Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Windows)

Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Windows). Multiple DoS vulnerabilities in Adobe Flash Player and Adobe Air versions can lead to arbitrary code execution, elevated privileges, and clickjacking attacks

Reporter	Title	Published	Views	Family All 113
Tenable Nessus	Adobe AIR < 1.5.2 Multiple Vulnerabilities (APSB09-10)	31 Jul 200900:00	–	nessus
Tenable Nessus	Mac OS X 10.6 < 10.6.1 Multiple Vulnerabilities	11 Sep 200900:00	–	nessus
Tenable Nessus	Mac OS X 10.6 < 10.6.1 Multiple Vulnerabilities	11 Sep 200900:00	–	nessus
Tenable Nessus	Adobe AIR < 1.5.2 Multiple Vulnerabilities (APSB09-10)	31 Jul 200900:00	–	nessus
Tenable Nessus	Flash Player < 9.0.246.0 / 10.0.32.18 Multiple Vulnerabilities (APSB09-10)	30 Jul 200900:00	–	nessus
Tenable Nessus	GLSA-200908-04 : Adobe products: Multiple vulnerabilities	10 Aug 200900:00	–	nessus
Tenable Nessus	Mac OS X 10.6.x < 10.6.1 Multiple Vulnerabilities	11 Sep 200900:00	–	nessus
Tenable Nessus	Mac OS X Multiple Vulnerabilities (Security Update 2009-005)	11 Sep 200900:00	–	nessus
Tenable Nessus	RHEL 5 : flash-plugin (RHSA-2009:1188)	24 Jan 201300:00	–	nessus
Tenable Nessus	RHEL 3 / 4 : flash-plugin (RHSA-2009:1189)	24 Jan 201300:00	–	nessus

Source	Link
secunia	www.secunia.com/advisories/35948/
vupen	www.vupen.com/english/advisories/2009/2086
adobe	www.adobe.com/support/security/bulletins/apsb09-10.html

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_adobe_prdts_mult_dos_vuln_aug09_win.nasl 8210 2017-12-21 10:26:31Z cfischer $
#
# Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Windows)
#
# Authors:
# Sharath S <[email protected]>
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow remote attackers to execute arbitrary code,
  gain elevated privileges, gain knowledge of certain information and conduct
  clickjacking attacks.

  Impact Level: System/Application";
tag_affected = "Adobe AIR version prior to 1.5.2

  Adobe Flash Player 9 version prior to 9.0.246.0

  Adobe Flash Player 10 version prior to 10.0.32.18 on Windows";

tag_insight = "Multiple vulnerabilities which can be to exploited to cause memory
  corruption, null pointer, privilege escalation, heap-based buffer overflow,
  local sandbox bypass, and input validation errors when processing specially
  crafted web pages.";

tag_solution = "Update to Adobe Air 1.5.2 or Adobe Flash Player 9.0.246.0 or 10.0.32.18
  http://get.adobe.com/air
  http://www.adobe.com/support/flashplayer/downloads.html";

tag_summary = "This host is installed with Adobe Flash Player/Air and is prone to
  multiple Denial of Service vulnerabilities.";

if(description)
{
  script_id(800853);
  script_version("$Revision: 8210 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-21 11:26:31 +0100 (Thu, 21 Dec 2017) $");
  script_tag(name:"creation_date", value:"2009-08-06 06:50:55 +0200 (Thu, 06 Aug 2009)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2009-1863", "CVE-2009-1864", "CVE-2009-1865", "CVE-2009-1866",
                "CVE-2009-1867", "CVE-2009-1868", "CVE-2009-1869", "CVE-2009-1870");
  script_bugtraq_id(35900, 35904, 35906, 35901, 35905, 35902, 35907, 35908);
  script_name("Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Windows)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/35948/");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2009/2086");
  script_xref(name : "URL" , value : "http://www.adobe.com/support/security/bulletins/apsb09-10.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Denial of Service");
  script_dependencies("gb_adobe_flash_player_detect_win.nasl");
  script_mandatory_keys("Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

CPE = "cpe:/a:adobe:flash_player";
if(playerVer = get_app_version(cpe:CPE, nofork:TRUE))
{
  # Grep for version < 9.0.246.0 or 10.x < 10.0.32.18
  if(version_is_less(version:playerVer, test_version:"9.0.246.0") ||
     version_in_range(version:playerVer, test_version:"10.0",
                                        test_version2:"10.0.32.17"))
  {
    security_message(0);
    exit(0);
  }
}

CPE = "cpe:/a:adobe:adobe_air";
if(airVer = get_app_version(cpe:CPE))
{
  # Grep for version < 1.5.2
  if(version_is_less(version:airVer, test_version:"1.5.2")){
    security_message(0);
  }
}

21 Dec 2017 00:00Current

0.7Low risk

Vulners AI Score0.7

EPSS0.21945