ID RH:CVE-2018-5000Type redhatcveReporter redhat.comModified 2020-08-20T20:49:50
Description
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.
{"id": "RH:CVE-2018-5000", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2018-5000", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.\n", "published": "2018-06-07T13:20:02", "modified": "2020-08-20T20:49:50", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/CVE-2018-5000", "reporter": "redhat.com", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1588502"], "cvelist": ["CVE-2018-5000", "CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-09-02T22:44:39", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5001"]}, {"type": "cve", "idList": ["CVE-2018-5000", "CVE-2018-5001"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5000", "UB:CVE-2018-5001"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "700434.PRM", "FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813602", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569"]}], "modified": "2021-09-02T22:44:39", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-09-02T22:44:39", "rev": 2}, "vulnersScore": 6.1}, "vendorCvss": {"score": "6.5", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}}
{"redhatcve": [{"id": "RH:CVE-2018-5001", "hash": "61a31cb4d5e1b7f12f3ca847c9b931cc", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2018-5001", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.\n", "published": "2019-10-11T15:56:27", "modified": "2020-08-20T20:49:50", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/CVE-2018-5001", "reporter": "redhat.com", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1588502"], "cvelist": ["CVE-2018-5000", "CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-09-03T01:42:32", "history": [{"bulletin": {"id": "RH:CVE-2018-5001", "hash": "7446e8681d9a01976cac5e6302f88d30", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2018-5001", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.\n", "published": "2019-10-11T15:56:27", "modified": "2020-08-20T20:49:50", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/security/cve/CVE-2018-5001", "reporter": "redhat.com", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5000", "CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-05-07T17:35:55", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813398", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11671"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "GENTOO_GLSA-201806-02.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569"]}], "modified": "2021-05-07T17:35:55", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-05-07T17:35:55", "rev": 2}}, "objectVersion": "1.5", "vendorCvss": {}}, "lastseen": "2021-05-07T17:35:55", "differentElements": ["references"], "edition": 1}, {"bulletin": {"id": "RH:CVE-2018-5001", "hash": "a17238f245b33b68f523900f21935945", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2018-5001", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.\n", "published": "2019-10-11T15:56:27", "modified": "2020-08-20T20:49:50", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/security/cve/CVE-2018-5001", "reporter": "redhat.com", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1588502"], "cvelist": ["CVE-2018-5000", "CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-05-19T23:35:56", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5000", "CVE-2018-5001"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-5000"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11671"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "zdi", "idList": ["ZDI-18-569", "ZDI-18-568"]}], "modified": "2021-05-19T23:35:56", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-05-19T23:35:56", "rev": 2}}, "objectVersion": "1.5", "vendorCvss": {}}, "lastseen": "2021-05-19T23:35:56", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "RH:CVE-2018-5001", "hash": "59df4a76f1b035c1c3c4df26360f5f6d", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2018-5001", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.\n", "published": "2019-10-11T15:56:27", "modified": "2020-08-20T20:49:50", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/CVE-2018-5001", "reporter": "redhat.com", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1588502"], "cvelist": ["CVE-2018-5000", "CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-07-29T04:43:35", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "700434.PRM"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569"]}], "modified": "2021-07-29T04:43:35", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-07-29T04:43:35", "rev": 2}}, "objectVersion": "1.6", "vendorCvss": {}}, "lastseen": "2021-07-29T04:43:35", "differentElements": ["vendorCvss"], "edition": 3}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-5000"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0539", "CPAI-2018-0538"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "zdi", "idList": ["ZDI-18-569", "ZDI-18-568"]}], "modified": "2021-09-03T01:42:32", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-09-03T01:42:32", "rev": 2}}, "objectVersion": "1.6", "vendorCvss": {"score": "6.5", "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}, "_object_type": "robots.models.redhatcve.RedhatCVEBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhatcve.RedhatCVEBulletin"]}], "cve": [{"id": "CVE-2018-5001", "bulletinFamily": "NVD", "title": "CVE-2018-5001", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.", "published": "2018-07-09T19:29:00", "modified": "2019-03-07T20:16:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5001", "reporter": "psirt@adobe.com", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "cvelist": ["CVE-2018-5001"], "type": "cve", "lastseen": "2021-04-23T00:24:28", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-5001"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:29:05", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["ZDI-18-568"], "type": "zdi"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-09-21T14:29:05", "rev": 2, "value": 5.8, "vector": "NONE"}}, "hash": "18c5c007065cc4ecc765ebf064eebb2f4f51db408c4c868f8a661ea4a9ded771", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "e9d4d08efe09261c71115e15b661e2e7", "key": "affectedSoftware"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "738a0538a62588bcd00a8070b7004b7c", "key": "title"}, {"hash": "bad7e8048765970723793e333814ea2a", "key": "description"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "a179a7df23b2965ec5f3698063cb5874", "key": "href"}, {"hash": "2f3fd3d1e54a97420dcd34f296586707", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5001", "id": "CVE-2018-5001", "lastseen": "2020-09-21T14:29:05", "modified": "2019-03-07T20:16:00", "objectVersion": "1.3", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5001", "type": "cve", "viewCount": 4}, "differentElements": ["affectedConfiguration", "cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:29:05"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-5001"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:23", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["ZDI-18-568"], "type": "zdi"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-10-03T13:20:23", "rev": 2, "value": 5.8, "vector": "NONE"}}, "hash": "7a47fbe1b91c80cae8f935139097dfb15937b3e71b1d44aef59c80f4afe1b28d", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "e9d4d08efe09261c71115e15b661e2e7", "key": "affectedSoftware"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "38c7f44334bcbb03b89417fc943b3930", "key": "affectedConfiguration"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "7bee7237322cbb5cce707a4d7709d764", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "738a0538a62588bcd00a8070b7004b7c", "key": "title"}, {"hash": "bad7e8048765970723793e333814ea2a", "key": "description"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "a179a7df23b2965ec5f3698063cb5874", "key": "href"}, {"hash": "2f3fd3d1e54a97420dcd34f296586707", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5001", "id": "CVE-2018-5001", "lastseen": "2020-10-03T13:20:23", "modified": "2019-03-07T20:16:00", "objectVersion": "1.3", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5001", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T13:20:23"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-5001"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:39", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MS:ADV180014"], "type": "mscve"}, {"idList": ["ZDI-18-568"], "type": "zdi"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-02-02T06:52:39", "rev": 2, "value": 5.8, "vector": "NONE"}}, "extraReferences": [{"name": "104413", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104413"}, {"name": "GLSA-201806-02", "refsource": "GENTOO", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201806-02"}, {"name": "1041058", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041058"}, {"name": "RHSA-2018:1827", "refsource": "REDHAT", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1827"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"}], "hash": "e40f41c508b834fd370437f1bc99692b1de2e6b5f238dd8f2b9044645effd238", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "e9d4d08efe09261c71115e15b661e2e7", "key": "affectedSoftware"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "38c7f44334bcbb03b89417fc943b3930", "key": "affectedConfiguration"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "7bee7237322cbb5cce707a4d7709d764", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "738a0538a62588bcd00a8070b7004b7c", "key": "title"}, {"hash": "bad7e8048765970723793e333814ea2a", "key": "description"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a31a2897c6cc3aa8c817f23184b77111", "key": "extraReferences"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "a179a7df23b2965ec5f3698063cb5874", "key": "href"}, {"hash": "2f3fd3d1e54a97420dcd34f296586707", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5001", "id": "CVE-2018-5001", "immutableFields": [], "lastseen": "2021-02-02T06:52:39", "modified": "2019-03-07T20:16:00", "objectVersion": "1.5", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5001", "type": "cve", "viewCount": 6}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:52:39"}, {"bulletin": {"affectedSoftware": [{"name": "redhat enterprise_linux_workstation", "operator": "eq", "version": "6.0"}, {"name": "redhat enterprise_linux_server", "operator": "eq", "version": "6.0"}, {"name": "adobe flash_player_desktop_runtime", "operator": "le", "version": "29.0.0.171"}, {"name": "adobe flash_player", "operator": "le", "version": "29.0.0.171"}, {"name": "redhat enterprise_linux_desktop", "operator": "eq", "version": "6.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:redhat:enterprise_linux_desktop:6.0", "cpe:/a:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-5001"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:20:09", "references": [{"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["ZDI-18-568"], "type": "zdi"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2019-05-29T18:20:09", "rev": 2, "value": 5.8, "vector": "NONE"}}, "hash": "352d6fc313acabe64a68c16c904d958f75abe7f5ea2ff948d1039823edcc29d8", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "738a0538a62588bcd00a8070b7004b7c", "key": "title"}, {"hash": "bad7e8048765970723793e333814ea2a", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "03fc9867a2d963eba0889b3143a75e45", "key": "affectedSoftware"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "babbd5b7cfc22cb125f5b2cb29d63d94", "key": "cpe"}, {"hash": "a179a7df23b2965ec5f3698063cb5874", "key": "href"}, {"hash": "2f3fd3d1e54a97420dcd34f296586707", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "0aa7c219fb86c6f8b13e31b1169abb89", "key": "cpe23"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5001", "id": "CVE-2018-5001", "lastseen": "2019-05-29T18:20:09", "modified": "2019-03-07T20:16:00", "objectVersion": "1.3", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5001", "type": "cve", "viewCount": 4}, "differentElements": ["cpe23", "cpe", "affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:20:09"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-5001"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:25:44", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["ZDI-18-568"], "type": "zdi"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-12-09T20:25:44", "rev": 2, "value": 5.8, "vector": "NONE"}}, "extraReferences": [], "hash": "9ceb22ff8b5f158cf38e0f3055563408c7fe84d2c252de073fe111f50bb4c63c", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "e9d4d08efe09261c71115e15b661e2e7", "key": "affectedSoftware"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "38c7f44334bcbb03b89417fc943b3930", "key": "affectedConfiguration"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "7bee7237322cbb5cce707a4d7709d764", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "738a0538a62588bcd00a8070b7004b7c", "key": "title"}, {"hash": "bad7e8048765970723793e333814ea2a", "key": "description"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "a179a7df23b2965ec5f3698063cb5874", "key": "href"}, {"hash": "2f3fd3d1e54a97420dcd34f296586707", "key": "cvelist"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5001", "id": "CVE-2018-5001", "lastseen": "2020-12-09T20:25:44", "modified": "2019-03-07T20:16:00", "objectVersion": "1.3", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5001", "type": "cve", "viewCount": 5}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:25:44"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "38c7f44334bcbb03b89417fc943b3930"}, {"key": "affectedSoftware", "hash": "e9d4d08efe09261c71115e15b661e2e7"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "a853cf097d777544c7eaf6d63926fdc8"}, {"key": "cpe23", "hash": "d91765ec8001ef75838b697df3a54347"}, {"key": "cpeConfiguration", "hash": "0d8d5dfb0e3ebeadc883926db849ff40"}, {"key": "cvelist", "hash": "2f3fd3d1e54a97420dcd34f296586707"}, {"key": "cvss", "hash": "876f47c4ebc2b9e0dd17afaa22819f2a"}, {"key": "cvss2", "hash": "434669adc8d0504de64471dd6747c2c7"}, {"key": "cvss3", "hash": "ee9d0e6c2a04df98abb33e275ee4bd25"}, {"key": "cwe", "hash": "af763a464055c05fadc96ca4f517bea9"}, {"key": "description", "hash": "bad7e8048765970723793e333814ea2a"}, {"key": "extraReferences", "hash": "a31a2897c6cc3aa8c817f23184b77111"}, {"key": "href", "hash": "a179a7df23b2965ec5f3698063cb5874"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "30c9f775c91eff209faba3ad697df594"}, {"key": "published", "hash": "49893aecb810f425403a437dbe7ad2c9"}, {"key": "references", "hash": "da201d47f43bd89b7dc37eecedee5181"}, {"key": "reporter", "hash": "53b78e209c51734803de6c6af03bcf73"}, {"key": "title", "hash": "738a0538a62588bcd00a8070b7004b7c"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "fdb48588850d20e6aa6fae795b54e24b10190d00c8aefdfef270a60c6adc6671", "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2018-5001"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "zdi", "idList": ["ZDI-18-568"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "700434.PRM"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-04-23T00:24:28", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-04-23T00:24:28", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cwe": ["CWE-125"], "scheme": null, "affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe_name": [], "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe_name": [], "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "cpe_name": [], "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "104413", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104413"}, {"name": "GLSA-201806-02", "refsource": "GENTOO", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201806-02"}, {"name": "1041058", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041058"}, {"name": "RHSA-2018:1827", "refsource": "REDHAT", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1827"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"}], "immutableFields": []}, {"id": "CVE-2018-5000", "bulletinFamily": "NVD", "title": "CVE-2018-5000", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.", "published": "2018-07-09T19:29:00", "modified": "2019-03-07T20:16:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5000", "reporter": "psirt@adobe.com", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "cvelist": ["CVE-2018-5000"], "type": "cve", "lastseen": "2021-04-23T00:24:28", "history": [{"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-5000"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:39", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["ZDI-18-569"], "type": "zdi"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MS:ADV180014"], "type": "mscve"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-02-02T06:52:39", "rev": 2, "value": 5.9, "vector": "NONE"}}, "extraReferences": [{"name": "104413", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104413"}, {"name": "GLSA-201806-02", "refsource": "GENTOO", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201806-02"}, {"name": "1041058", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041058"}, {"name": "RHSA-2018:1827", "refsource": "REDHAT", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1827"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"}], "hash": "661277d51786f8fb768d3881896f18a8a9f1c9cc01165e25d7af1419aa256251", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "e9d4d08efe09261c71115e15b661e2e7", "key": "affectedSoftware"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "38c7f44334bcbb03b89417fc943b3930", "key": "affectedConfiguration"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "b05274f5fa772675d06ec4ebc1a527aa", "key": "cvelist"}, {"hash": "093e200e8f9a4da5ac8be70095d98fb1", "key": "description"}, {"hash": "7bee7237322cbb5cce707a4d7709d764", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "be6f210d2c1656434081d867ec617dff", "key": "href"}, {"hash": "e24ce3f30cd12b2353b4ff94d9178068", "key": "title"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a31a2897c6cc3aa8c817f23184b77111", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5000", "id": "CVE-2018-5000", "immutableFields": [], "lastseen": "2021-02-02T06:52:39", "modified": "2019-03-07T20:16:00", "objectVersion": "1.5", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5000", "type": "cve", "viewCount": 5}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:52:39"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "*"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "*"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "*"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "*"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-5000"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:34:42", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["ZDI-18-569"], "type": "zdi"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-11-30T00:34:42", "rev": 2, "value": 5.9, "vector": "NONE"}}, "hash": "2edc4731cb5b049d9575364ef16e257c49c63d85dfbac9d22eb431212b05d0fa", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "38c7f44334bcbb03b89417fc943b3930", "key": "affectedConfiguration"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "b05274f5fa772675d06ec4ebc1a527aa", "key": "cvelist"}, {"hash": "093e200e8f9a4da5ac8be70095d98fb1", "key": "description"}, {"hash": "7bee7237322cbb5cce707a4d7709d764", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "be6f210d2c1656434081d867ec617dff", "key": "href"}, {"hash": "e24ce3f30cd12b2353b4ff94d9178068", "key": "title"}, {"hash": "6de8ca2fd8e8871e06c65aa6847aff4d", "key": "affectedSoftware"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5000", "id": "CVE-2018-5000", "lastseen": "2020-11-30T00:34:42", "modified": "2019-03-07T20:16:00", "objectVersion": "1.3", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5000", "type": "cve", "viewCount": 4}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:34:42"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-5000"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:25:44", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["ZDI-18-569"], "type": "zdi"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-12-09T20:25:44", "rev": 2, "value": 5.9, "vector": "NONE"}}, "extraReferences": [], "hash": "9947e28be3c7302568075714dc5b61489aaa584971bb197091fa459cda9db3c4", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "e9d4d08efe09261c71115e15b661e2e7", "key": "affectedSoftware"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "38c7f44334bcbb03b89417fc943b3930", "key": "affectedConfiguration"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "b05274f5fa772675d06ec4ebc1a527aa", "key": "cvelist"}, {"hash": "093e200e8f9a4da5ac8be70095d98fb1", "key": "description"}, {"hash": "7bee7237322cbb5cce707a4d7709d764", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "be6f210d2c1656434081d867ec617dff", "key": "href"}, {"hash": "e24ce3f30cd12b2353b4ff94d9178068", "key": "title"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5000", "id": "CVE-2018-5000", "lastseen": "2020-12-09T20:25:44", "modified": "2019-03-07T20:16:00", "objectVersion": "1.3", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5000", "type": "cve", "viewCount": 4}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:25:44"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-5000"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:23", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["ZDI-18-569"], "type": "zdi"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-10-03T13:20:23", "rev": 2, "value": 5.9, "vector": "NONE"}}, "hash": "5d0aa2e7aa769ab0f98a9b2108d89769f7d415b627e61b1c6ffed73176418c20", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "e9d4d08efe09261c71115e15b661e2e7", "key": "affectedSoftware"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "38c7f44334bcbb03b89417fc943b3930", "key": "affectedConfiguration"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "b05274f5fa772675d06ec4ebc1a527aa", "key": "cvelist"}, {"hash": "093e200e8f9a4da5ac8be70095d98fb1", "key": "description"}, {"hash": "7bee7237322cbb5cce707a4d7709d764", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "be6f210d2c1656434081d867ec617dff", "key": "href"}, {"hash": "e24ce3f30cd12b2353b4ff94d9178068", "key": "title"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5000", "id": "CVE-2018-5000", "lastseen": "2020-10-03T13:20:23", "modified": "2019-03-07T20:16:00", "objectVersion": "1.3", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5000", "type": "cve", "viewCount": 4}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T13:20:23"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-5000"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:29:05", "references": [{"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["ZDI-18-569"], "type": "zdi"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["KLA11671", "KLA11261"], "type": "kaspersky"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-09-21T14:29:05", "rev": 2, "value": 5.9, "vector": "NONE"}}, "hash": "34a146bbd5c2717ef4d2e4c7befd8a005da8698d6a0245789f61bf5ac94b1c1f", "hashmap": [{"hash": "434669adc8d0504de64471dd6747c2c7", "key": "cvss2"}, {"hash": "e9d4d08efe09261c71115e15b661e2e7", "key": "affectedSoftware"}, {"hash": "30c9f775c91eff209faba3ad697df594", "key": "modified"}, {"hash": "da201d47f43bd89b7dc37eecedee5181", "key": "references"}, {"hash": "ee9d0e6c2a04df98abb33e275ee4bd25", "key": "cvss3"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "b05274f5fa772675d06ec4ebc1a527aa", "key": "cvelist"}, {"hash": "093e200e8f9a4da5ac8be70095d98fb1", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "49893aecb810f425403a437dbe7ad2c9", "key": "published"}, {"hash": "be6f210d2c1656434081d867ec617dff", "key": "href"}, {"hash": "e24ce3f30cd12b2353b4ff94d9178068", "key": "title"}, {"hash": "d91765ec8001ef75838b697df3a54347", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "876f47c4ebc2b9e0dd17afaa22819f2a", "key": "cvss"}, {"hash": "a853cf097d777544c7eaf6d63926fdc8", "key": "cpe"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5000", "id": "CVE-2018-5000", "lastseen": "2020-09-21T14:29:05", "modified": "2019-03-07T20:16:00", "objectVersion": "1.3", "published": "2018-07-09T19:29:00", "references": ["http://www.securityfocus.com/bid/104413", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.securitytracker.com/id/1041058", "https://security.gentoo.org/glsa/201806-02", "https://access.redhat.com/errata/RHSA-2018:1827"], "reporter": "cve@mitre.org", "title": "CVE-2018-5000", "type": "cve", "viewCount": 3}, "differentElements": ["affectedConfiguration", "cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:29:05"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "38c7f44334bcbb03b89417fc943b3930"}, {"key": "affectedSoftware", "hash": "e9d4d08efe09261c71115e15b661e2e7"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "a853cf097d777544c7eaf6d63926fdc8"}, {"key": "cpe23", "hash": "d91765ec8001ef75838b697df3a54347"}, {"key": "cpeConfiguration", "hash": "0d8d5dfb0e3ebeadc883926db849ff40"}, {"key": "cvelist", "hash": "b05274f5fa772675d06ec4ebc1a527aa"}, {"key": "cvss", "hash": "876f47c4ebc2b9e0dd17afaa22819f2a"}, {"key": "cvss2", "hash": "434669adc8d0504de64471dd6747c2c7"}, {"key": "cvss3", "hash": "ee9d0e6c2a04df98abb33e275ee4bd25"}, {"key": "cwe", "hash": "2ae76161d39c17aef8ca38b9bfc8fde3"}, {"key": "description", "hash": "093e200e8f9a4da5ac8be70095d98fb1"}, {"key": "extraReferences", "hash": "a31a2897c6cc3aa8c817f23184b77111"}, {"key": "href", "hash": "be6f210d2c1656434081d867ec617dff"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "30c9f775c91eff209faba3ad697df594"}, {"key": "published", "hash": "49893aecb810f425403a437dbe7ad2c9"}, {"key": "references", "hash": "da201d47f43bd89b7dc37eecedee5181"}, {"key": "reporter", "hash": "53b78e209c51734803de6c6af03bcf73"}, {"key": "title", "hash": "e24ce3f30cd12b2353b4ff94d9178068"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f75c8082c43784bf4b9f2491b029636946fbb5aecb641921399215dc813af2e3", "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2018-5000"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "zdi", "idList": ["ZDI-18-569"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "700434.PRM"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-04-23T00:24:28", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-04-23T00:24:28", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "6.0"}, {"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "29.0.0.171"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "6.0"}, {"cpeName": "adobe:flash_player_desktop_runtime", "name": "adobe flash player desktop runtime", "operator": "le", "version": "29.0.0.171"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*"], "cwe": ["CWE-190"], "scheme": null, "affectedConfiguration": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}, {"cpeName": "google:chrome_os", "name": "google chrome os", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe_name": [], "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*", "cpe_name": [], "versionEndIncluding": "29.0.0.171", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "cpe_name": [], "versionEndIncluding": "29.0.0.171", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "104413", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104413"}, {"name": "GLSA-201806-02", "refsource": "GENTOO", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201806-02"}, {"name": "1041058", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041058"}, {"name": "RHSA-2018:1827", "refsource": "REDHAT", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:1827"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"}], "immutableFields": []}], "ubuntucve": [{"id": "UB:CVE-2018-5001", "vendorId": null, "hash": "df19b42b8e15c993018599f8fe72176e", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-5001", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds\nread vulnerability. Successful exploitation could lead to information\ndisclosure.", "published": "2018-07-09T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2018-5001", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "https://rhn.redhat.com/errata/RHSA-2018-1827.html", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-5001", "https://launchpad.net/bugs/cve/CVE-2018-5001", "https://security-tracker.debian.org/tracker/CVE-2018-5001"], "cvelist": ["CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-11-22T21:35:39", "history": [{"bulletin": {"id": "UB:CVE-2018-5001", "vendorId": null, "hash": "1ace5d23d1bbb2bca3d70061f2183779", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-5001", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds\nread vulnerability. Successful exploitation could lead to information\ndisclosure.", "published": "2018-07-09T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2018-5001", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "https://rhn.redhat.com/errata/RHSA-2018-1827.html", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-5001", "https://launchpad.net/bugs/cve/CVE-2018-5001", "https://security-tracker.debian.org/tracker/CVE-2018-5001"], "cvelist": ["CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-06-30T22:10:45", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5001"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5001", "RH:CVE-2018-5000"]}, {"type": "zdi", "idList": ["ZDI-18-568"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11671"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-06-30T22:10:45", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-06-30T22:10:45", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20180607.1-0ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [30.0.0.113ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}], "bugs": []}, "lastseen": "2021-06-30T22:10:45", "differentElements": ["cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "UB:CVE-2018-5001", "vendorId": null, "hash": "d792ebeb750e6258d39eb473bb97d189", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-5001", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds\nread vulnerability. Successful exploitation could lead to information\ndisclosure.", "published": "2018-07-09T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2018-5001", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "https://rhn.redhat.com/errata/RHSA-2018-1827.html", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-5001", "https://launchpad.net/bugs/cve/CVE-2018-5001", "https://security-tracker.debian.org/tracker/CVE-2018-5001"], "cvelist": ["CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-07-30T22:47:06", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5001"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0539"]}, {"type": "zdi", "idList": ["ZDI-18-568"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-07-30T22:47:06", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-07-30T22:47:06", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20180607.1-0ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [30.0.0.113ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}], "bugs": []}, "lastseen": "2021-07-30T22:47:06", "differentElements": ["affectedPackage"], "edition": 2}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5001"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0539"]}, {"type": "zdi", "idList": ["ZDI-18-568"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813602", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-11-22T21:35:39", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-11-22T21:35:39", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20180607.1-0ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [30.0.0.113ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "flashplugin-nonfree"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}, {"id": "UB:CVE-2018-5000", "vendorId": null, "hash": "efddae8249e37352e4cd625fbc34e766", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-5000", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow\nvulnerability. Successful exploitation could lead to information\ndisclosure.", "published": "2018-07-09T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2018-5000", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "https://rhn.redhat.com/errata/RHSA-2018-1827.html", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-5000", "https://launchpad.net/bugs/cve/CVE-2018-5000", "https://security-tracker.debian.org/tracker/CVE-2018-5000"], "cvelist": ["CVE-2018-5000"], "immutableFields": [], "lastseen": "2021-11-22T21:35:39", "history": [{"bulletin": {"id": "UB:CVE-2018-5000", "vendorId": null, "hash": "c5f2cc637a530cb2dc27c074b7486966", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-5000", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow\nvulnerability. Successful exploitation could lead to information\ndisclosure.", "published": "2018-07-09T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2018-5000", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "https://rhn.redhat.com/errata/RHSA-2018-1827.html", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-5000", "https://launchpad.net/bugs/cve/CVE-2018-5000", "https://security-tracker.debian.org/tracker/CVE-2018-5000"], "cvelist": ["CVE-2018-5000"], "immutableFields": [], "lastseen": "2021-06-30T22:10:45", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5000"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5001", "RH:CVE-2018-5000"]}, {"type": "zdi", "idList": ["ZDI-18-569"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11671"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-06-30T22:10:45", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-06-30T22:10:45", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20180607.1-0ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [30.0.0.113ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}], "bugs": []}, "lastseen": "2021-06-30T22:10:45", "differentElements": ["cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "UB:CVE-2018-5000", "vendorId": null, "hash": "3b0c93f6ac1145e384266e30955e46d8", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-5000", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow\nvulnerability. Successful exploitation could lead to information\ndisclosure.", "published": "2018-07-09T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2018-5000", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "https://rhn.redhat.com/errata/RHSA-2018-1827.html", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-5000", "https://launchpad.net/bugs/cve/CVE-2018-5000", "https://security-tracker.debian.org/tracker/CVE-2018-5000"], "cvelist": ["CVE-2018-5000"], "immutableFields": [], "lastseen": "2021-07-30T22:47:04", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5000"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "zdi", "idList": ["ZDI-18-569"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "700434.PRM"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-07-30T22:47:04", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-07-30T22:47:04", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20180607.1-0ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [30.0.0.113ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}], "bugs": []}, "lastseen": "2021-07-30T22:47:04", "differentElements": ["affectedPackage"], "edition": 2}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5000"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0538"]}, {"type": "zdi", "idList": ["ZDI-18-569"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813602", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-11-22T21:35:39", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-11-22T21:35:39", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20180607.1-0ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [30.0.0.113ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "flashplugin-nonfree"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "checkpoint_advisories": [{"id": "CPAI-2018-0539", "vendorId": null, "hash": "aed58bc4d23d847b993479cae581730d", "type": "checkpoint_advisories", "bulletinFamily": "info", "title": "Adobe Flash Player Out-of-bounds read (APSB18-19: CVE-2018-5001)", "description": "A out of bounds read vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information.", "published": "2018-06-12T00:00:00", "modified": "2018-06-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "", "reporter": "Check Point Advisories", "references": [], "cvelist": ["CVE-2018-5001"], "immutableFields": [], "lastseen": "2021-11-01T23:23:46", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2018-5001"]}, {"type": "cve", "idList": ["CVE-2018-5001"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "zdi", "idList": ["ZDI-18-568"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-11-01T23:23:46", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-11-01T23:23:46", "rev": 2}}, "objectVersion": "1.6", "severity": "High", "protected_by": ["Security Gateway R80", "Security Gateway R77", "Security Gateway R75"], "vulnerable_products": ["Adobe Flash Player Desktop Runtime for Windows 29.0.0.171", "Adobe Flash Player Desktop Runtime for Macintosh 29.0.0.171", "Adobe Flash Player Desktop Runtime for Linux 29.0.0.171", "Adobe Flash Player Google Chrome Plugin for Windows 29.0.0.171", "Adobe Flash Player Google Chrome Plugin for Macintosh 29.0.0.171", "Adobe Flash Player Google Chrome Plugin for Linux 29.0.0.171", "Adobe Flash Player Google Chrome Plugin for ChromeOS 29.0.0.171", "Adobe Flash Player Microsoft Edge and Internet Explorer 11 Plugin for Windows 10 and Windows 8.1 29.0.0.171"], "_object_type": "robots.models.checkpoint.CheckpointAdvisoryBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.checkpoint.CheckpointAdvisoryBulletin"]}, {"id": "CPAI-2018-0538", "vendorId": null, "hash": "ccb8d437ccf84ff237721481bd0f5245", "type": "checkpoint_advisories", "bulletinFamily": "info", "title": "Adobe Flash Player Integer Overflow (APSB18-19: CVE-2018-5000)", "description": "An integer overflow vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "published": "2018-06-12T00:00:00", "modified": "2018-06-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "", "reporter": "Check Point Advisories", "references": [], "cvelist": ["CVE-2018-5000"], "immutableFields": [], "lastseen": "2021-11-01T23:23:46", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5000"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "zdi", "idList": ["ZDI-18-569"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}], "modified": "2021-11-01T23:23:46", "rev": 2}, "score": {"value": 7.9, "vector": "NONE", "modified": "2021-11-01T23:23:46", "rev": 2}}, "objectVersion": "1.6", "severity": "High", "protected_by": ["Security Gateway R80", "Security Gateway R77", "Security Gateway R75"], "vulnerable_products": ["Adobe Flash Player Desktop Runtime for Windows 29.0.0.171", "Adobe Flash Player Desktop Runtime for Macintosh 29.0.0.171", "Adobe Flash Player Desktop Runtime for Linux 29.0.0.171", "Adobe Flash Player Google Chrome Plugin for Windows 29.0.0.171", "Adobe Flash Player Google Chrome Plugin for Macintosh 29.0.0.171", "Adobe Flash Player Google Chrome Plugin for Linux 29.0.0.171", "Adobe Flash Player Google Chrome Plugin for ChromeOS 29.0.0.171", "Adobe Flash Player Microsoft Edge and Internet Explorer 11 Plugin for Windows 10 and Windows 8.1 29.0.0.171"], "_object_type": "robots.models.checkpoint.CheckpointAdvisoryBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.checkpoint.CheckpointAdvisoryBulletin"]}], "thn": [{"id": "THN:A63890B8ADE3B23F098107F5CC398A2F", "type": "thn", "bulletinFamily": "info", "title": "Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit", "description": "[](<https://1.bp.blogspot.com/-k6QCPtxwTZE/WxlTMrG5lfI/AAAAAAAAw_k/bo_WNUgDaAkgJr1kVhgRZJyFc037GljMQCLcBGAs/s728-e100/flash-player-zero-day-exploit.png>)\n\nIf you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. \n \nAdobe has [released](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>) a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attacks against Windows users. \n\n\n \nIndependently discovered last week by several security firms\u2014including [ICEBRG](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack>), [Qihoo 360](<http://blogs.360.cn/blog/cve-2018-5002-en/>) and Tencent\u2014the Adobe Flash player zero-day attacks have primarily been targeting users in the Middle East using a specially crafted Excel spreadsheet. \n \n\n\n> \"The hackers carefully constructed an Office document that remotely loaded Flash vulnerability. When the document was opened, all the exploit code and malicious payload were delivered through remote servers,\" Qihoo 360 published vulnerability analysis in a blog post.\n\n \nThe stack-based buffer overflow vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player 29.0.0.171 and earlier versions on Windows, MacOS, and Linux, as well as Adobe Flash Player for Google Chrome, and can be exploited to achieve arbitrary code execution on targeted systems. \n\n\n[](<https://1.bp.blogspot.com/-x-GKe265Wi0/WxlUPkJ3oVI/AAAAAAAAw_s/M8FBkOiBGBEaQ_MjIDZU-vmOSLgqUdCzgCLcBGAs/s728-e100/flash-player-zero-day-vulnerability.png>)\n\nThe vulnerability resides in the interpreter code of the Flash Player that handles static-init methods, which fails to correctly handle the exceptions for try/catch statements. \n\n\n \n\n\n> \"Because Flash assumes that it is impossible to execute to the catch block when processing the try catch statement, it does not check the bytecode in the catch block,\" the researchers explain. \"The attacker uses the getlocal, setlocal instruction in the catch block to read and write arbitrary addresses on the stack.\"\n\n \nThe registration date for a web domain, mimicking a job search website in the Middle East, used as the command and control (C&C) server for zero-day attacks suggests that hackers have been making preparations for the attack since February. \n \nBesides the patch for CVE-2018-5002, Adobe also rolled out security updates for two \"important\" vulnerabilities\u2014including Integer Overflow bug (CVE-2018-5000) and an Out-of-bounds read issue (CVE-2018-5001)\u2014both of which lead to information disclosure. \n \nSo, users are highly recommended to immediately update their Adobe Flash Player to versions 30.0.0.113 via their update mechanism within the software or by visiting the Adobe Flash Player Download Center.\n", "published": "2018-06-07T15:51:00", "modified": "2018-06-07T16:53:39", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://thehackernews.com/2018/06/flash-player-zero-day-exploit.html", "reporter": "Mohit Kumar", "references": [], "cvelist": ["CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2018-06-07T16:58:44", "history": [], "viewCount": 88, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-06-07T16:58:44", "rev": 2}, "dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-5001"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-5002", "UB:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2018-06-07T16:58:44", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "threatpost": [{"id": "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "hash": "1a6bb4cb1613f03a1758838460bd8200", "type": "threatpost", "bulletinFamily": "info", "title": "Adobe Patches Critical Flash Player Bug With Active Exploit", "description": "Adobe has patched two critical and two important vulnerabilities in its Flash Player on Thursday, including one that is being exploited in the wild in targeted attacks against Windows users.\n\nThe critical vulnerability with an existing exploit ([CVE-2018-5002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002>)) is a stack-based buffer overflow bug that could enable arbitrary code execution, according to Adobe. The attacks are leveraging Office documents, according to Adobe.\n\n\u201cAdobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users,\u201d the company said in a [release](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>), Thursday. \u201cThese attacks leverage Office documents with embedded malicious Flash Player content distributed via email.\u201d\n\nMicrosoft did not respond to a request for comment from Threatpost by publication.\n\nAllan Liska, threat intelligence analyst at Recorded Future, told Threatpost the vuln is being currently exploited as part of several phishing campaigns.\n\n\u201cThe exploit takes advantage of a Flash file embedded in a Microsoft Office document, when the victim opens the Office Document the trojaned Flash code automatically runs and executes shell code which calls out to the attackers command and control servers,\u201d Liska told Threatpost.\n\nImpacted versions include Adobe Flash Player Desktop Runtime (29.0.0.171 and earlier versions) on Windows, MacOS and Linux; Adobe Flash Player for Google Chrome (29.0.0.171 and earlier versions) for Windows, macOS, Linux and Chrome OSl and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (29.0.0.171 and earlier versions) for Windows 10 and 8.1.\n\nThe updates for all platforms had a priority rating of two out of three, meaning there are no exploits; but the Adobe Flash Player Desktop Runtime platform for Linux was rated priority three out of three.\n\nAccording to Adobe\u2019s priority rating description, this priority rating means \u201cupdate resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.\u201d\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security.\n\nThe company issued a patch for another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution. The bug was discovered by Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager, working with Trend Micro\u2019s Zero Day Initiative.\n\nAdobe also issued patches for two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nAdobe recommended that all impacted versions update immediately to versions 30.0.0.113 via their update mechanism within the product or by visiting the Adobe Flash Player Download Center.\n\nMeanwhile, Adobe Flash Player with Google Chrome, Microsoft Edge, and IE 11 for Windows 10 and 8.1 \u201cwill be automatically downloaded to the latest version,\u201d the company said.\n\nAdobe has doled out its fair share of patches over the past few months \u2013 just [weeks](<https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/>) ago the company posted patches for a slew of critical vulnerabilities, which have a higher risk of being exploited. Earlier in [May](<https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/>), Adobe released patches for five critical and important vulnerabilities spanning Creative Cloud, Adobe Flash Player and web conferencing software tool Adobe Connect.\n", "published": "2018-06-07T13:14:25", "modified": "2018-06-07T13:14:25", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "reporter": "Lindsey O'Donnell", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/", "https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2019-05-30T05:54:43", "history": [{"bulletin": {"id": "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "hash": "9dc55872a866a66cc9cc166c9e7e22ae", "type": "threatpost", "bulletinFamily": "info", "title": "Adobe Patches Critical Flash Player Bug With Active Exploit", "description": "Adobe has patched two critical and two important vulnerabilities in its Flash Player on Thursday, including one that is being exploited in the wild in targeted attacks against Windows users.\n\nThe critical vulnerability with an existing exploit ([CVE-2018-5002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002>)) is a stack-based buffer overflow bug that could enable arbitrary code execution, according to Adobe. The attacks are leveraging Office documents, according to Adobe.\n\n\u201cAdobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users,\u201d the company said in a [release](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>), Thursday. \u201cThese attacks leverage Office documents with embedded malicious Flash Player content distributed via email.\u201d\n\nMicrosoft did not respond to a request for comment from Threatpost by publication.\n\nAllan Liska, threat intelligence analyst at Recorded Future, told Threatpost the vuln is being currently exploited as part of several phishing campaigns.\n\n\u201cThe exploit takes advantage of a Flash file embedded in a Microsoft Office document, when the victim opens the Office Document the trojaned Flash code automatically runs and executes shell code which calls out to the attackers command and control servers,\u201d Liska told Threatpost.\n\nImpacted versions include Adobe Flash Player Desktop Runtime (29.0.0.171 and earlier versions) on Windows, MacOS and Linux; Adobe Flash Player for Google Chrome (29.0.0.171 and earlier versions) for Windows, macOS, Linux and Chrome OSl and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (29.0.0.171 and earlier versions) for Windows 10 and 8.1.\n\nThe updates for all platforms had a priority rating of two out of three, meaning there are no exploits; but the Adobe Flash Player Desktop Runtime platform for Linux was rated priority three out of three.\n\nAccording to Adobe\u2019s priority rating description, this priority rating means \u201cupdate resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.\u201d\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security.\n\nThe company issued a patch for another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution. The bug was discovered by Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager, working with Trend Micro\u2019s Zero Day Initiative.\n\nAdobe also issued patches for two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nAdobe recommended that all impacted versions update immediately to versions 30.0.0.113 via their update mechanism within the product or by visiting the Adobe Flash Player Download Center.\n\nMeanwhile, Adobe Flash Player with Google Chrome, Microsoft Edge, and IE 11 for Windows 10 and 8.1 \u201cwill be automatically downloaded to the latest version,\u201d the company said.\n\nAdobe has doled out its fair share of patches over the past few months \u2013 just [weeks](<https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/>) ago the company posted patches for a slew of critical vulnerabilities, which have a higher risk of being exploited. Earlier in [May](<https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/>), Adobe released patches for five critical and important vulnerabilities spanning Creative Cloud, Adobe Flash Player and web conferencing software tool Adobe Connect.\n", "published": "2018-06-07T09:14:25", "modified": "2018-06-07T18:40:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "reporter": "Lindsey O'Donnell", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/", "https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2018-10-06T22:52:17", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-10-06T22:52:17"}}, "objectVersion": "1.4"}, "lastseen": "2018-10-06T22:52:17", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "hash": "66122671a5754d5e05e72b172a7cae0b", "type": "threatpost", "bulletinFamily": "info", "title": "Adobe Patches Critical Flash Player Bug With Active Exploit", "description": "Adobe has patched two critical and two important vulnerabilities in its Flash Player on Thursday, including one that is being exploited in the wild in targeted attacks against Windows users.\n\nThe critical vulnerability with an existing exploit ([CVE-2018-5002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002>)) is a stack-based buffer overflow bug that could enable arbitrary code execution, according to Adobe. The attacks are leveraging Office documents, according to Adobe.\n\n\u201cAdobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users,\u201d the company said in a [release](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>), Thursday. \u201cThese attacks leverage Office documents with embedded malicious Flash Player content distributed via email.\u201d\n\nMicrosoft did not respond to a request for comment from Threatpost by publication.\n\nAllan Liska, threat intelligence analyst at Recorded Future, told Threatpost the vuln is being currently exploited as part of several phishing campaigns.\n\n\u201cThe exploit takes advantage of a Flash file embedded in a Microsoft Office document, when the victim opens the Office Document the trojaned Flash code automatically runs and executes shell code which calls out to the attackers command and control servers,\u201d Liska told Threatpost.\n\nImpacted versions include Adobe Flash Player Desktop Runtime (29.0.0.171 and earlier versions) on Windows, MacOS and Linux; Adobe Flash Player for Google Chrome (29.0.0.171 and earlier versions) for Windows, macOS, Linux and Chrome OSl and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (29.0.0.171 and earlier versions) for Windows 10 and 8.1.\n\nThe updates for all platforms had a priority rating of two out of three, meaning there are no exploits; but the Adobe Flash Player Desktop Runtime platform for Linux was rated priority three out of three.\n\nAccording to Adobe\u2019s priority rating description, this priority rating means \u201cupdate resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.\u201d\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security.\n\nThe company issued a patch for another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution. The bug was discovered by Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager, working with Trend Micro\u2019s Zero Day Initiative.\n\nAdobe also issued patches for two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nAdobe recommended that all impacted versions update immediately to versions 30.0.0.113 via their update mechanism within the product or by visiting the Adobe Flash Player Download Center.\n\nMeanwhile, Adobe Flash Player with Google Chrome, Microsoft Edge, and IE 11 for Windows 10 and 8.1 \u201cwill be automatically downloaded to the latest version,\u201d the company said.\n\nAdobe has doled out its fair share of patches over the past few months \u2013 just [weeks](<https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/>) ago the company posted patches for a slew of critical vulnerabilities, which have a higher risk of being exploited. Earlier in [May](<https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/>), Adobe released patches for five critical and important vulnerabilities spanning Creative Cloud, Adobe Flash Player and web conferencing software tool Adobe Connect.\n", "published": "2018-06-07T09:14:25", "modified": "2018-06-07T09:14:25", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "reporter": "Lindsey O'Donnell", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/", "https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2019-01-23T05:26:53", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2019-01-23T05:26:53"}, "dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813601"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-01-23T05:26:53"}}, "objectVersion": "1.4"}, "lastseen": "2019-01-23T05:26:53", "differentElements": ["modified", "published"], "edition": 2}, {"bulletin": {"id": "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "hash": "ed9aafd0564beb08b8f5720e84b6ba64", "type": "threatpost", "bulletinFamily": "info", "title": "Adobe Patches Critical Flash Player Bug With Active Exploit", "description": "Adobe has patched two critical and two important vulnerabilities in its Flash Player on Thursday, including one that is being exploited in the wild in targeted attacks against Windows users.\n\nThe critical vulnerability with an existing exploit ([CVE-2018-5002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002>)) is a stack-based buffer overflow bug that could enable arbitrary code execution, according to Adobe. The attacks are leveraging Office documents, according to Adobe.\n\n\u201cAdobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users,\u201d the company said in a [release](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>), Thursday. \u201cThese attacks leverage Office documents with embedded malicious Flash Player content distributed via email.\u201d\n\nMicrosoft did not respond to a request for comment from Threatpost by publication.\n\nAllan Liska, threat intelligence analyst at Recorded Future, told Threatpost the vuln is being currently exploited as part of several phishing campaigns.\n\n\u201cThe exploit takes advantage of a Flash file embedded in a Microsoft Office document, when the victim opens the Office Document the trojaned Flash code automatically runs and executes shell code which calls out to the attackers command and control servers,\u201d Liska told Threatpost.\n\nImpacted versions include Adobe Flash Player Desktop Runtime (29.0.0.171 and earlier versions) on Windows, MacOS and Linux; Adobe Flash Player for Google Chrome (29.0.0.171 and earlier versions) for Windows, macOS, Linux and Chrome OSl and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (29.0.0.171 and earlier versions) for Windows 10 and 8.1.\n\nThe updates for all platforms had a priority rating of two out of three, meaning there are no exploits; but the Adobe Flash Player Desktop Runtime platform for Linux was rated priority three out of three.\n\nAccording to Adobe\u2019s priority rating description, this priority rating means \u201cupdate resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.\u201d\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security.\n\nThe company issued a patch for another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution. The bug was discovered by Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager, working with Trend Micro\u2019s Zero Day Initiative.\n\nAdobe also issued patches for two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nAdobe recommended that all impacted versions update immediately to versions 30.0.0.113 via their update mechanism within the product or by visiting the Adobe Flash Player Download Center.\n\nMeanwhile, Adobe Flash Player with Google Chrome, Microsoft Edge, and IE 11 for Windows 10 and 8.1 \u201cwill be automatically downloaded to the latest version,\u201d the company said.\n\nAdobe has doled out its fair share of patches over the past few months \u2013 just [weeks](<https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/>) ago the company posted patches for a slew of critical vulnerabilities, which have a higher risk of being exploited. Earlier in [May](<https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/>), Adobe released patches for five critical and important vulnerabilities spanning Creative Cloud, Adobe Flash Player and web conferencing software tool Adobe Connect.\n", "published": "2018-06-07T13:14:25", "modified": "2018-06-07T13:14:25", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "reporter": "Lindsey O'Donnell", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/", "https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2019-04-25T05:49:23", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2019-04-25T05:49:23"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "GENTOO_GLSA-201806-02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813400", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813397"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201890504"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-04-25T05:49:23"}}, "objectVersion": "1.4"}, "lastseen": "2019-04-25T05:49:23", "differentElements": ["cvss"], "edition": 3}], "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2019-05-30T05:54:43", "rev": 2}, "dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-4945", "RH:CVE-2018-5002", "RH:CVE-2018-5001"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "700434.PRM"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5002", "UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000", "CVE-2018-5002", "CVE-2018-4945"]}, {"type": "threatpost", "idList": ["THREATPOST:42326E6F7A9646FBA40DDA354883F4B6", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:536287397C84CCF3AFA0F12633A5F82A", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201890504", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-05-30T05:54:43", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.threatpost.ThreatpostBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "hash": "c633864666ebd1239371f0d48b42075d", "type": "threatpost", "bulletinFamily": "info", "title": "Zero-Day Flash Exploit Targeting Middle East", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "published": "2018-06-07T20:05:52", "modified": "2018-06-07T20:05:52", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "http://blogs.360.cn/blog/cve-2018-5002-en/", "https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png", "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014"], "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2019-05-30T05:52:38", "history": [{"bulletin": {"id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "hash": "8d61b63fa32b2f97aba22efb8aaa15fc", "type": "threatpost", "bulletinFamily": "info", "title": "Zero-Day Flash Exploit Targeting Middle East", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "published": "2018-06-07T16:05:52", "modified": "2018-06-08T14:55:36", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "http://blogs.360.cn/blog/cve-2018-5002-en/", "https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png", "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014"], "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2018-10-06T22:52:15", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-10-06T22:52:15"}}, "objectVersion": "1.4"}, "lastseen": "2018-10-06T22:52:15", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "hash": "aa54448892025f1c3ce6a6f74331d28f", "type": "threatpost", "bulletinFamily": "info", "title": "Zero-Day Flash Exploit Targeting Middle East", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "published": "2018-06-07T16:05:52", "modified": "2018-06-07T16:05:52", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "http://blogs.360.cn/blog/cve-2018-5002-en/", "https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png", "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014"], "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2019-01-23T05:26:51", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2019-01-23T05:26:51"}, "dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "FLASH_PLAYER_APSA18-01.NASL", "SMB_NT_MS18_FEB_4074595.NASL", "REDHAT-RHSA-2018-0285.NASL", "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5001", "CVE-2018-4878", "CVE-2018-5002", "CVE-2018-5000"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310812688", "OPENVAS:1361412562310812687", "OPENVAS:1361412562310812689"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11191"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:BC14FD8D22AC2C22C164C5B8B0E36C05", "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2", "THREATPOST:EA5D6454E04EAFE2D10FDC5BD6D23F81", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A", "756A8631-0B84-11E8-A986-6451062F0F7A"]}, {"type": "gentoo", "idList": ["GLSA-201806-02", "GLSA-201803-08"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21", "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465", "TRENDMICROBLOG:08ADD009C78AC2B7B49C47D2673AD447"]}, {"type": "redhat", "idList": ["RHSA-2018:1827", "RHSA-2018:0285"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F", "THN:3BC4F7FE3170D82B2C8328638552D1D3"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "symantec", "idList": ["SMNTC-102893"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45", "FIREEYE:622FA05F62A3EDD3379557F635579EFB"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201889929", "MYHACK58:62201891130"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9", "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "MALWAREBYTES:F79B9F46F986F9BDA455EEBF8E2CA464", "MALWAREBYTES:C982F670DC06D05621493C9E9A1E0E14", "MALWAREBYTES:06D9BFC6DC339FACFCE028EB1C5A79EF", "MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16", "MALWAREBYTES:1EF2E06811A91F2948F835D21FF698ED", "MALWAREBYTES:CCB1B1B23474798BB372D709A6E97F86"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A", "KREBS:E2D2D085D282D0D49FB14A33098B68DE"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "exploitdb", "idList": ["EDB-ID:44744", "EDB-ID:44745", "EDB-ID:44412"]}, {"type": "zdt", "idList": ["1337DAY-ID-30119", "1337DAY-ID-30431", "1337DAY-ID-30432"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59"]}, {"type": "securelist", "idList": ["SECURELIST:F05B277B9FBC7AA810A2092CB58DEF37", "SECURELIST:1670EF82924C5F24DC777CBD3BA4AE5E", "SECURELIST:D7795824A5A02E1E45E51294D78CEBC2", "SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-01-23T05:26:51"}}, "objectVersion": "1.4"}, "lastseen": "2019-01-23T05:26:51", "differentElements": ["cvelist"], "edition": 2}, {"bulletin": {"id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "hash": "b8af8ef05f851c2aa21f52acae25703c", "type": "threatpost", "bulletinFamily": "info", "title": "Zero-Day Flash Exploit Targeting Middle East", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "published": "2018-06-07T16:05:52", "modified": "2018-06-07T16:05:52", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "http://blogs.360.cn/blog/cve-2018-5002-en/", "https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png", "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014"], "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002", "CVE-2019-0797"], "lastseen": "2019-03-14T05:45:43", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2019-03-14T05:45:43"}, "dependencies": {"references": [{"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "MACOSX_FLASH_PLAYER_APSA18-01.NASL", "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL", "REDHAT-RHSA-2018-0285.NASL", "SMB_NT_MS18_FEB_4074595.NASL"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5002", "CVE-2018-4878", "CVE-2018-5000"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310812689", "OPENVAS:1361412562310812688", "OPENVAS:1361412562310812687"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11191"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:0D74E486EA54CA7069F526DD451B9623", "THREATPOST:462CE0294C12CF76E6C20033D649386B", "THREATPOST:850F2CBD612F9EB55EA0436DFB14BD17", "THREATPOST:391E1102E41E44DB87A819293AD5B7DF", "THREATPOST:DA2C509F9C39B8DFF2FB012763582C5B", "THREATPOST:0F5D85A9929B493280A252C525CAAC8B", "THREATPOST:714516EBF933F12F4F97F63F4ABC6C9C"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A", "756A8631-0B84-11E8-A986-6451062F0F7A"]}, {"type": "redhat", "idList": ["RHSA-2018:1827", "RHSA-2018:0285"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21", "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F", "THN:3BC4F7FE3170D82B2C8328638552D1D3"]}, {"type": "symantec", "idList": ["SMNTC-107330", "SMNTC-102893"]}, {"type": "securelist", "idList": ["SECURELIST:63F08CF43123326EE123EADFF8681D0D"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201889929"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9", "MALWAREBYTES:1EF2E06811A91F2948F835D21FF698ED", "MALWAREBYTES:C982F670DC06D05621493C9E9A1E0E14", "MALWAREBYTES:F79B9F46F986F9BDA455EEBF8E2CA464", "MALWAREBYTES:06D9BFC6DC339FACFCE028EB1C5A79EF", "MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A", "KREBS:E2D2D085D282D0D49FB14A33098B68DE"]}, {"type": "exploitdb", "idList": ["EDB-ID:44745", "EDB-ID:44744", "EDB-ID:44412"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}, {"type": "zdt", "idList": ["1337DAY-ID-30119", "1337DAY-ID-30431", "1337DAY-ID-30432"]}], "modified": "2019-03-14T05:45:43"}}, "objectVersion": "1.4"}, "lastseen": "2019-03-14T05:45:43", "differentElements": ["cvelist"], "edition": 3}, {"bulletin": {"id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "hash": "aa54448892025f1c3ce6a6f74331d28f", "type": "threatpost", "bulletinFamily": "info", "title": "Zero-Day Flash Exploit Targeting Middle East", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "published": "2018-06-07T16:05:52", "modified": "2018-06-07T16:05:52", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "http://blogs.360.cn/blog/cve-2018-5002-en/", "https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png", "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014"], "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2019-04-12T05:53:16", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2019-04-12T05:53:16"}, "dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "FLASH_PLAYER_APSA18-01.NASL", "REDHAT-RHSA-2018-0285.NASL", "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL", "SMB_NT_MS18_FEB_4074595.NASL"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5002", "CVE-2018-4878", "CVE-2018-5000"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:BC14FD8D22AC2C22C164C5B8B0E36C05", "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:EA5D6454E04EAFE2D10FDC5BD6D23F81"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813396", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310812688", "OPENVAS:1361412562310812687", "OPENVAS:1361412562310812689"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A", "756A8631-0B84-11E8-A986-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11191"]}, {"type": "redhat", "idList": ["RHSA-2018:1827", "RHSA-2018:0285"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21", "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465", "TRENDMICROBLOG:08ADD009C78AC2B7B49C47D2673AD447"]}, {"type": "gentoo", "idList": ["GLSA-201806-02", "GLSA-201803-08"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F", "THN:3BC4F7FE3170D82B2C8328638552D1D3"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "symantec", "idList": ["SMNTC-102893"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45", "FIREEYE:622FA05F62A3EDD3379557F635579EFB"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201889929", "MYHACK58:62201891130"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9", "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "MALWAREBYTES:C982F670DC06D05621493C9E9A1E0E14", "MALWAREBYTES:F79B9F46F986F9BDA455EEBF8E2CA464", "MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16", "MALWAREBYTES:06D9BFC6DC339FACFCE028EB1C5A79EF", "MALWAREBYTES:1EF2E06811A91F2948F835D21FF698ED", "MALWAREBYTES:C8D6FFC9442802684305F89A89609938"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A", "KREBS:E2D2D085D282D0D49FB14A33098B68DE"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}, {"type": "exploitdb", "idList": ["EDB-ID:44744", "EDB-ID:44745", "EDB-ID:44412"]}, {"type": "zdt", "idList": ["1337DAY-ID-30431", "1337DAY-ID-30119", "1337DAY-ID-30432"]}, {"type": "securelist", "idList": ["SECURELIST:F05B277B9FBC7AA810A2092CB58DEF37", "SECURELIST:1670EF82924C5F24DC777CBD3BA4AE5E", "SECURELIST:D7795824A5A02E1E45E51294D78CEBC2", "SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59"]}], "modified": "2019-04-12T05:53:16"}}, "objectVersion": "1.4"}, "lastseen": "2019-04-12T05:53:16", "differentElements": ["cvelist"], "edition": 4}, {"bulletin": {"id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "hash": "95be0e52640121dfad81746cf60cb6ec", "type": "threatpost", "bulletinFamily": "info", "title": "Zero-Day Flash Exploit Targeting Middle East", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "published": "2018-06-07T16:05:52", "modified": "2018-06-07T16:05:52", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "http://blogs.360.cn/blog/cve-2018-5002-en/", "https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png", "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014"], "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002", "CVE-2019-0859"], "lastseen": "2019-04-17T05:52:17", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2019-04-17T05:52:17"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5002", "CVE-2019-0859", "CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21", "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:1451675C10144AF042F06679237283F8", "THREATPOST:E8858FCC66DEB75F432991226745B7B0", "THREATPOST:391E1102E41E44DB87A819293AD5B7DF", "THREATPOST:F310570DF7FCA4E5A3676E31B94B2F23", "THREATPOST:1F1542DFDAE233AEE5892565F871C664", "THREATPOST:F4165AC9029442D0F2C297D9AD2388A4", "THREATPOST:ED0F389B9A5715F843AB1D838480F9F7", "THREATPOST:84440566AE41CFB83B497DEFB7F147C2"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F", "THN:3BC4F7FE3170D82B2C8328638552D1D3"]}, {"type": "symantec", "idList": ["SMNTC-107763", "SMNTC-102893"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E"]}, {"type": "securelist", "idList": ["SECURELIST:52185495AADEC0E6183185DE5799E6B5"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201890504", "MYHACK58:62201889929"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "exploitdb", "idList": ["EDB-ID:44412", "EDB-ID:44744", "EDB-ID:44745"]}, {"type": "zdt", "idList": ["1337DAY-ID-30431", "1337DAY-ID-30432", "1337DAY-ID-30119"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}, {"type": "krebs", "idList": ["KREBS:E2D2D085D282D0D49FB14A33098B68DE", "KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}], "modified": "2019-04-17T05:52:17"}}, "objectVersion": "1.4"}, "lastseen": "2019-04-17T05:52:17", "differentElements": ["cvelist"], "edition": 5}, {"bulletin": {"id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "hash": "aa54448892025f1c3ce6a6f74331d28f", "type": "threatpost", "bulletinFamily": "info", "title": "Zero-Day Flash Exploit Targeting Middle East", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "published": "2018-06-07T16:05:52", "modified": "2018-06-07T16:05:52", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "http://blogs.360.cn/blog/cve-2018-5002-en/", "https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png", "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014"], "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2019-04-23T05:50:04", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2019-04-23T05:50:04"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310812684", "OPENVAS:1361412562310812689", "OPENVAS:1361412562310812685"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FLASH_PLAYER_APSA18-01.NASL", "MACOSX_FLASH_PLAYER_APSA18-01.NASL", "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL", "REDHAT-RHSA-2018-0285.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827", "RHSA-2018:0285"]}, {"type": "gentoo", "idList": ["GLSA-201806-02", "GLSA-201803-08"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21", "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465", "TRENDMICROBLOG:08ADD009C78AC2B7B49C47D2673AD447"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:BC14FD8D22AC2C22C164C5B8B0E36C05", "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2", "THREATPOST:EA5D6454E04EAFE2D10FDC5BD6D23F81", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A", "756A8631-0B84-11E8-A986-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11191"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F", "THN:3BC4F7FE3170D82B2C8328638552D1D3"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45", "FIREEYE:622FA05F62A3EDD3379557F635579EFB"]}, {"type": "symantec", "idList": ["SMNTC-102893"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201890504", "MYHACK58:62201889929", "MYHACK58:62201891130"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9", "MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16", "MALWAREBYTES:C982F670DC06D05621493C9E9A1E0E14", "MALWAREBYTES:1EF2E06811A91F2948F835D21FF698ED", "MALWAREBYTES:06D9BFC6DC339FACFCE028EB1C5A79EF", "MALWAREBYTES:F79B9F46F986F9BDA455EEBF8E2CA464", "MALWAREBYTES:30BC856501B7BB42655FA3109FACCA26"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A", "KREBS:E2D2D085D282D0D49FB14A33098B68DE"]}, {"type": "exploitdb", "idList": ["EDB-ID:44412", "EDB-ID:44744", "EDB-ID:44745"]}, {"type": "zdt", "idList": ["1337DAY-ID-30431", "1337DAY-ID-30432", "1337DAY-ID-30119"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}, {"type": "securelist", "idList": ["SECURELIST:1670EF82924C5F24DC777CBD3BA4AE5E", "SECURELIST:F05B277B9FBC7AA810A2092CB58DEF37", "SECURELIST:D7795824A5A02E1E45E51294D78CEBC2", "SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59"]}], "modified": "2019-04-23T05:50:04"}}, "objectVersion": "1.4"}, "lastseen": "2019-04-23T05:50:04", "differentElements": ["modified", "published"], "edition": 6}, {"bulletin": {"id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "hash": "c1e020544bc2da8c5abb70a7e6e2c5c9", "type": "threatpost", "bulletinFamily": "info", "title": "Zero-Day Flash Exploit Targeting Middle East", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "published": "2018-06-07T20:05:52", "modified": "2018-06-07T20:05:52", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day", "http://blogs.360.cn/blog/cve-2018-5002-en/", "https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png", "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets", "https://nvd.nist.gov/vuln/detail/CVE-2018-4945", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014"], "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2019-04-25T05:49:22", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2019-04-25T05:49:22"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-4878", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FLASH_PLAYER_APSA18-01.NASL", "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSA18-01.NASL", "SMB_NT_MS18_FEB_4074595.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201806-02", "GLSA-201803-08"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813400", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310812689", "OPENVAS:1361412562310812684", "OPENVAS:1361412562310812685"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21", "TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465", "TRENDMICROBLOG:08ADD009C78AC2B7B49C47D2673AD447"]}, {"type": "redhat", "idList": ["RHSA-2018:1827", "RHSA-2018:0285"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A", "756A8631-0B84-11E8-A986-6451062F0F7A"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:BC14FD8D22AC2C22C164C5B8B0E36C05", "THREATPOST:E1C629434DE943EAA7BD57B1F6EEA7E2", "THREATPOST:EA5D6454E04EAFE2D10FDC5BD6D23F81", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11191"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F", "THN:3BC4F7FE3170D82B2C8328638552D1D3"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45", "FIREEYE:622FA05F62A3EDD3379557F635579EFB"]}, {"type": "symantec", "idList": ["SMNTC-102893"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201890504", "MYHACK58:62201889929", "MYHACK58:62201891130"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9", "MALWAREBYTES:C982F670DC06D05621493C9E9A1E0E14", "MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16", "MALWAREBYTES:1EF2E06811A91F2948F835D21FF698ED", "MALWAREBYTES:F79B9F46F986F9BDA455EEBF8E2CA464", "MALWAREBYTES:06D9BFC6DC339FACFCE028EB1C5A79EF", "MALWAREBYTES:CCB1B1B23474798BB372D709A6E97F86"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "zdt", "idList": ["1337DAY-ID-30432", "1337DAY-ID-30431", "1337DAY-ID-30119"]}, {"type": "krebs", "idList": ["KREBS:E2D2D085D282D0D49FB14A33098B68DE", "KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "exploitdb", "idList": ["EDB-ID:44412", "EDB-ID:44744", "EDB-ID:44745"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}, {"type": "securelist", "idList": ["SECURELIST:1670EF82924C5F24DC777CBD3BA4AE5E", "SECURELIST:F05B277B9FBC7AA810A2092CB58DEF37", "SECURELIST:D7795824A5A02E1E45E51294D78CEBC2", "SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:832B33D45F45271E91CA6542BC9CFD59"]}], "modified": "2019-04-25T05:49:22"}}, "objectVersion": "1.4"}, "lastseen": "2019-04-25T05:49:22", "differentElements": ["cvss"], "edition": 7}], "viewCount": 19, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2019-05-30T05:52:38", "rev": 2}, "dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5001", "RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4878", "RH:CVE-2018-4945", "RH:CVE-2018-4877"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310812686", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310812687", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310812688", "OPENVAS:1361412562310812684", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310812689", "OPENVAS:1361412562310813399"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:D07F262A5F92BE131EF59AA1DD863465", "TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "TRENDMICROBLOG:0B24CF652B6ADAB5E1BE333A26A02E21"]}, {"type": "threatpost", "idList": ["THREATPOST:BC14FD8D22AC2C22C164C5B8B0E36C05", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "adobe", "idList": ["APSA18-01", "APSB18-19", "APSB18-03"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_756A86310B8411E8A9866451062F0F7A.NASL", "700430.PRM", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSA18-01.NASL", "REDHAT-RHSA-2018-1827.NASL", "SMB_NT_MS18_FEB_4074595.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827", "RHSA-2018:0285"]}, {"type": "freebsd", "idList": ["756A8631-0B84-11E8-A986-6451062F0F7A", "2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11191", "KLA11261", "KLA11260"]}, {"type": "mscve", "idList": ["MS:ADV180014", "MS:ADV180004"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5002", "UB:CVE-2018-5000", "UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-4878"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000", "CVE-2018-4878", "CVE-2018-5002", "CVE-2018-4945"]}, {"type": "attackerkb", "idList": ["AKB:41DF47B0-8F5D-477F-9F42-AB76A33252AD"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F", "THN:3BC4F7FE3170D82B2C8328638552D1D3"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0535", "CPAI-2018-0052", "CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0538"]}, {"type": "symantec", "idList": ["SMNTC-102893"]}, {"type": "seebug", "idList": ["SSV:97136"]}, {"type": "fireeye", "idList": ["FIREEYE:0D4F2E1284C786ABA6A50D8BE7E34E6E", "FIREEYE:96525D6EA5DBF734A371FB66EB02FA45", "FIREEYE:2648D8DF405C49929956ACCF89B47ABF"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889929", "MYHACK58:62201891130", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:026284ECC22DB2D1F343F9B66686DEF9", "MALWAREBYTES:4232991FEE4DC3F0CD04D068FBB82A1C", "MALWAREBYTES:06D9BFC6DC339FACFCE028EB1C5A79EF", "MALWAREBYTES:F79B9F46F986F9BDA455EEBF8E2CA464", "MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23", "MALWAREBYTES:E0E596B13A84774F12BFB5962B091DCE", "MALWAREBYTES:1EF2E06811A91F2948F835D21FF698ED", "MALWAREBYTES:EA93E4D6EB6BD6A0F2388E0DF2AE2D16"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:E2D2D085D282D0D49FB14A33098B68DE", "KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "zdt", "idList": ["1337DAY-ID-30119", "1337DAY-ID-30431", "1337DAY-ID-30432"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D16BF29892ADBD1FE8B1E6E0A3DED407", "EXPLOITPACK:6891CF27FFF72B8EB68CEFB56D149FC3", "EXPLOITPACK:3AE76F8EB91746556D3EB11E9FF64F66"]}, {"type": "exploitdb", "idList": ["EDB-ID:44412", "EDB-ID:44744", "EDB-ID:44745"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147041"]}, {"type": "talosblog", "idList": ["TALOSBLOG:B69F0136CDE2A78382370469FF70F7DB"]}], "modified": "2019-05-30T05:52:38", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.threatpost.ThreatpostBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "openvas": [{"id": "OPENVAS:1361412562310813602", "hash": "f3f12ff453862e336ade9fe1da6c50cb", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2020-05-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813602", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2020-05-15T17:01:22", "history": [{"bulletin": {"id": "OPENVAS:1361412562310813602", "hash": "b2d33c0a75b32d292c38f6dab308e54feb44fa0e61884bb2f5ff3b6d29acde6f", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-04-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813602", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-29T18:33:42", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2019-05-29T18:33:42", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400"], "type": "openvas"}]}, "score": {"modified": "2019-05-29T18:33:42", "value": 7.6, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_internet_explorer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813602\");\n script_version(\"2019-04-26T09:28:56+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-26 09:28:56 +0000 (Fri, 26 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:38:35 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1803 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE)) {\n CPE = \"cpe:/a:adobe:flash_player_edge\";\n infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE);\n}\n\nflashVer = infos['version'];\nif(!flashVer)\n exit(0);\n\nflashPath = infos['location'];\n\nif(flashPath) {\n flashPath = flashPath + \"\\Flashplayerapp.exe\";\n} else {\n flashPath = \"Could not find the install location\";\n}\n\nif(version_is_less(version:flashVer, test_version:\"30.0.0.113\")) {\n report = report_fixed_ver(file_checked:flashPath, file_version:flashVer, vulnerable_range:\"Less than 30.0.0.113\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Windows : Microsoft Bulletins"}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2019-05-29T18:33:42"}, {"bulletin": {"id": "OPENVAS:1361412562310813602", "hash": "e5b03857f26bd733be69bad05b7a92def83172713dd1ad99b67b21be654e8a39", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813602", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-07-19T22:03:28", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"modified": "2019-07-19T22:03:28", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2019-07-19T22:03:28", "rev": 2, "value": 7.6, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_internet_explorer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813602\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:38:35 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1803 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE)) {\n CPE = \"cpe:/a:adobe:flash_player_edge\";\n infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE);\n}\n\nflashVer = infos['version'];\nif(!flashVer)\n exit(0);\n\nflashPath = infos['location'];\n\nif(flashPath) {\n flashPath = flashPath + \"\\Flashplayerapp.exe\";\n} else {\n flashPath = \"Could not find the install location\";\n}\n\nif(version_is_less(version:flashVer, test_version:\"30.0.0.113\")) {\n report = report_fixed_ver(file_checked:flashPath, file_version:flashVer, vulnerable_range:\"Less than 30.0.0.113\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Windows : Microsoft Bulletins"}, "differentElements": ["modified", "sourceData"], "edition": 6, "lastseen": "2019-07-19T22:03:28"}, {"bulletin": {"id": "OPENVAS:1361412562310813602", "hash": "17936ca57bf05edb5e07d9541c1d1ef9597168733329b8f05a4b8dd9bf2ee78e", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-04-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813602", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-04-29T16:27:24", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2019-04-29T16:27:24", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400"], "type": "openvas"}]}, "score": {"modified": "2019-04-29T16:27:24", "value": 6.1, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_internet_explorer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813602\");\n script_version(\"2019-04-26T09:28:56+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-04-26 09:28:56 +0000 (Fri, 26 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:38:35 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1803 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE)) {\n CPE = \"cpe:/a:adobe:flash_player_edge\";\n infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE);\n}\n\nflashVer = infos['version'];\nif(!flashVer)\n exit(0);\n\nflashPath = infos['location'];\n\nif(flashPath) {\n flashPath = flashPath + \"\\Flashplayerapp.exe\";\n} else {\n flashPath = \"Could not find the install location\";\n}\n\nif(version_is_less(version:flashVer, test_version:\"30.0.0.113\")) {\n report = report_fixed_ver(file_checked:flashPath, file_version:flashVer, vulnerable_range:\"Less than 30.0.0.113\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Windows : Microsoft Bulletins"}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2019-04-29T16:27:24"}, {"bulletin": {"id": "OPENVAS:1361412562310813602", "hash": "b97c01812f6206daa1c4467c88aee3d44f735e9781e3c6da5dcd58b661cba618", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813602", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-06-08T18:57:50", "history": [], "viewCount": 1, "enchantments": {"score": {"modified": "2018-06-08T18:57:50", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_flash_player_for_ie_edge_apsb18-19.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_internet_explorer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813602\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:38:35 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1803 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name: \"solution\", value:\"Run Windows update and update the\n listed hotfixes or download and update mentioned hotfixes in the advisory\n from the below link.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name : \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\n\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE))\n{\n CPE = \"cpe:/a:adobe:flash_player_edge\";\n infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE);\n}\n\nflashVer = infos['version'];\nif(!flashVer){\n exit(0);\n}\n\nflashPath = infos['location'];\n\nif(flashPath){\n flashPath = flashPath + \"\\Flashplayerapp.exe\";\n} else {\n flashPath = \"Could not find the install location\";\n}\n\nif(version_is_less(version:flashVer, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(file_checked:flashPath,\n file_version:flashVer, vulnerable_range:\"Less than 30.0.0.113\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "Windows : Microsoft Bulletins"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-06-08T18:57:50"}, {"bulletin": {"id": "OPENVAS:1361412562310813602", "hash": "9d5cd49837c6b9951788d3e78d540f7ff260e117dc44384305993bedde95a6c8", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813602", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-10-26T14:35:12", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2018-10-26T14:35:12", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400"], "type": "openvas"}]}, "score": {"modified": "2018-10-26T14:35:12", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_flash_player_for_ie_edge_apsb18-19.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_internet_explorer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813602\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:38:35 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1803 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"Run Windows update and update the\n listed hotfixes or download and update mentioned hotfixes in the advisory\n from the below link.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\n\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE))\n{\n CPE = \"cpe:/a:adobe:flash_player_edge\";\n infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE);\n}\n\nflashVer = infos['version'];\nif(!flashVer){\n exit(0);\n}\n\nflashPath = infos['location'];\n\nif(flashPath){\n flashPath = flashPath + \"\\Flashplayerapp.exe\";\n} else {\n flashPath = \"Could not find the install location\";\n}\n\nif(version_is_less(version:flashVer, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(file_checked:flashPath,\n file_version:flashVer, vulnerable_range:\"Less than 30.0.0.113\");\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "Windows : Microsoft Bulletins"}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-10-26T14:35:12"}], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5002", "RH:CVE-2018-5001", "RH:CVE-2018-4945", "RH:CVE-2018-5000"]}, {"type": "nessus", "idList": ["700434.PRM", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813396", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "kaspersky", "idList": ["KLA11260", "KLA11261"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5000", "UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-568", "ZDI-18-569"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2020-05-15T17:01:22", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2020-05-15T17:01:22", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310813602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813602\");\n script_version(\"2020-05-13T14:08:32+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-13 14:08:32 +0000 (Wed, 13 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:38:35 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1803 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path = path + \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 30.0.0.113\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Windows : Microsoft Bulletins", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:1361412562310813396", "hash": "c0be237632c62bfe9cc61d9bc2fb24da", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-10-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813396", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-10-24T21:14:57", "history": [{"bulletin": {"id": "OPENVAS:1361412562310813396", "hash": "2481bc2415e22ab83337845e3bd0e5f7e174f01105f13bf24595ac42320a53f5", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813396", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-10-26T14:35:22", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2018-10-26T14:35:22", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}]}, "score": {"modified": "2018-10-26T14:35:22", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813396", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_apsb18-19_win.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813396\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:31 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-10-26T14:35:22"}, {"bulletin": {"id": "OPENVAS:1361412562310813396", "hash": "0a617f4257834806a7a951dd7967cf45c268fed5ad07e9787a85a4d93b023677", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813396", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-09-06T11:30:09", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2018-09-06T11:30:09", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813396", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_apsb18-19_win.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813396\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:31 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player version before \n 30.0.0.113 on Windows.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-09-06T11:30:09"}, {"bulletin": {"id": "OPENVAS:1361412562310813396", "hash": "c688261898a0d9611f07e1369cbdb95e43ea119002ea8355a5ce6462c2047005", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813396", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-06-08T18:57:37", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2018-06-08T18:57:37", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813396", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_apsb18-19_win.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813396\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:31 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player version before \n 30.0.0.113 on Windows.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-06-08T18:57:37"}, {"bulletin": {"id": "OPENVAS:1361412562310813396", "hash": "10807d713dade2df9487623e43778e466dbf41f80d56059220e16c7c3f4dee50", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813396", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-07-19T22:04:14", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-07-19T22:04:14", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}]}, "score": {"modified": "2019-07-19T22:04:14", "value": 8.0, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813396", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813396\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:31 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2019-07-19T22:04:14"}, {"bulletin": {"id": "OPENVAS:1361412562310813396", "hash": "f633a0f4ec05ecafdb8138386ee5718cb091c3d84c867de563ac9311610eeb37", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813396", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-20T14:37:28", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-05-20T14:37:28", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}]}, "score": {"modified": "2019-05-20T14:37:28", "value": 7.3, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813396", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813396\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:31 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-05-20T14:37:28"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945", "RH:CVE-2018-5001"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-10-24T21:14:57", "rev": 2}, "score": {"value": 9.0, "vector": "NONE", "modified": "2019-10-24T21:14:57", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310813396", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813396\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:31 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:1361412562310813399", "hash": "396bc065112f5356f147c1b5e00044d7", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-10-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813399", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-10-24T21:14:05", "history": [{"bulletin": {"id": "OPENVAS:1361412562310813399", "hash": "29b50e1e3f7d3a9204c005128522039f718b903c8dfedb65753343561099c013", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813399", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-06-08T18:57:36", "history": [], "viewCount": 1, "enchantments": {"score": {"modified": "2018-06-08T18:57:36", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813399", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_within_chrome_apsb18-19_win.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813399\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:39 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Windows.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player for \n Google Chrome 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-06-08T18:57:36"}, {"bulletin": {"id": "OPENVAS:1361412562310813399", "hash": "e6c437e0d0dd0441bb4041826dee1b11ce9f122afc120caed78c59077fefae3d", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813399", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-20T14:37:14", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-05-20T14:37:14", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-05-20T14:37:14", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813399", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813399\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:39 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-05-20T14:37:14"}, {"bulletin": {"id": "OPENVAS:1361412562310813399", "hash": "7c5f120b2cce8c2da5f2fa7886bfa4e5af44d4aa08497a4fed04a301ddd4ace4", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813399", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-07-19T22:03:45", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-07-19T22:03:45", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-07-19T22:03:45", "value": 7.7, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813399", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813399\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:39 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2019-07-19T22:03:45"}, {"bulletin": {"id": "OPENVAS:1361412562310813399", "hash": "2d789091719fdc1ca80f256d121dfd0fe635d0c4eede0b5ab03a8cbf6e702e22", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813399", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-10-26T14:35:16", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2018-10-26T14:35:16", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2018-10-26T14:35:16", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813399", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_within_chrome_apsb18-19_win.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813399\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:39 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-10-26T14:35:16"}, {"bulletin": {"id": "OPENVAS:1361412562310813399", "hash": "e81e4a97105787d185e37b2e2e10721895cc1b05565f5f881fc0adcdd01ba88a", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813399", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-09-06T11:30:03", "history": [], "viewCount": 1, "enchantments": {"score": {"modified": "2018-09-06T11:30:03", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813399", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_within_chrome_apsb18-19_win.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813399\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:39 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Windows.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player for \n Google Chrome 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-09-06T11:30:03"}], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945", "RH:CVE-2018-5001"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-10-24T21:14:05", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2019-10-24T21:14:05", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310813399", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813399\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:39 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:1361412562310813601", "hash": "f22d0b9c4b78ae6aa03e5ca096b67624", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-10-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813601", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-10-24T21:14:23", "history": [{"bulletin": {"id": "OPENVAS:1361412562310813601", "hash": "f4ffdfebcd2c78b19855d02960024abe3c6fae92f06ad36679b981b937db0d33", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813601", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-29T18:33:45", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2019-05-29T18:33:45", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-05-29T18:33:45", "value": 7.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813601", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813601\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:41 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2019-05-29T18:33:45"}, {"bulletin": {"id": "OPENVAS:1361412562310813601", "hash": "a6f35e8593d4d982954a5febd82d6fe8644e1f1c23e4e7732f97bec1366c9f55", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813601", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-03T14:27:41", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-05-03T14:27:41", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-05-03T14:27:41", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813601", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813601\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:41 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2019-05-03T14:27:41"}, {"bulletin": {"id": "OPENVAS:1361412562310813601", "hash": "4721654cf5734a743dbf62bdd014ca8e3712085ef9dfa99ffd58702ab401cc2d", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813601", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-20T14:37:19", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-05-20T14:37:19", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-05-20T14:37:19", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813601", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813601\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:41 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-05-20T14:37:19"}, {"bulletin": {"id": "OPENVAS:1361412562310813601", "hash": "d6177b1813091029fea2356f974bacca381a7a92c1b73d6bbea3378d9420daa4", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813601", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-06-08T18:57:50", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2018-06-08T18:57:50", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813601", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_within_chrome_apsb18-19_macosx.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813601\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:41 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on MAC OS X.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player for \n Google Chrome 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-06-08T18:57:50"}, {"bulletin": {"id": "OPENVAS:1361412562310813601", "hash": "4b6ff5faf3853a380135f1ca4fdd13ce4d818f868bf84a1ec8c404a5f2326afc", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813601", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-07-19T22:03:55", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2019-07-19T22:03:55", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-07-19T22:03:55", "value": 8.0, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813601", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813601\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:41 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2019-07-19T22:03:55"}], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945", "RH:CVE-2018-5001"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-10-24T21:14:23", "rev": 2}, "score": {"value": 8.8, "vector": "NONE", "modified": "2019-10-24T21:14:23", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310813601", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813601\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:41 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:1361412562310813397", "hash": "3cab777101d62cea2b6eebdec5c39b12", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-10-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813397", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-10-24T21:13:51", "history": [{"bulletin": {"id": "OPENVAS:1361412562310813397", "hash": "3990a9d6c6f60d6e9523872273d5bbafdc13c535dfb449e74b2389e15edba584", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813397", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-07-19T22:03:37", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-07-19T22:03:37", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-07-19T22:03:37", "value": 8.1, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813397", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813397\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:32 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2019-07-19T22:03:37"}, {"bulletin": {"id": "OPENVAS:1361412562310813397", "hash": "3dc22e62a41e0067a0ed743565c07b9d2d1d80dda53aab442de05d0b084466b1", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813397", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-29T18:33:43", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-05-29T18:33:43", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-05-29T18:33:43", "value": 8.1, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813397", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813397\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:32 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2019-05-29T18:33:43"}, {"bulletin": {"id": "OPENVAS:1361412562310813397", "hash": "a632ef4b01bde1323dca1dbb66b7e64773f0eb280f8b64eb07d3d16ddda6a363", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813397", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-20T14:37:10", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-05-20T14:37:10", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-05-20T14:37:10", "value": 7.3, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813397", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813397\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:32 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-05-20T14:37:10"}, {"bulletin": {"id": "OPENVAS:1361412562310813397", "hash": "71f43025e6bf1e3da8b2725eb03910b92d80c70e4dc2584359b982b307e3e597", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813397", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-10-29T12:34:52", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2018-10-29T12:34:52", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2018-10-29T12:34:52", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813397", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_apsb18-19_macosx.nasl 12120 2018-10-26 11:13:20Z mmartin $\n#\n# Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813397\");\n script_version(\"$Revision: 12120 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 13:13:20 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:32 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-10-29T12:34:52"}, {"bulletin": {"id": "OPENVAS:1361412562310813397", "hash": "60c5f6263fb1989bca8ae4739200ae78ae7086e090b4d46c47ebe6aacd9ba994", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-MAC OS X", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813397", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-03T14:27:32", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-05-03T14:27:32", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-05-03T14:27:32", "value": 7.3, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813397", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813397\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:32 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2019-05-03T14:27:32"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945", "RH:CVE-2018-5001"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5002"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-10-24T21:13:51", "rev": 2}, "score": {"value": 9.0, "vector": "NONE", "modified": "2019-10-24T21:13:51", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310813397", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813397\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:32 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:1361412562310813398", "hash": "060976e88db132cf355b5f2d65c4541d", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-10-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813398", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-10-24T21:14:43", "history": [{"bulletin": {"id": "OPENVAS:1361412562310813398", "hash": "f13bab162e594160bb9ba755c5fc01b45cccd58a2d822e54ce49a3183227a6ea", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813398", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-03T14:27:47", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-05-03T14:27:47", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-05-03T14:27:47", "value": 7.3, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813398", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813398\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:33 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2019-05-03T14:27:47"}, {"bulletin": {"id": "OPENVAS:1361412562310813398", "hash": "78f1920a3fd3d11455d49f4dc8fb8205f2d6717d34d5c77713564a07b6add6fe", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813398", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-06-08T18:57:32", "history": [], "viewCount": 1, "enchantments": {"score": {"modified": "2018-06-08T18:57:32", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813398", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_apsb18-19_lin.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813398\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:33 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n \n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player version before \n 30.0.0.113 on Linux.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-06-08T18:57:32"}, {"bulletin": {"id": "OPENVAS:1361412562310813398", "hash": "d124b03aa33c4119eabb2020324010dba9a6e700ef4eebd180547b52ceed9273", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813398", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-07-19T22:04:07", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-07-19T22:04:07", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-07-19T22:04:07", "value": 8.0, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813398", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813398\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:33 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2019-07-19T22:04:07"}, {"bulletin": {"id": "OPENVAS:1361412562310813398", "hash": "db68c4dbf51ce38ba47aaa96818c4003fc8efa01ffd3f1afb634fd6fa6dd6929", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813398", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-09-06T11:30:08", "history": [], "viewCount": 2, "enchantments": {"score": {"modified": "2018-09-06T11:30:08", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813398", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_apsb18-19_lin.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813398\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:33 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n \n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player version before \n 30.0.0.113 on Linux.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-09-06T11:30:08"}, {"bulletin": {"id": "OPENVAS:1361412562310813398", "hash": "e2a70ea7a39fd9822dfb6a36ae8f0c6675531eb91cfccd4887d8850fc1bc8e58", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Security Updates(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813398", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-10-26T14:35:21", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2018-10-26T14:35:21", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2018-10-26T14:35:21", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813398", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_apsb18-19_lin.nasl 12116 2018-10-26 10:01:35Z mmartin $\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813398\");\n script_version(\"$Revision: 12116 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 12:01:35 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:33 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-10-26T14:35:21"}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945", "RH:CVE-2018-5001"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-10-24T21:14:43", "rev": 2}, "score": {"value": 9.0, "vector": "NONE", "modified": "2019-10-24T21:14:43", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310813398", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813398\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:33 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "OPENVAS:1361412562310813400", "hash": "6553c7b6886d05d5a9f224237459067b", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-10-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813400", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-10-24T21:14:40", "history": [{"bulletin": {"id": "OPENVAS:1361412562310813400", "hash": "bddccef2e2f10e521ef05d7f5779ec4f48f995d471bad708020f314237ab2f12", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813400", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-07-19T22:04:05", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"modified": "2019-07-19T22:04:05", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602"], "type": "openvas"}]}, "score": {"modified": "2019-07-19T22:04:05", "value": 7.8, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813400", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813400\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:40 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 7, "lastseen": "2019-07-19T22:04:05"}, {"bulletin": {"id": "OPENVAS:1361412562310813400", "hash": "39a3617b40ad79f12b987c4d10ca85d0b36a1621c7579e1805ea2f53e215337c", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813400", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-06-08T18:57:49", "history": [], "viewCount": 1, "enchantments": {"score": {"modified": "2018-06-08T18:57:49", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813400", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_within_chrome_apsb18-19_lin.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813400\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:40 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Linux.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player for \n Google Chrome 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-06-08T18:57:49"}, {"bulletin": {"id": "OPENVAS:1361412562310813400", "hash": "b7f4b1b19aee553f29d54d0b8f9133cab09d5b27edc8f00a37fcdd5ed7ca0361", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813400", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-29T18:33:47", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2019-05-29T18:33:47", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602"], "type": "openvas"}]}, "score": {"modified": "2019-05-29T18:33:47", "value": 7.6, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813400", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813400\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:40 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2019-05-29T18:33:47"}, {"bulletin": {"id": "OPENVAS:1361412562310813400", "hash": "2f8641a7805dd8afac6e1b72696c8e94f28c083a666e6f217265530305c040de", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813400", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2019-05-20T14:37:23", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2019-05-20T14:37:23", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602"], "type": "openvas"}]}, "score": {"modified": "2019-05-20T14:37:23", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813400", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813400\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:40 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"http://get.adobe.com/flashplayer\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2019-05-20T14:37:23"}, {"bulletin": {"id": "OPENVAS:1361412562310813400", "hash": "42256d7b0ae1f8b0b13d1ea4606ba6989e27f2c180bb2e1e8ca9ea9ee6e54886", "type": "openvas", "bulletinFamily": "scanner", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "published": "2018-06-08T00:00:00", "modified": "2018-06-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813400", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://get.adobe.com/flashplayer"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "lastseen": "2018-09-06T11:30:07", "history": [], "viewCount": 4, "enchantments": {"score": {"modified": "2018-09-06T11:30:07", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310813400", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_within_chrome_apsb18-19_lin.nasl 10143 2018-06-08 13:43:47Z santu $\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813400\");\n script_version(\"$Revision: 10143 $\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-08 15:43:47 +0200 (Fri, 08 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:40 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote \n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Linux.\");\n\n script_tag(name: \"solution\", value:\"Upgrade to Adobe Flash Player for \n Google Chrome 30.0.0.113, or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name: \"URL\" , value :\"http://get.adobe.com/flashplayer\");\n script_xref(name: \"URL\" , value :\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-09-06T11:30:07"}], "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945", "RH:CVE-2018-5001"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2019-10-24T21:14:40", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2019-10-24T21:14:40", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310813400", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813400\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:40 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "trendmicroblog": [{"id": "TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "type": "trendmicroblog", "bulletinFamily": "blog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 4, 2018", "description": "\n\nIt was a busy day yesterday, with Adobe issuing four emergency patches for their Flash Player, including one for a zero-day being actively exploited in the wild. Adobe has [indicated](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>) that CVE-2018-5002 was discovered being used in limited, targeted attacks on Windows users in the wild. The attacks use Microsoft Office documents embedded with malicious Flash Player content.\n\nThree of the four CVEs were found through our Zero Day Initiative:\n\n| \n\n * CVE-2018-4945: Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative\n * CVE-2018-5000: Anonymously reported through Trend Micro's Zero Day Initiative\n * CVE-2018-5001: Anonymously reported through Trend Micro's Zero Day Initiative\n * CVE-2018-5002: Independently identified and reported by the following organizations and individuals: Chenming Xu and Jason Jones of ICEBRG, Bai Haowen, Zeng Haitao and Huang Chaowen of 360 Threat Intelligence Center of 360 Enterprise Security Group, and Yang Kang, Hu Jiang, Zhang Qing, and Jin Quan of Qihoo 360 Core Security (@360CoreSec), Tencent PC Manager \n---|--- \n| \n \nWe issued an out-of-band Digital Vaccine (DV) package to address these vulnerabilities:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter** \n---|---|--- \nAPSB18-19 | CVE-2018-4945 | 32133: HTTP: Adobe Flash MovieClip object Memory Corruption Vulnerability (ZDI-18-570) \nAPSB18-19 | CVE-2018-5000 | 32134: HTTP: Adobe Flash RTMP Information Disclosure Vulnerability (ZDI-18-569) \nAPSB18-19 | CVE-2018-5001 | 32132: HTTP: Adobe Flash ApplyFilter Method Information Disclosure Vulnerability (ZDI-18-568) \nAPSB18-19 | CVE-2018-5002 | 32131: HTTP: Adobe Flash XLSX li8 Buffer Overflow Vulnerability \n \n \n\n**Zero-Day Filters**\n\nThere are 16 new zero-day filters covering 10 vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (1)_**\n\n| \n\n * 31950: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-18-213) \n---|--- \n| \n \n**_Advantech (4)_**\n\n| \n\n * 31848: HTTP: Advantech WebAccess Node uMailLogin Proj SQL Injection Vulnerability (ZDI-18-144)\n * 31954: HTTP: Advantech WebAccess Node screnc Buffer Overflow Vulnerability (ZDI-18-498)\n * 31957: RPC: Advantech WebAccess Node bwmakdir Buffer Overflow Vulnerability (ZDI-18-497)\n * 31973: HTTP: Advantech WebAccess NMS DownloadAction Directory Traversal Vulnerability (ZDI-18-471) \n---|--- \n| \n \n**_Apple (2)_**\n\n| \n\n * 31943: HTTP: Apple Safari Spread Operator Type Confusion Vulnerability (ZDI-18-271)\n * 31951: HTTP: Apple Safari RenderLayer Use-After-Free Vulnerability (ZDI-18-274) \n---|--- \n| \n \n**_Foxit (2)_**\n\n| \n\n * 31941: HTTP: Foxit Reader Text Annotations Use-After-Free Vulnerability (ZDI-18-342)\n * 31945: HTTP: Foxit Reader XFA execEvent Use-After-Free Vulnerability (ZDI-18-354) \n---|--- \n| \n \n**_Microsoft (1)_**\n\n| \n\n * 31952: HTTP: Microsoft Windows VBScript Filter Function Memory Corruption Vulnerability (ZDI-18-296) \n---|--- \n| \n \n**_Novell (1)_**\n\n| \n\n * 31840: HTTP: Novell NetIQ Access Manager FwRequest Unrestricted File Upload (ZDI-18-145) \n---|--- \n| \n \n**_OMRON (1)_**\n\n| \n\n * 29983: HTTP: OMRON CX-Supervisor SCS Alarm Object Use-After-Free Vulnerability (ZDI-18-255) \n---|--- \n| \n \n**_Spotify (1)_**\n\n| \n\n * 31958: HTTP: Spotify Music Player URI Parsing Command Injection Vulnerability (ZDI-18-280) \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 31949: HTTP: Trend Micro Smart Protection Server Auth Command Injection Vulnerability (ZDI-18-218) \n---|--- \n| \n \n**_WECON (2)_**\n\n| \n\n * 31879: ZDI-CAN-5788: Zero Day Initiative Vulnerability (WECON LeviStudioU)\n * 31881: ZDI-CAN-5794,5795: Zero Day Initiative Vulnerability (WECON LeviStudioU) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-may-28-2018/>).\n\nThe post [TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 4, 2018](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-june-4-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "published": "2018-06-08T15:12:05", "modified": "2018-06-08T15:12:05", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-june-4-2018/", "reporter": "Elisa Lippincott (TippingPoint Global Product Marketing)", "references": [], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "lastseen": "2018-06-08T16:23:49", "history": [], "viewCount": 48, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2018-06-08T16:23:49", "rev": 2}, "dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945", "RH:CVE-2018-5001"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5002"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2018-06-08T16:23:49", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.rss.RssBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.rss.RssBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "nessus": [{"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "c63986beaa3cb5986c933a3d47f018f0", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?0cb17c10", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-10-21T01:51:30", "history": [{"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "ff990fcadb2f397bb114a5b6d68b4593cd108f30716cbddbc52fb99b3625db26", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2018-07-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=110397", "reporter": "Tenable", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2019-01-16T20:35:46", "history": [], "viewCount": 20, "enchantments": {"dependencies": {"modified": "2019-01-16T20:35:46", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-01-16T20:35:46", "value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/13 15:23:36\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-01-16T20:35:46", "differentElements": ["description"], "edition": 1}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "ec1cb6cb3ef78a5f2dcb35e3ac06c017eb04a45debc3140ec2663564074e49a7", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2018-07-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=110397", "reporter": "Tenable", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2019-02-21T01:40:18", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"modified": "2019-02-21T01:40:18", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-02-21T01:40:18", "value": 7.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/13 15:23:36\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-02-21T01:40:18", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "5fea75b0c820e631128b46a61fa12d0a857a9a16f7af556e86a91407d0450465", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2020-02-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2020-02-01T07:44:49", "history": [], "viewCount": 36, "enchantments": {"dependencies": {"modified": "2020-02-01T07:44:49", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2020-02-01T07:44:49", "value": 7.8, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-02-01T07:44:49", "differentElements": ["cvss3", "modified"], "edition": 3}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "360e2214699f8832509cf82cebbf08ed7084923415377a310e6fdf2163a9d232", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2020-11-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2020-11-01T06:19:48", "history": [], "viewCount": 41, "enchantments": {"dependencies": {"modified": "2020-11-01T06:19:48", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["KLA11671", "KLA11261", "KLA11260"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["ZDI-18-569", "ZDI-18-570", "ZDI-18-568"], "type": "zdi"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}], "rev": 2}, "score": {"modified": "2020-11-01T06:19:48", "rev": 2, "value": 8.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-11-01T06:19:48", "differentElements": ["cvss2", "cvss3", "modified"], "edition": 4}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "45bc794c16fc0f26191a120bab3699bf2e648357ff319812429b612342c83ed8", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2021-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2021-07-29T00:04:13", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"modified": "2021-07-29T00:04:13", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["KLA11671", "KLA11261", "KLA11260"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5002", "UB:CVE-2018-5000"], "type": "ubuntucve"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["RH:CVE-2018-5002", "RH:CVE-2018-5000", "RH:CVE-2018-5001", "RH:CVE-2018-4945"], "type": "redhatcve"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MS:ADV180014"], "type": "mscve"}, {"idList": ["ZDI-18-569", "ZDI-18-570", "ZDI-18-568"], "type": "zdi"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}], "rev": 2}, "score": {"modified": "2021-07-29T00:04:13", "rev": 2, "value": 8.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:04:13", "differentElements": ["modified"], "edition": 5}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "68439b08f3668a44341a49858d3e4731", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2021-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2021-08-01T08:10:45", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-4945", "RH:CVE-2018-5001", "RH:CVE-2018-5002", "RH:CVE-2018-5000"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "700434.PRM", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "kaspersky", "idList": ["KLA11671", "KLA11261", "KLA11260"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-5000", "UB:CVE-2018-5002", "UB:CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-01T08:10:45", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-08-01T08:10:45", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-01T08:10:45", "differentElements": ["cvss2", "cvss3", "cvssScoreSource", "description", "exploitAvailable", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "76375d85f0800e53417bfa167077394c", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://www.nessus.org/u?0cb17c10", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-08-11T13:52:27", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-4945", "RH:CVE-2018-5001", "RH:CVE-2018-5000", "RH:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000", "CVE-2018-4945", "CVE-2018-5002"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-5002", "UB:CVE-2018-5000", "UB:CVE-2018-4945"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813398", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11671", "KLA11261", "KLA11260"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "nessus", "idList": ["700434.PRM", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201994516", "MYHACK58:62201890504"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-568", "ZDI-18-569"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-11T13:52:27", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-08-11T13:52:27", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Upgrade to Adobe Flash Player version 30.0.0.113 or later.", "nessusSeverity": "", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T13:52:27", "differentElements": ["vpr"], "edition": 7}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "18553b95e7613953897dcb25534b0376", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?0cb17c10", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-08-14T00:05:19", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5002", "RH:CVE-2018-5001", "RH:CVE-2018-4945", "RH:CVE-2018-5000"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813400"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11260", "KLA11671", "KLA11261"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_JUN_4287903.NASL", "700434.PRM", "REDHAT-RHSA-2018-1827.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "GENTOO_GLSA-201806-02.NASL"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4945", "UB:CVE-2018-5001", "UB:CVE-2018-5002", "UB:CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-14T00:05:19", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-08-14T00:05:19", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Upgrade to Adobe Flash Player version 30.0.0.113 or later.", "nessusSeverity": "", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-14T00:05:19", "differentElements": ["vpr"], "edition": 8}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "76375d85f0800e53417bfa167077394c", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-08-17T13:17:14", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-4945", "RH:CVE-2018-5002", "RH:CVE-2018-5001"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "700434.PRM"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "threatpost", "idList": ["THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5002", "UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000", "CVE-2018-5002", "CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201890504", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-17T13:17:14", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-08-17T13:17:14", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Upgrade to Adobe Flash Player version 30.0.0.113 or later.", "nessusSeverity": "", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-17T13:17:14", "differentElements": ["nessusSeverity"], "edition": 9}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "31caef234aa07e45704b3eff8c22e28e", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://www.nessus.org/u?0cb17c10"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-08-19T12:32:02", "history": [], "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5001", "RH:CVE-2018-5000", "RH:CVE-2018-4945", "RH:CVE-2018-5002"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "kaspersky", "idList": ["KLA11260", "KLA11261"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5001", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002", "CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-19T12:32:02", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-08-19T12:32:02", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Upgrade to Adobe Flash Player version 30.0.0.113 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:32:02", "differentElements": ["vpr"], "edition": 10}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "ccf005bcb0d74b4b928016459028eacf", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://www.nessus.org/u?0cb17c10", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-09-11T00:53:39", "history": [], "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5001", "RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813398"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "kaspersky", "idList": ["KLA11260", "KLA11261"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5002", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5001"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000", "CVE-2018-5002"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201994516", "MYHACK58:62201890504"]}, {"type": "zdi", "idList": ["ZDI-18-569", "ZDI-18-568", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-09-11T00:53:39", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-09-11T00:53:39", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Upgrade to Adobe Flash Player version 30.0.0.113 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-11T00:53:39", "differentElements": ["vpr"], "edition": 11}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "31caef234aa07e45704b3eff8c22e28e", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://www.nessus.org/u?0cb17c10", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-09-23T01:37:58", "history": [], "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001", "RH:CVE-2018-5002", "RH:CVE-2018-4945"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2018-1827.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "GENTOO_GLSA-201806-02.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813398", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813602"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5002", "UB:CVE-2018-5001", "UB:CVE-2018-5000", "UB:CVE-2018-4945"]}, {"type": "cve", "idList": ["CVE-2018-5000", "CVE-2018-5002", "CVE-2018-5001", "CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-09-23T01:37:58", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-09-23T01:37:58", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Upgrade to Adobe Flash Player version 30.0.0.113 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-23T01:37:58", "differentElements": ["vpr"], "edition": 12}, {"bulletin": {"id": "FLASH_PLAYER_APSB18-19.NASL", "hash": "ccf005bcb0d74b4b928016459028eacf", "type": "nessus", "bulletinFamily": "scanner", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "published": "2018-06-07T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110397", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://www.nessus.org/u?0cb17c10", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-10-06T02:20:31", "history": [], "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-4945", "RH:CVE-2018-5002", "RH:CVE-2018-5001", "RH:CVE-2018-5000"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_JUN_4287903.NASL", "700434.PRM", "GENTOO_GLSA-201806-02.NASL", "REDHAT-RHSA-2018-1827.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813400", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4945", "UB:CVE-2018-5001", "UB:CVE-2018-5002", "UB:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-4945", "CVE-2018-5002", "CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-568", "ZDI-18-569"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-10-06T02:20:31", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-10-06T02:20:31", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Upgrade to Adobe Flash Player version 30.0.0.113 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-06T02:20:31", "differentElements": ["vpr"], "edition": 13}], "viewCount": 51, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945", "RH:CVE-2018-5001"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "SMB_NT_MS18_JUN_4287903.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5002", "CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0537", "CPAI-2018-0539", "CPAI-2018-0535", "CPAI-2018-0538"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994516", "MYHACK58:62201890504", "MYHACK58:62201890436"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-10-21T01:51:30", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-10-21T01:51:30", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110397", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Upgrade to Adobe Flash Player version 30.0.0.113 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "34bb705d18b112be46ca7b4429ac3f40", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-10-21T01:51:31", "history": [{"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "da29ddf8a82d43e6c62dbb1ba68995682910a3e57a0d13cc7c19c10d5a5fe216", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2018-06-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=110414", "reporter": "Tenable", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2018-06-26T06:05:48", "history": [], "viewCount": 26, "enchantments": {"score": {"modified": "2018-06-26T06:05:48", "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/06/25 17:42:23\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"IAVA\", value:\"2018-A-0177\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report() + report);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-06-26T06:05:48", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "9131fb48fc5ff1d24799c875352261818e1d3b9a45c19dd5356ed7417bd03955", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2019-11-05T11:37:30", "history": [], "viewCount": 59, "enchantments": {"dependencies": {"modified": "2019-11-05T11:37:30", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}]}, "score": {"modified": "2019-11-05T11:37:30", "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-11-05T11:37:30", "differentElements": ["cvss3", "modified"], "edition": 2}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "f3f0344be585525386f68de3b3ce66b3583781414da5411abe497ecbd5658e27", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2020-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2020-07-01T04:24:37", "history": [], "viewCount": 64, "enchantments": {"dependencies": {"modified": "2020-07-01T04:24:37", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11261"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["ZDI-18-569", "ZDI-18-570", "ZDI-18-568"], "type": "zdi"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}], "rev": 2}, "score": {"modified": "2020-07-01T04:24:37", "rev": 2, "value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-07-01T04:24:37", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "4ce9c2be4316cab44c6e2fb3f4580019f56b2eccb975bf4fbcd5bd1c5c4af87a", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2020-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2020-08-01T04:57:40", "history": [], "viewCount": 66, "enchantments": {"dependencies": {"modified": "2020-08-01T04:57:40", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["KLA11671", "KLA11261", "KLA11260"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["ZDI-18-569", "ZDI-18-570", "ZDI-18-568"], "type": "zdi"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}], "rev": 2}, "score": {"modified": "2020-08-01T04:57:40", "rev": 2, "value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-08-01T04:57:40", "differentElements": ["cvss2", "cvss3", "modified"], "edition": 4}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "652d5f8e3649d34a15ae6c8f35fe08c19ddfdba9b047c07cab822d35118ca4b6", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2021-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2021-07-29T03:49:25", "history": [], "viewCount": 74, "enchantments": {"dependencies": {"modified": "2021-07-29T03:49:25", "references": [{"idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"], "type": "krebs"}, {"idList": ["ASA-201806-7"], "type": "archlinux"}, {"idList": ["KLA11671", "KLA11261", "KLA11260"], "type": "kaspersky"}, {"idList": ["RHSA-2018:1827"], "type": "redhat"}, {"idList": ["UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5002", "UB:CVE-2018-5000"], "type": "ubuntucve"}, {"idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"], "type": "trendmicroblog"}, {"idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400"], "type": "openvas"}, {"idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"], "type": "freebsd"}, {"idList": ["RH:CVE-2018-5002", "RH:CVE-2018-5000", "RH:CVE-2018-5001", "RH:CVE-2018-4945"], "type": "redhatcve"}, {"idList": ["MYHACK58:62201890504", "MYHACK58:62201994516", "MYHACK58:62201890436"], "type": "myhack58"}, {"idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"], "type": "thn"}, {"idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"], "type": "malwarebytes"}, {"idList": ["MS:ADV180014"], "type": "mscve"}, {"idList": ["ZDI-18-569", "ZDI-18-570", "ZDI-18-568"], "type": "zdi"}, {"idList": ["FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"], "type": "threatpost"}, {"idList": ["GLSA-201806-02"], "type": "gentoo"}, {"idList": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "type": "cve"}, {"idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"], "type": "securelist"}], "rev": 2}, "score": {"modified": "2021-07-29T03:49:25", "rev": 2, "value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T03:49:25", "differentElements": ["modified"], "edition": 5}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "60af5068e93ba1bc3a30627f92752670", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2021-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "immutableFields": [], "lastseen": "2021-08-01T12:09:46", "history": [], "viewCount": 74, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-4945", "RH:CVE-2018-5001", "RH:CVE-2018-5002", "RH:CVE-2018-5000"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813398", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397"]}, {"type": "kaspersky", "idList": ["KLA11671", "KLA11261", "KLA11260"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "700434.PRM", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "REDHAT-RHSA-2018-1827.NASL", "FLASH_PLAYER_APSB18-19.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-5000", "UB:CVE-2018-5002", "UB:CVE-2018-4945"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-01T12:09:46", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-08-01T12:09:46", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-01T12:09:46", "differentElements": ["cvss2", "cvss3", "cvssScoreSource", "description", "exploitAvailable", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "dd48030aa8856c463ea2228c304265df", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-08-11T13:52:25", "history": [], "viewCount": 74, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-4945", "RH:CVE-2018-5001", "RH:CVE-2018-5000", "RH:CVE-2018-5002"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["700434.PRM", "REDHAT-RHSA-2018-1827.NASL", "FLASH_PLAYER_APSB18-19.NASL", "GENTOO_GLSA-201806-02.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813398", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "kaspersky", "idList": ["KLA11260", "KLA11261", "KLA11671"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000", "CVE-2018-4945", "CVE-2018-5002"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5001", "UB:CVE-2018-5002", "UB:CVE-2018-5000", "UB:CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201994516", "MYHACK58:62201890504"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-568", "ZDI-18-569"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-11T13:52:25", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-08-11T13:52:25", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Microsoft has released KB4287903 to address this issue.", "nessusSeverity": "", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T13:52:25", "differentElements": ["vpr"], "edition": 7}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "97a2487de66092d67ce2578212e634e2", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://www.nessus.org/u?ea99fd83", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-08-14T00:43:56", "history": [], "viewCount": 75, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5002", "RH:CVE-2018-5001", "RH:CVE-2018-4945", "RH:CVE-2018-5000"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "700434.PRM", "REDHAT-RHSA-2018-1827.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "GENTOO_GLSA-201806-02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813400"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "kaspersky", "idList": ["KLA11260", "KLA11671", "KLA11261"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4945", "UB:CVE-2018-5001", "UB:CVE-2018-5002", "UB:CVE-2018-5000"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-14T00:43:56", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-08-14T00:43:56", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Microsoft has released KB4287903 to address this issue.", "nessusSeverity": "", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.5"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-14T00:43:56", "differentElements": ["vpr"], "edition": 8}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "dd48030aa8856c463ea2228c304265df", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://www.nessus.org/u?ea99fd83", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-08-17T13:17:14", "history": [], "viewCount": 75, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-4945", "RH:CVE-2018-5002", "RH:CVE-2018-5001"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813602"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "700434.PRM"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5002", "UB:CVE-2018-5001", "UB:CVE-2018-4945", "UB:CVE-2018-5000"]}, {"type": "cve", "idList": ["CVE-2018-5001", "CVE-2018-5000", "CVE-2018-5002", "CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201890504", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-17T13:17:14", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-08-17T13:17:14", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Microsoft has released KB4287903 to address this issue.", "nessusSeverity": "", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-17T13:17:14", "differentElements": ["nessusSeverity"], "edition": 9}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "524a0868bc4f6ba1a9fe2aaac0469af7", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://www.nessus.org/u?ea99fd83"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-08-19T12:32:02", "history": [], "viewCount": 75, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5001", "RH:CVE-2018-5000", "RH:CVE-2018-4945", "RH:CVE-2018-5002"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "threatpost", "idList": ["THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813399", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813400"]}, {"type": "kaspersky", "idList": ["KLA11260", "KLA11261"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "700434.PRM", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "FLASH_PLAYER_APSB18-19.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5001", "UB:CVE-2018-5002"]}, {"type": "cve", "idList": ["CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002", "CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-568", "ZDI-18-569", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-08-19T12:32:02", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-08-19T12:32:02", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Microsoft has released KB4287903 to address this issue.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:32:02", "differentElements": ["vpr"], "edition": 10}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "f53a191d3f757b7487e4bbb5b13bae61", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "http://www.nessus.org/u?ea99fd83", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-09-11T00:53:39", "history": [], "viewCount": 76, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5001", "RH:CVE-2018-5000", "RH:CVE-2018-5002", "RH:CVE-2018-4945"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201806-02.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813601", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813398"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E"]}, {"type": "kaspersky", "idList": ["KLA11260", "KLA11261"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5002", "UB:CVE-2018-4945", "UB:CVE-2018-5000", "UB:CVE-2018-5001"]}, {"type": "cve", "idList": ["CVE-2018-4945", "CVE-2018-5001", "CVE-2018-5000", "CVE-2018-5002"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890436", "MYHACK58:62201994516", "MYHACK58:62201890504"]}, {"type": "zdi", "idList": ["ZDI-18-569", "ZDI-18-568", "ZDI-18-570"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-09-11T00:53:39", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-09-11T00:53:39", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Microsoft has released KB4287903 to address this issue.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-11T00:53:39", "differentElements": ["vpr"], "edition": 11}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "524a0868bc4f6ba1a9fe2aaac0469af7", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?ea99fd83", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-09-23T01:37:59", "history": [], "viewCount": 76, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001", "RH:CVE-2018-5002", "RH:CVE-2018-4945"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2018-1827.NASL", "GENTOO_GLSA-201806-02.NASL", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "700434.PRM", "MACOSX_FLASH_PLAYER_APSB18-19.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813398", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813602"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5002", "UB:CVE-2018-5001", "UB:CVE-2018-5000", "UB:CVE-2018-4945"]}, {"type": "cve", "idList": ["CVE-2018-5000", "CVE-2018-5002", "CVE-2018-5001", "CVE-2018-4945"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "myhack58", "idList": ["MYHACK58:62201890504", "MYHACK58:62201890436", "MYHACK58:62201994516"]}, {"type": "zdi", "idList": ["ZDI-18-570", "ZDI-18-569", "ZDI-18-568"]}, {"type": "krebs", "idList": ["KREBS:377DC4DFDAF49AA3F03846964CC1864A"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:29082210E17AE80B08D8FF58AED79F23"]}, {"type": "securelist", "idList": ["SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E"]}], "modified": "2021-09-23T01:37:59", "rev": 2}, "score": {"value": 9.3, "vector": "NONE", "modified": "2021-09-23T01:37:59", "rev": 2}}, "objectVersion": "1.6", "pluginID": "110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows : Microsoft Bulletins", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Microsoft has released KB4287903 to address this issue.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2018-5002", "vpr": {"risk factor": "Critical", "score": "9.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-06-07T00:00:00", "vulnerabilityPublicationDate": "2018-06-07T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-23T01:37:59", "differentElements": ["vpr"], "edition": 12}, {"bulletin": {"id": "SMB_NT_MS18_JUN_4287903.NASL", "hash": "f53a191d3f757b7487e4bbb5b13bae61", "type": "nessus", "bulletinFamily": "scanner", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "published": "2018-06-08T00:00:00", "modified": "2019-11-04T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/110414", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945", "http://www.nessus.org/u?ea99fd83", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001"], "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "immutableFields": [], "lastseen": "2021-10-06T02:20:38", "history": [], "viewCount": 78, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-4945", "RH:CVE-2018-5002", "RH:CVE-2018-5001", "RH:CVE-2018-5000"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "700434.PRM", "GENTOO_GLSA-201806-02.NASL", "REDHAT-RHSA-2018-1827.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813400", "OPENVAS:1361412562310813396", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813397"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "threatpost", "idList": ["THREATPOST:3127C5639EF00B80A0DE1B63E8892A5E", "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "kaspersky", "idList": ["KLA11261", "KLA11260"]}, {"type": "adobe", "idList": ["APSB18-19"]}, {"type": &qu
