or 11.1.102.55\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n} else if(cpe == \"cpe:/a:adobe:adobe_air\") {\n if(version_is_less(version:vers, test_version:\"3.1.0.4880\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"3.1.0.4880\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "naslFamily": "General"}
{"openvas": [{"lastseen": "2017-09-05T11:22:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2017-09-04T00:00:00", "published": "2011-11-16T00:00:00", "id": "OPENVAS:902751", "href": "http://plugins.openvas.org/nasl.php?oid=902751", "type": "openvas", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_nov11_macosx.nasl 7052 2017-09-04 11:50:51Z teissa $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (MAC OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Update to Adobe Air version 3.1.0.4880 or later\n For updates refer to http://get.adobe.com/air\n\n Update to Adobe Flash Player version 10.3.183.11 or 11.1.102.55 or later\n For updates refer to http://get.adobe.com/flashplayer/\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via unspecified\n vectors.\n Impact Level: Application/System\";\ntag_affected = \"Adobe AIR version prior to 3.1.0.4880 on MAC OS X\n Adobe Flash Player version prior to 10.3.183.11 and 11.x through 11.0.1.152 on MAC OS X\";\ntag_insight = \"The flaws are due to memory corruption, heap corruption, buffer\n overflow, stack overflow errors that could lead to code execution.\";\ntag_summary = \"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902751);\n script_version(\"$Revision: 7052 $\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\",\n \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\",\n \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n script_bugtraq_id(50625, 50619, 50623, 50622, 50618, 50626, 50627, 50624,\n 50621, 50629, 50620, 50628);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-16 11:54:43 +0530 (Wed, 16 Nov 2011)\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (MAC OS X)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46818/\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/MacOSX/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Check for Adobe Flash Player\nplayerVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(playerVer != NULL)\n{\n # Grep for version < 10.3.183.11 or 11.x through 11.0.1.152\n if(version_is_less(version:playerVer, test_version:\"10.3.183.11\") ||\n version_in_range(version:playerVer, test_version:\"11.0\", test_version2:\"11.0.1.152\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Check for Adobe Air\nairVer = get_kb_item(\"Adobe/Air/MacOSX/Version\");\nif(airVer != NULL)\n{\n # Grep for version < 3.1.0.4880\n if(version_is_less(version:airVer, test_version:\"3.1.0.4880\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T11:04:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2017-12-21T00:00:00", "published": "2011-11-16T00:00:00", "id": "OPENVAS:902750", "href": "http://plugins.openvas.org/nasl.php?oid=902750", "type": "openvas", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_nov11_win.nasl 8210 2017-12-21 10:26:31Z cfischer $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Update to Adobe Air version 3.1.0.4880 or later\n For updates refer to http://get.adobe.com/air\n\n Update to Adobe Flash Player version 10.3.183.11 or 11.1.102.55 or later\n For updates refer to http://get.adobe.com/flashplayer/\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via unspecified\n vectors.\n Impact Level: Application/System\";\ntag_affected = \"Adobe AIR version prior to 3.1.0.4880 on Windows\n Adobe Flash Player version prior to 10.3.183.11 and 11.x through 11.0.1.152 on Windows.\";\ntag_insight = \"The flaws are due to memory corruption, heap corruption, buffer\n overflow, stack overflow errors that could lead to code execution.\";\ntag_summary = \"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902750);\n script_version(\"$Revision: 8210 $\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\",\n \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\",\n \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n script_bugtraq_id(50625, 50619, 50623, 50622, 50618, 50626, 50627, 50624,\n 50621, 50629, 50620, 50628);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 11:26:31 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-16 11:45:29 +0530 (Wed, 16 Nov 2011)\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46818/\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:adobe:flash_player\";\nif(playerVer = get_app_version(cpe:CPE, nofork:TRUE))\n{\n # Grep for version < 10.3.183.11 or 11.x through 11.0.1.152\n if(version_is_less(version:playerVer, test_version:\"10.3.183.11\") ||\n version_in_range(version:playerVer, test_version:\"11.0\", test_version2:\"11.0.1.152\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\nCPE = \"cpe:/a:adobe:adobe_air\";\nif(airVer = get_app_version(cpe:CPE))\n{\n # Grep for version < 3.1.0.4880\n if(version_is_less(version:airVer, test_version:\"3.1.0.4880\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2018-10-20T00:00:00", "published": "2011-11-16T00:00:00", "id": "OPENVAS:1361412562310902751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902751", "type": "openvas", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (MAC OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_nov11_macosx.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (MAC OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902751\");\n script_version(\"$Revision: 11997 $\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\",\n \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\",\n \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n script_bugtraq_id(50625, 50619, 50623, 50622, 50618, 50626, 50627, 50624,\n 50621, 50629, 50620, 50628);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-16 11:54:43 +0530 (Wed, 16 Nov 2011)\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - November 11 (MAC OS X)\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46818/\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/MacOSX/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via unspecified\n vectors.\");\n script_tag(name:\"affected\", value:\"Adobe AIR version prior to 3.1.0.4880 on MAC OS X\n Adobe Flash Player version prior to 10.3.183.11 and 11.x through 11.0.1.152 on MAC OS X\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruption, heap corruption, buffer\n overflow, stack overflow errors that could lead to code execution.\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Update to Adobe Air version 3.1.0.4880 or later Update to Adobe Flash Player version 10.3.183.11 or 11.1.102.55 or later\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/air\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nplayerVer = get_kb_item(\"Adobe/Flash/Player/MacOSX/Version\");\nif(playerVer != NULL)\n{\n if(version_is_less(version:playerVer, test_version:\"10.3.183.11\") ||\n version_in_range(version:playerVer, test_version:\"11.0\", test_version2:\"11.0.1.152\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n\nairVer = get_kb_item(\"Adobe/Air/MacOSX/Version\");\nif(airVer != NULL)\n{\n if(version_is_less(version:airVer, test_version:\"3.1.0.4880\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-19T00:00:00", "published": "2012-02-13T00:00:00", "id": "OPENVAS:70604", "href": "http://plugins.openvas.org/nasl.php?oid=70604", "type": "openvas", "title": "FreeBSD Ports: linux-f10-flashplugin", "sourceData": "#\n#VID 0e8e1212-0ce5-11e1-849b-003067b2972c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 0e8e1212-0ce5-11e1-849b-003067b2972c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-f10-flashplugin\n\nCVE-2011-2445\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2451,\nCVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\nCVE-2011-2459, and CVE-2011-2460.\n\nCVE-2011-2450\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (heap memory corruption)\nvia unspecified vectors.\n\nCVE-2011-2451\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\nCVE-2011-2459, and CVE-2011-2460.\n\nCVE-2011-2452\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\nCVE-2011-2459, and CVE-2011-2460.\n\nCVE-2011-2453\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455,\nCVE-2011-2459, and CVE-2011-2460.\n\nCVE-2011-2454\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455,\nCVE-2011-2459, and CVE-2011-2460.\n\nCVE-2011-2455\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454,\nCVE-2011-2459, and CVE-2011-2460.\n\nCVE-2011-2456\nBuffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x\nbefore 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before\n11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows\nattackers to execute arbitrary code via unspecified vectors.\n\nCVE-2011-2457\nStack-based buffer overflow in Adobe Flash Player before 10.3.183.11\nand 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris\nand before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880,\nallows attackers to execute arbitrary code via unspecified vectors.\n\nCVE-2011-2458\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, when Internet Explorer is\nused, allows remote attackers to bypass the cross-domain policy via a\ncrafted web site.\n\nCVE-2011-2459\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454,\nCVE-2011-2455, and CVE-2011-2460.\n\nCVE-2011-2460\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454,\nCVE-2011-2455, and CVE-2011-2459.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://www.adobe.com/support/security/bulletins/apsb11-28.html\nhttp://www.vuxml.org/freebsd/0e8e1212-0ce5-11e1-849b-003067b2972c.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70604);\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-19 11:02:22 +0200 (Wed, 19 Apr 2017) $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n script_version(\"$Revision: 5977 $\");\n script_name(\"FreeBSD Ports: linux-f10-flashplugin\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-f10-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.3r183.11\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"11\")>0 && revcomp(a:bver, b:\"11.1r102.55\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "modified": "2018-10-20T00:00:00", "published": "2011-11-16T00:00:00", "id": "OPENVAS:1361412562310902752", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902752", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - November 11 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_nov11_lin.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Adobe Flash Player Multiple Vulnerabilities - November 11 (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902752\");\n script_version(\"$Revision: 11997 $\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\",\n \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\",\n \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n script_bugtraq_id(50625, 50619, 50623, 50622, 50618, 50626, 50627, 50624,\n 50621, 50629, 50620, 50628);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-16 12:10:29 +0530 (Wed, 16 Nov 2011)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - November 11 (Linux)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via unspecified\n vectors.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version prior to 10.3.183.11 and 11.x through 11.0.1.152 on Linux\");\n script_tag(name:\"insight\", value:\"The flaws are due to memory corruption, heap corruption, buffer\n overflow, stack overflow errors that could lead to code execution.\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 10.3.183.11 or 11.1.102.55 or later\");\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/46818/\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nplayerVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\n\nif(!playerVer){\n exit(0);\n}\n\nplayerVer = ereg_replace(pattern:\",\", string:playerVer, replace: \".\");\n\nif(version_is_less(version:playerVer, test_version:\"10.3.183.11\") ||\n version_in_range(version:playerVer, test_version:\"11.0\", test_version2:\"11.0.1.152\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:19:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.", "modified": "2017-08-31T00:00:00", "published": "2011-11-16T00:00:00", "id": "OPENVAS:902752", "href": "http://plugins.openvas.org/nasl.php?oid=902752", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - November 11 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_flash_player_mult_vuln_nov11_lin.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# Adobe Flash Player Multiple Vulnerabilities - November 11 (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code or cause a denial of service (memory corruption) via unspecified\n vectors.\n Impact Level: Application/System\";\ntag_affected = \"Adobe Flash Player version prior to 10.3.183.11 and 11.x through 11.0.1.152 on Linux\";\ntag_insight = \"The flaws are due to memory corruption, heap corruption, buffer\n overflow, stack overflow errors that could lead to code execution.\";\ntag_solution = \"Update to Adobe Flash Player version 10.3.183.11 or 11.1.102.55 or later\n For updates refer to http://get.adobe.com/flashplayer/\";\ntag_summary = \"This host is installed with Adobe Flash Player and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902752);\n script_version(\"$Revision: 7029 $\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\",\n \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\",\n \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n script_bugtraq_id(50625, 50619, 50623, 50622, 50618, 50626, 50627, 50624,\n 50621, 50629, 50620, 50628);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-16 12:10:29 +0530 (Wed, 16 Nov 2011)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - November 11 (Linux)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_require_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/46818/\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Check for Adobe Flash Player\nplayerVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\n\nif(!playerVer){\n exit(0);\n}\n\nplayerVer = ereg_replace(pattern:\",\", string:playerVer, replace: \".\");\n\n# Grep for version < 10.3.183.11 or 11.x through 11.0.1.152\nif(version_is_less(version:playerVer, test_version:\"10.3.183.11\") ||\n version_in_range(version:playerVer, test_version:\"11.0\", test_version2:\"11.0.1.152\")){\n security_message(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2019-03-14T00:00:00", "published": "2012-02-13T00:00:00", "id": "OPENVAS:136141256231070604", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070604", "type": "openvas", "title": "FreeBSD Ports: linux-f10-flashplugin", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_linux-f10-flashplugin.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID 0e8e1212-0ce5-11e1-849b-003067b2972c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70604\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n script_version(\"$Revision: 14170 $\");\n script_name(\"FreeBSD Ports: linux-f10-flashplugin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: linux-f10-flashplugin\n\nCVE-2011-2445\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2451,\nCVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\nCVE-2011-2459, and CVE-2011-2460.\n\nCVE-2011-2450\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (heap memory corruption)\nvia unspecified vectors.\n\nCVE-2011-2451\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\nCVE-2011-2459, and CVE-2011-2460.\n\nCVE-2011-2452\nAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on\nWindows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on\nAndroid, and Adobe AIR before 3.1.0.4880, allows attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunspecified vectors, a different vulnerability than CVE-2011-2445,\nCVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\nCVE-2011-2459, and CVE-2011-2460.\n\nText truncated. Please see the references for more information.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/0e8e1212-0ce5-11e1-849b-003067b2972c.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"linux-f10-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.3r183.11\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"11\")>0 && revcomp(a:bver, b:\"11.1r102.55\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2012-0754", "CVE-2012-0773", "CVE-2011-2445", "CVE-2012-0752", "CVE-2012-0753", "CVE-2011-2457", "CVE-2012-0769", "CVE-2012-0768", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2012-0756", "CVE-2011-2456", "CVE-2012-0755", "CVE-2011-2460", "CVE-2011-2450", "CVE-2012-0767", "CVE-2011-2454"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201204-07.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71317", "href": "http://plugins.openvas.org/nasl.php?oid=71317", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201204-07 (Adobe Flash Player)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Adobe Flash Player, the worst of which\n might allow remote attackers to execute arbitrary code.\";\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-11.2.202.228'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201204-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=390149\nhttp://bugs.gentoo.org/show_bug.cgi?id=404101\nhttp://bugs.gentoo.org/show_bug.cgi?id=407023\nhttp://bugs.gentoo.org/show_bug.cgi?id=410005\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201204-07.\";\n\n \n \nif(description)\n{\n script_id(71317);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\", \"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0755\", \"CVE-2012-0756\", \"CVE-2012-0767\", \"CVE-2012-0768\", \"CVE-2012-0769\", \"CVE-2012-0773\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:58 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201204-07 (Adobe Flash Player)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.228\"), vulnerable: make_list(\"lt 11.2.202.228\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2012-0754", "CVE-2012-0773", "CVE-2011-2445", "CVE-2012-0752", "CVE-2012-0753", "CVE-2011-2457", "CVE-2012-0769", "CVE-2012-0768", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2012-0756", "CVE-2011-2456", "CVE-2012-0755", "CVE-2011-2460", "CVE-2011-2450", "CVE-2012-0767", "CVE-2011-2454"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201204-07.", "modified": "2018-10-12T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071317", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071317", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201204-07 (Adobe Flash Player)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201204_07.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71317\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\", \"CVE-2012-0752\", \"CVE-2012-0753\", \"CVE-2012-0754\", \"CVE-2012-0755\", \"CVE-2012-0756\", \"CVE-2012-0767\", \"CVE-2012-0768\", \"CVE-2012-0769\", \"CVE-2012-0773\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:58 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201204-07 (Adobe Flash Player)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Adobe Flash Player, the worst of which\n might allow remote attackers to execute arbitrary code.\");\n script_tag(name:\"solution\", value:\"All Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-11.2.202.228'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201204-07\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=390149\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=404101\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=407023\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=410005\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201204-07.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.228\"), vulnerable: make_list(\"lt 11.2.202.228\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "flash-player update to version 11.1.102.55 to fix the\n following critical security issues:\n\n CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456,\n CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460\n\n", "edition": 1, "modified": "2011-11-15T14:08:24", "published": "2011-11-15T14:08:24", "id": "OPENSUSE-SU-2011:1240-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html", "type": "suse", "title": "VUL-0: flash-player: sec. update to version 11.1.102.55 (critical)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:03", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "flash-player update to version 11.1.102.55 to fix the\n following critical security issues:\n\n CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456,\n CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460\n\n", "edition": 1, "modified": "2011-11-16T17:08:30", "published": "2011-11-16T17:08:30", "id": "OPENSUSE-SU-2011:1240-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00018.html", "title": "VUL-0: flash-player: sec. update to version 11.1.102.55 (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:29:31", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "flash-player was updated to version 11.1.102.55 to fix multiple security vulnerabilities that could be exploited by attackers to execute arbitrary code or to cause a denial of service via specially crafted flash content.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-11-17T11:56:32", "published": "2011-11-17T11:56:32", "id": "SUSE-SA:2011:043", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html", "type": "suse", "title": "remote code execution in flash-player", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:45", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "flash-player update to version 11.1.102.55 to fix the\n following critical security issues:\n\n CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\n CVE-2011-2456, CVE-2011-2457, CVE-2011-2458,\n CVE-2011-2459, CVE-2011-2460\n", "edition": 1, "modified": "2011-11-15T16:08:21", "published": "2011-11-15T16:08:21", "id": "SUSE-SU-2011:1244-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html", "title": "Security update for flash-player (critical)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "Multiple memory corruptions, buffer overflows, crossite data access.", "edition": 1, "modified": "2011-12-26T00:00:00", "published": "2011-12-26T00:00:00", "id": "SECURITYVULNS:VULN:12035", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12035", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-2459"], "description": "VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption \r\nVulnerability (CVE-2011-2459)\r\n\r\nWebsite : http://www.vupen.com/english/research.php\r\n\r\nTwitter : http://twitter.com/vupen\r\n\r\n\r\nI. BACKGROUND\r\n---------------------\r\n\r\nAdobe Flash Player is a cross-platform browser-based application runtime\r\nthat delivers uncompromised viewing of expressive applications, content,\r\nand videos across screens and browsers. Flash Player delivers breakthrough\r\nweb experiences to over 98% of Internet users.\r\n\r\n\r\nII. DESCRIPTION\r\n---------------------\r\n\r\nVUPEN Vulnerability Research Team discovered a vulnerability in Adobe\r\nFlash Player.\r\n\r\nThe vulnerability is caused by an uninitialized stack variable when\r\nprocessing an invalid "SAlign" property of the Flash ActiveX control,\r\nwhich could be exploited by remote attackers to compromise a vulnerable\r\nsystem via a specially crafted web page.\r\n\r\n\r\nIII. AFFECTED PRODUCTS\r\n---------------------------\r\n\r\nAdobe Flash Player versions prior to 11.1.102.55\r\n\r\n\r\nIV. Binary Analysis & Exploits/PoCs\r\n---------------------------------------\r\n\r\nIn-depth binary analysis of the vulnerability and a proof-of-concept code\r\nare available through the VUPEN Binary Analysis & Exploits portal :\r\n\r\nhttp://www.vupen.com/english/services/ba-index.php\r\n\r\n\r\nVUPEN Binary Analysis & Exploits Service provides private exploits and\r\nin-depth technical analysis of the most significant public vulnerabilities\r\nbased on disassembly, reverse engineering, protocol analysis, and code \r\naudit.\r\n\r\nThe service allows governments and major corporations to evaluate risks, and\r\nprotect infrastructures and assets against new threats. The service also\r\nallows security vendors (IPS, IDS, AntiVirus) to supplement their internal\r\nresearch efforts and quickly develop both vulnerability-based and\r\nexploit-based signatures to proactively protect their customers from attacks\r\nand emerging threats.\r\n\r\n\r\nV. VUPEN Threat Protection Program\r\n-----------------------------------\r\n\r\nGovernments and major corporations which are members of the VUPEN Threat\r\nProtection Program (TPP) have been proactively alerted about the \r\nvulnerability\r\nwhen it was discovered by VUPEN in advance of its public disclosure, and\r\nhave received a detailed attack detection guidance to protect national and\r\ncritical infrastructures against potential 0-day attacks exploiting this\r\nvulnerability:\r\n\r\nhttp://www.vupen.com/english/services/tpp-index.php\r\n\r\n\r\nVI. SOLUTION\r\n----------------\r\n\r\nUpgrade to Adobe Flash Player version 11.1.102.55\r\n\r\n\r\nVII. CREDIT\r\n--------------\r\n\r\nThis vulnerability was discovered by Nicolas Joly of VUPEN Security\r\n\r\n\r\nVIII. ABOUT VUPEN Security\r\n---------------------------\r\n\r\nVUPEN is the world leader in vulnerability research for defensive and\r\noffensive cyber security. VUPEN solutions enable corporations and \r\ngovernments\r\nto measure and manage risks, eliminate vulnerabilities before they can be\r\nexploited, and protect critical infrastructures and assets against known and\r\nunknown vulnerabilities.\r\n\r\nVUPEN has been recognized as "Company of the Year 2011 in the Vulnerability\r\nResearch Market" by Frost & Sullivan.\r\n\r\nVUPEN solutions include:\r\n\r\n* VUPEN Binary Analysis & Exploits Service (BAE) :\r\nhttp://www.vupen.com/english/services/ba-index.php\r\n\r\n* VUPEN Threat Protection Program (TPP) :\r\nhttp://www.vupen.com/english/services/tpp-index.php\r\n\r\n\r\nIX. REFERENCES\r\n----------------------\r\n\r\nhttp://www.adobe.com/support/security/bulletins/apsb11-28.html\r\nhttp://www.vupen.com/english/research.php\r\n\r\n\r\nX. DISCLOSURE TIMELINE\r\n-----------------------------\r\n\r\n2011-01-27 - Vulnerability Discovered by VUPEN and shared with TPP customers\r\n2011-12-16 - Public disclosure\r\n\r\n", "edition": 1, "modified": "2011-12-26T00:00:00", "published": "2011-12-26T00:00:00", "id": "SECURITYVULNS:DOC:27474", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27474", "title": "VUPEN Security Research - Adobe Flash Player "SAlign" Memory Corruption Vulnerability (CVE-2011-2459)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T05:58:10", "description": "flash-player update to version 11.1.102.55 to fix the following\ncritical security issues :\n\nCVE-2011-2445 / CVE-2011-2450 / CVE-2011-2451 / CVE-2011-2452 /\nCVE-2011-2453 / CVE-2011-2454 / CVE-2011-2455 / CVE-2011-2456 /\nCVE-2011-2457 / CVE-2011-2458 / CVE-2011-2459 / CVE-2011-2460", "edition": 24, "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : flash-player (SAT Patch Number 5413)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:flash-player"], "id": "SUSE_11_FLASH-PLAYER-111111.NASL", "href": "https://www.tenable.com/plugins/nessus/57102", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57102);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n\n script_name(english:\"SuSE 11.1 Security Update : flash-player (SAT Patch Number 5413)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flash-player update to version 11.1.102.55 to fix the following\ncritical security issues :\n\nCVE-2011-2445 / CVE-2011-2450 / CVE-2011-2451 / CVE-2011-2452 /\nCVE-2011-2453 / CVE-2011-2454 / CVE-2011-2455 / CVE-2011-2456 /\nCVE-2011-2457 / CVE-2011-2458 / CVE-2011-2459 / CVE-2011-2460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2453.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2456.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2457.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2458.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2460.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5413.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"flash-player-10.3.183.11-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T02:33:53", "description": "According to its version, the instance of Flash Player installed on\nthe remote Windows host is 10.x equal to or earlier than 10.3.183.10\nor 11.x equal to or earlier than 11.0.1.152. It is, therefore,\nreportedly affected by several critical vulnerabilities :\n\n - Several unspecified memory corruption errors\n exist that could lead to code execution. \n (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, \n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, \n CVE-2011-2459, CVE-2011-2460)\n\n - An unspecified heap corruption error exists that could\n lead to code execution. (CVE-2011-2450)\n\n - An unspecified buffer overflow error exists that could\n lead to code execution. (CVE-2011-2456)\n\n - An unspecified stack overflow error exists that could \n lead to code execution. (CVE-2011-2457)\n\n - An unspecified error related to Internet Explorer can\n allow cross-domain policy violations. (CVE-2011-2458)", "edition": 25, "published": "2011-11-18T00:00:00", "title": "Flash Player <= 10.3.183.10 / 11.0.1.152 Multiple Vulnerabilities (APSB11-28)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB11-28.NASL", "href": "https://www.tenable.com/plugins/nessus/56874", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56874);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\n \"CVE-2011-2445\",\n \"CVE-2011-2450\",\n \"CVE-2011-2451\",\n \"CVE-2011-2452\",\n \"CVE-2011-2453\",\n \"CVE-2011-2454\",\n \"CVE-2011-2455\",\n \"CVE-2011-2456\",\n \"CVE-2011-2457\",\n \"CVE-2011-2458\",\n \"CVE-2011-2459\",\n \"CVE-2011-2460\"\n );\n script_bugtraq_id(\n 50618,\n 50619,\n 50620,\n 50621,\n 50622,\n 50623,\n 50624,\n 50625,\n 50626,\n 50627,\n 50628,\n 50629\n );\n\n script_name(english:\"Flash Player <= 10.3.183.10 / 11.0.1.152 Multiple Vulnerabilities (APSB11-28)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Windows host is 10.x equal to or earlier than 10.3.183.10\nor 11.x equal to or earlier than 11.0.1.152. It is, therefore,\nreportedly affected by several critical vulnerabilities :\n\n - Several unspecified memory corruption errors\n exist that could lead to code execution. \n (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, \n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, \n CVE-2011-2459, CVE-2011-2460)\n\n - An unspecified heap corruption error exists that could\n lead to code execution. (CVE-2011-2450)\n\n - An unspecified buffer overflow error exists that could\n lead to code execution. (CVE-2011-2456)\n\n - An unspecified stack overflow error exists that could \n lead to code execution. (CVE-2011-2457)\n\n - An unspecified error related to Internet Explorer can\n allow cross-domain policy violations. (CVE-2011-2458)\"\n );\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash version 10.3.183.11 / 11.1.102.55 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\n# Cutoff here is 11.0.1.152; the next release was 11.1.102.55.\n# The same format was followed for 10.x - cutoff is 10.3.183.10;\n# the next release was 10.3.183.11.\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n # <= 10.3.183.10\n iver[0] < 10 ||\n (\n iver[0] == 10 &&\n (\n iver[1] < 3 ||\n (\n iver[1] == 3 &&\n (\n iver[2] < 183 ||\n (iver[2] == 183 && iver[3] <= 10)\n )\n )\n )\n )\n ||\n (\n # 11.x <= 11.0.1.152\n iver[0] == 11 &&\n (\n iver[1] == 0 &&\n (\n iver[2] < 1 ||\n (iver[2] == 1 && iver[3] <= 152)\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product: Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (variant == \"Chrome\")\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : 10.3.183.11 / 11.1.102.55';\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n if (report_verbosity > 0)\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:info);\n else\n security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse\n{ \n if (thorough_tests) \n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:56", "description": "According to its version, the instance of Adobe AIR installed on the\nremote Windows host is 3.0 or earlier and is reportedly affected by \nseveral critical vulnerabilities :\n\n - Several unspecified memory corruption errors\n exist that could lead to code execution.\n (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\n CVE-2011-2459, CVE-2011-2460)\n\n - An unspecified heap corruption error exists that could\n lead to code execution. (CVE-2011-2450)\n\n - An unspecified buffer overflow error exists that could\n lead to code execution. (CVE-2011-2456)\n\n - An unspecified stack overflow error exists that could\n lead to code execution. (CVE-2011-2457)\n\n - An unspecified error related to Internet Explorer can\n allow cross-domain policy violations. (CVE-2011-2458)\n\nBy tricking a user on the affected system into opening a specially\ncrafted document with Flash content, an attacker could leverage these\nvulnerabilities to execute arbitrary code remotely on the system\nsubject to the user's privileges.", "edition": 24, "published": "2011-11-28T00:00:00", "title": "Adobe AIR <= 3.0 Multiple Vulnerabilities (APSB11-28)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "ADOBE_AIR_APSB11-28.NASL", "href": "https://www.tenable.com/plugins/nessus/56959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56959);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\n \"CVE-2011-2445\",\n \"CVE-2011-2450\",\n \"CVE-2011-2451\",\n \"CVE-2011-2452\",\n \"CVE-2011-2453\",\n \"CVE-2011-2454\",\n \"CVE-2011-2455\",\n \"CVE-2011-2456\",\n \"CVE-2011-2457\",\n \"CVE-2011-2458\",\n \"CVE-2011-2459\",\n \"CVE-2011-2460\"\n );\n script_bugtraq_id(\n 50618,\n 50619,\n 50620,\n 50621,\n 50622,\n 50623,\n 50624,\n 50625,\n 50626,\n 50627,\n 50628,\n 50629\n );\n\n script_name(english:\"Adobe AIR <= 3.0 Multiple Vulnerabilities (APSB11-28)\");\n script_summary(english:\"Checks version gathered by local check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Windows host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its version, the instance of Adobe AIR installed on the\nremote Windows host is 3.0 or earlier and is reportedly affected by \nseveral critical vulnerabilities :\n\n - Several unspecified memory corruption errors\n exist that could lead to code execution.\n (CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,\n CVE-2011-2459, CVE-2011-2460)\n\n - An unspecified heap corruption error exists that could\n lead to code execution. (CVE-2011-2450)\n\n - An unspecified buffer overflow error exists that could\n lead to code execution. (CVE-2011-2456)\n\n - An unspecified stack overflow error exists that could\n lead to code execution. (CVE-2011-2457)\n\n - An unspecified error related to Internet Explorer can\n allow cross-domain policy violations. (CVE-2011-2458)\n\nBy tricking a user on the affected system into opening a specially\ncrafted document with Flash content, an attacker could leverage these\nvulnerabilities to execute arbitrary code remotely on the system\nsubject to the user's privileges.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-28.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe AIR 3.1 (3.1.0.4880) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\", \"SMB/Adobe_AIR/Path\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/Adobe_AIR/Version\");\npath = get_kb_item_or_exit(\"SMB/Adobe_AIR/Path\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui + ' (' + version + ')';\n\nfix = '3.1.0.4880';\nfix_ui = '3.1';\n\nif (ver_compare(ver:version, fix:fix) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fix_ui + \" (\" + fix + ')\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nelse exit(0, \"The Adobe AIR \"+version_report+\" install on the host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:37", "description": "flash-player update to version 11.1.102.55 to fix the following\ncritical security issues :\n\nCVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\nCVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456,\nCVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460", "edition": 27, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_4_FLASH-PLAYER-111115.NASL", "href": "https://www.tenable.com/plugins/nessus/75840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-5436.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75840);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-2)\");\n script_summary(english:\"Check for the flash-player-5436 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flash-player update to version 11.1.102.55 to fix the following\ncritical security issues :\n\nCVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\nCVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456,\nCVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"flash-player-11.1.102.55-0.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:39:50", "description": "Adobe Product Security Incident Response Team reports :\n\nCritical vulnerabilities have been identified in Adobe Flash Player\n11.0.1.152 and earlier versions for Windows, Macintosh, Linux and\nSolaris, and Adobe Flash Player 11.0.1.153 and earlier versions for\nAndroid.\n\nIn addition a patch was released for users of flash10.", "edition": 26, "published": "2011-11-14T00:00:00", "title": "FreeBSD : linux-flashplugin -- multiple vulnerabilities (0e8e1212-0ce5-11e1-849b-003067b2972c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2011-11-14T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin"], "id": "FREEBSD_PKG_0E8E12120CE511E1849B003067B2972C.NASL", "href": "https://www.tenable.com/plugins/nessus/56803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56803);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n\n script_name(english:\"FreeBSD : linux-flashplugin -- multiple vulnerabilities (0e8e1212-0ce5-11e1-849b-003067b2972c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Product Security Incident Response Team reports :\n\nCritical vulnerabilities have been identified in Adobe Flash Player\n11.0.1.152 and earlier versions for Windows, Macintosh, Linux and\nSolaris, and Adobe Flash Player 11.0.1.153 and earlier versions for\nAndroid.\n\nIn addition a patch was released for users of flash10.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb11-28.html\"\n );\n # https://vuxml.freebsd.org/freebsd/0e8e1212-0ce5-11e1-849b-003067b2972c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bec50e3c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<10.3r183.11\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin>11<11.1r102.55\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:36", "description": "flash-player update to version 11.1.102.55 to fix the following\ncritical security issues :\n\nCVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\nCVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456,\nCVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460", "edition": 26, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_4_FLASH-PLAYER-111111.NASL", "href": "https://www.tenable.com/plugins/nessus/75839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-5420.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75839);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-1)\");\n script_summary(english:\"Check for the flash-player-5420 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flash-player update to version 11.1.102.55 to fix the following\ncritical security issues :\n\nCVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\nCVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456,\nCVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"flash-player-11.1.102.55-0.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:07:13", "description": "flash-player update to version 11.1.102.55 to fix the following\ncritical security issues :\n\nCVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\nCVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456,\nCVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460", "edition": 26, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_3_FLASH-PLAYER-110921.NASL", "href": "https://www.tenable.com/plugins/nessus/75502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-5420.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75502);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2011:1240-1)\");\n script_summary(english:\"Check for the flash-player-5420 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flash-player update to version 11.1.102.55 to fix the following\ncritical security issues :\n\nCVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,\nCVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456,\nCVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"flash-player-10.3.183.10-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:52", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2451, CVE-2011-2452, CVE-2011-2453,\n CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2445)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (heap memory corruption)\n via unspecified vectors. (CVE-2011-2450)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2452, CVE-2011-2453,\n CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2451)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2453,\n CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2452)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2453)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2454)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2455)\n\n - Buffer overflow in Adobe Flash Player before 10.3.183.11\n and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux,\n and Solaris and before 11.1.102.59 on Android, and Adobe\n AIR before 3.1.0.4880, allows attackers to execute\n arbitrary code via unspecified vectors. (CVE-2011-2456)\n\n - Stack-based buffer overflow in Adobe Flash Player before\n 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac\n OS X, Linux, and Solaris and before 11.1.102.59 on\n Android, and Adobe AIR before 3.1.0.4880, allows\n attackers to execute arbitrary code via unspecified\n vectors. (CVE-2011-2457)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, when Internet Explorer is used, allows\n remote attackers to bypass the cross-domain policy via a\n crafted web site. (CVE-2011-2458)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and\n CVE-2011-2460. (CVE-2011-2459)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and\n CVE-2011-2459. (CVE-2011-2460)", "edition": 26, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : flash (multiple_vulnerabilities_in_adobe_flashplayer4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:flash", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_FLASH_20120207.NASL", "href": "https://www.tenable.com/plugins/nessus/80611", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80611);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : flash (multiple_vulnerabilities_in_adobe_flashplayer4)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2451, CVE-2011-2452, CVE-2011-2453,\n CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2445)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (heap memory corruption)\n via unspecified vectors. (CVE-2011-2450)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2452, CVE-2011-2453,\n CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2451)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2453,\n CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2452)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2453)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2454)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and\n CVE-2011-2460. (CVE-2011-2455)\n\n - Buffer overflow in Adobe Flash Player before 10.3.183.11\n and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux,\n and Solaris and before 11.1.102.59 on Android, and Adobe\n AIR before 3.1.0.4880, allows attackers to execute\n arbitrary code via unspecified vectors. (CVE-2011-2456)\n\n - Stack-based buffer overflow in Adobe Flash Player before\n 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac\n OS X, Linux, and Solaris and before 11.1.102.59 on\n Android, and Adobe AIR before 3.1.0.4880, allows\n attackers to execute arbitrary code via unspecified\n vectors. (CVE-2011-2457)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, when Internet Explorer is used, allows\n remote attackers to bypass the cross-domain policy via a\n crafted web site. (CVE-2011-2458)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and\n CVE-2011-2460. (CVE-2011-2459)\n\n - Adobe Flash Player before 10.3.183.11 and 11.x before\n 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and\n before 11.1.102.59 on Android, and Adobe AIR before\n 3.1.0.4880, allows attackers to execute arbitrary code\n or cause a denial of service (memory corruption) via\n unspecified vectors, a different vulnerability than\n CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,\n CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and\n CVE-2011-2459. (CVE-2011-2460)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-adobe-flashplayer\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dbdf69a4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 02.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:flash\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^flash$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.2.0.3.0\", sru:\"SRU 2\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : flash\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"flash\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:07:50", "description": "This update provides flash-player 11.1.102.55, which files the\nfollowing critical security issues :\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2445).\n\n - This update resolves a heap corruption vulnerability\n that could lead to code execution (CVE-2011-2450).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2451).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2452).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2453).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2454).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2455).\n\n - This update resolves a buffer overflow vulnerability\n that could lead to code execution (CVE-2011-2456).\n\n - This update resolves a stack overflow vulnerability that\n could lead to code execution (CVE-2011-2457).\n\n - This update resolves a vulnerability that could lead to\n a cross-domain policy bypass (Internet Explorer-only)\n (CVE-2011-2458).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2459).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2460).", "edition": 25, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-2011-4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player"], "id": "OPENSUSE-2011-4.NASL", "href": "https://www.tenable.com/plugins/nessus/74525", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2011-4.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74525);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-2011-4)\");\n script_summary(english:\"Check for the openSUSE-2011-4 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update provides flash-player 11.1.102.55, which files the\nfollowing critical security issues :\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2445).\n\n - This update resolves a heap corruption vulnerability\n that could lead to code execution (CVE-2011-2450).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2451).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2452).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2453).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2454).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2455).\n\n - This update resolves a buffer overflow vulnerability\n that could lead to code execution (CVE-2011-2456).\n\n - This update resolves a stack overflow vulnerability that\n could lead to code execution (CVE-2011-2457).\n\n - This update resolves a vulnerability that could lead to\n a cross-domain policy bypass (Internet Explorer-only)\n (CVE-2011-2458).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2459).\n\n - This update resolves a memory corruption vulnerability\n that could lead to code execution (CVE-2011-2460).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"flash-player-11.1.102.55-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"flash-player-gnome-11.1.102.55-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"flash-player-kde4-11.1.102.55-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:30:15", "description": "flash-player update to version 11.1.102.55 to fix the following\ncritical", "edition": 20, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 7832)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FLASH-PLAYER-7832.NASL", "href": "https://www.tenable.com/plugins/nessus/57195", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57195);\n script_version (\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-2445\", \"CVE-2011-2450\", \"CVE-2011-2451\", \"CVE-2011-2452\", \"CVE-2011-2453\", \"CVE-2011-2454\", \"CVE-2011-2455\", \"CVE-2011-2456\", \"CVE-2011-2457\", \"CVE-2011-2458\", \"CVE-2011-2459\", \"CVE-2011-2460\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 7832)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"flash-player update to version 11.1.102.55 to fix the following\ncritical\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2453.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2454.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2456.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2457.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2458.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2460.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7832.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"flash-player-10.3.183.11-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:55", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2453", "CVE-2011-2445", "CVE-2011-2457", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2011-2456", "CVE-2011-2460", "CVE-2011-2450", "CVE-2011-2454"], "description": "\nAdobe Product Security Incident Response Team reports:\n\nCritical vulnerabilities have been identified in Adobe Flash\n\t Player 11.0.1.152 and earlier versions for Windows, Macintosh,\n\t Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier\n\t versions for Android.\n\nIn addition a patch was released for users of flash10.\n", "edition": 4, "modified": "2011-11-10T00:00:00", "published": "2011-11-10T00:00:00", "id": "0E8E1212-0CE5-11E1-849B-003067B2972C", "href": "https://vuxml.freebsd.org/freebsd/0e8e1212-0ce5-11e1-849b-003067b2972c.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:05", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2445", "CVE-2011-2450", "CVE-2011-2451", "CVE-2011-2452", "CVE-2011-2453", "CVE-2011-2454", "CVE-2011-2455", "CVE-2011-2456", "CVE-2011-2457", "CVE-2011-2459", "CVE-2011-2460"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB11-28, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2011-2445,\nCVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454,\nCVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2459, CVE-2011-2460)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.3.183.11.\n", "modified": "2018-06-07T09:04:36", "published": "2011-11-11T05:00:00", "id": "RHSA-2011:1445", "href": "https://access.redhat.com/errata/RHSA-2011:1445", "type": "redhat", "title": "(RHSA-2011:1445) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:39:08", "description": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2460", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2460"], "modified": "2018-11-29T15:38:00", "cpe": [], "id": "CVE-2011-2460", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2460", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2458", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2458"], "modified": "2018-11-29T15:37:00", "cpe": [], "id": "CVE-2011-2458", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2458", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2457", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2457"], "modified": "2018-11-29T15:37:00", "cpe": [], "id": "CVE-2011-2457", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2457", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2451", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2451"], "modified": "2018-11-29T15:38:00", "cpe": [], "id": "CVE-2011-2451", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2451", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2454", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2454"], "modified": "2018-11-29T15:40:00", "cpe": [], "id": "CVE-2011-2454", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2454", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2456", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2456"], "modified": "2018-11-29T15:37:00", "cpe": [], "id": "CVE-2011-2456", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2456", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2453", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2453"], "modified": "2018-11-29T15:40:00", "cpe": [], "id": "CVE-2011-2453", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2453", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2455", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2455"], "modified": "2018-11-29T15:41:00", "cpe": [], "id": "CVE-2011-2455", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2455", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2452", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2452"], "modified": "2018-11-29T15:39:00", "cpe": [], "id": "CVE-2011-2452", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2452", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2020-12-09T19:39:08", "description": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.", "edition": 6, "cvss3": {}, "published": "2011-11-11T16:55:00", "title": "CVE-2011-2445", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2445"], "modified": "2018-11-29T15:36:00", "cpe": [], "id": "CVE-2011-2445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2445", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "gentoo": [{"lastseen": "2016-09-06T19:47:06", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2453", "CVE-2012-0754", "CVE-2012-0773", "CVE-2011-2445", "CVE-2012-0752", "CVE-2012-0753", "CVE-2011-2457", "CVE-2012-0769", "CVE-2012-0768", "CVE-2011-2452", "CVE-2011-2451", "CVE-2011-2455", "CVE-2011-2459", "CVE-2011-2458", "CVE-2012-0756", "CVE-2011-2456", "CVE-2012-0755", "CVE-2011-2460", "CVE-2011-2450", "CVE-2012-0767", "CVE-2011-2454"], "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass intended access restrictions, bypass cross-domain policy, inject arbitrary web script, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.228\"", "edition": 1, "modified": "2012-04-17T00:00:00", "published": "2012-04-17T00:00:00", "id": "GLSA-201204-07", "href": "https://security.gentoo.org/glsa/201204-07", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-03-14T22:40:42", "bulletinFamily": "software", "cvelist": ["CVE-2011-2452"], "description": "### Description\n\nAdobe Flash Player is prone to an unspecified remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.\n\n### Technologies Affected\n\n * Adobe AIR 2.0.2 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.4 \n * Adobe AIR 2.5.1 \n * Adobe AIR 2.6 \n * Adobe AIR 2.7 \n * Adobe AIR 2.7.1 \n * Adobe AIR 3.0 \n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.0.45.2 \n * Adobe Flash Player 10.1 Release Candidate \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.18D60 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.125.0 \n * Adobe Flash Player for Android 11.0.1.153 \n * Gentoo Linux \n * HP Systems Insight Manager 4.0 \n * HP Systems Insight Manager 4.1 \n * HP Systems Insight Manager 4.1 SP1 \n * HP Systems Insight Manager 4.2 \n * HP Systems Insight Manager 4.2 SP1 \n * HP Systems Insight Manager 4.2 SP2 \n * HP Systems Insight Manager 5.0 \n * HP Systems Insight Manager 5.0 SP1 \n * HP Systems Insight Manager 5.0 SP2 \n * HP Systems Insight Manager 5.0 SP3 \n * HP Systems Insight Manager 5.0 SP5 \n * HP Systems Insight Manager 5.0 SP6 \n * HP Systems Insight Manager 5.1 SP1 \n * HP Systems Insight Manager 5.2 SP2 \n * HP Systems Insight Manager 5.3 \n * HP Systems Insight Manager 5.3 Update 1 \n * HP Systems Insight Manager 6.0 \n * HP Systems Insight Manager 6.0.0.96 \n * HP Systems Insight Manager 6.1 \n * HP Systems Insight Manager 6.2 \n * HP Systems Insight Manager 6.3 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * SuSE Suse Linux Enterprise Desktop 10 SP4 \n * SuSE Suse Linux Enterprise Desktop 11 SP1 \n * SuSE openSUSE 11.3 \n * SuSE openSUSE 11.4 \n * Sun Solaris 10 Sparc \n * Sun Solaris 10 X86 \n * Sun Solaris 11 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run the application with the minimal amount of privileges required for functionality.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources. \n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources. \n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.\n\nUpdates are available. Please see the references for more information.\n", "modified": "2011-11-09T00:00:00", "published": "2011-11-09T00:00:00", "id": "SMNTC-50622", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/50622", "type": "symantec", "title": "Adobe Flash Player CVE-2011-2452 Remote Memory Corruption Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:57:10", "description": "BUGTRAQ ID: 50629\r\nCVE ID: CVE-2011-2458\r\n\r\nAdobe Flash Player\u662f\u4e00\u4e2a\u96c6\u6210\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u540c\u6e90\u7b56\u7565\u9650\u5236\u3002\n\nAdobe Flash Player 9.x\r\nAdobe Flash Player 10.x\r\nAdobe AIR 3.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\nAdobe\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08APSB11-28\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n\r\nAPSB11-28\uff1aSecurity update available for Adobe Flash Player\r\n\r\n\u94fe\u63a5\uff1ahttp://www.adobe.com/support/security/bulletins/apsb11-28.html", "published": "2011-11-16T00:00:00", "type": "seebug", "title": "Adobe Flash Player\u8de8\u57df\u5b89\u5168\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-2458"], "modified": "2011-11-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23200", "id": "SSV:23200", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
