Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable
out-of-bounds read vulnerability. Successful exploitation could lead to
information disclosure.
{"zdt": [{"lastseen": "2018-04-26T00:05:15", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2018-04-24T00:00:00", "type": "zdt", "title": "Adobe Flash - Info Leak in Image Inflation Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-4934"], "modified": "2018-04-24T00:00:00", "id": "1337DAY-ID-30244", "href": "https://0day.today/exploit/description/30244", "sourceData": "The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels.\r\n \r\nTo reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png.\r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44528.zip\n\n# 0day.today [2018-04-25] #", "sourceHref": "https://0day.today/exploit/30244", "cvss": {"score": 0.0, "vector": "NONE"}}], "checkpoint_advisories": [{"lastseen": "2022-11-18T22:36:12", "description": "A vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to damage users system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-10T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Out-of-bounds read (APSB18-08: CVE-2018-4934)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4934"], "modified": "2018-04-10T00:00:00", "id": "CPAI-2018-0228", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-06-07T14:59:29", "description": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-05-19T17:29:00", "type": "cve", "title": "CVE-2018-4934", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4934"], "modified": "2022-11-18T17:31:00", "cpe": ["cpe:/a:adobe:flash_player:29.0.0.113", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.113"], "id": "CVE-2018-4934", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4934", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:29.0.0.113:*:*:*:*:edge:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.113:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.113:*:*:*:*:internet_explorer:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.113:*:*:*:*:chrome:*:*"]}], "redhatcve": [{"lastseen": "2023-02-01T05:23:01", "description": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-10T21:51:44", "type": "redhatcve", "title": "CVE-2018-4934", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4936"], "modified": "2023-02-01T04:18:45", "id": "RH:CVE-2018-4934", "href": "https://access.redhat.com/security/cve/cve-2018-4934", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-01T05:23:01", "description": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-10T21:51:33", "type": "redhatcve", "title": "CVE-2018-4933", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4936"], "modified": "2023-02-01T04:18:31", "id": "RH:CVE-2018-4933", "href": "https://access.redhat.com/security/cve/cve-2018-4933", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-01T05:23:00", "description": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-04-10T21:52:08", "type": "redhatcve", "title": "CVE-2018-4936", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4936"], "modified": "2023-02-01T04:18:38", "id": "RH:CVE-2018-4936", "href": "https://access.redhat.com/security/cve/cve-2018-4936", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "kaspersky": [{"lastseen": "2023-06-07T16:13:37", "description": "### *Detect date*:\n04/10/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nAdobe Flash Player earlier than 29.0.0.140\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Flash Player](<https://get.adobe.com/ru/flashplayer/>)\n\n### *Original advisories*:\n[APSB18-08](<https://helpx.adobe.com/security/products/flash-player/apsb18-08.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2018-4933](<https://vulners.com/cve/CVE-2018-4933>)4.0Warning \n[CVE-2018-4934](<https://vulners.com/cve/CVE-2018-4934>)5.0Critical \n[CVE-2018-4936](<https://vulners.com/cve/CVE-2018-4936>)5.0Critical \n[CVE-2018-4932](<https://vulners.com/cve/CVE-2018-4932>)9.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-10T00:00:00", "type": "kaspersky", "title": "KLA11223 Multiple vulnerabilities in Adobe Flash Player", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4936"], "modified": "2020-06-18T00:00:00", "id": "KLA11223", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11223/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2018-04-20T16:28:19", "description": "\n\nIt was a crazy week at this year\u2019s RSA Conference in San Francisco. I always try to get a quick view of the floor to see companies old and new exhibit their wares. Unfortunately, work never sleeps when you attend a conference, and the shortage of seating at this year\u2019s event left many, including myself, with a view of the _actual_ floor. So I decided to listen instead.\n\n \n\n \n\n\n\nYou would be surprised what you can hear if you really pay attention. I heard someone ordering something and giving out their credit card number, someone asking another person about a job, and even someone talking on the phone with their pet sitter and giving them the code for their home alarm system.\n\nImagine if I had heard this information and I was a \u201cbad guy.\u201d I could piece some information together and attempt to impersonate someone else via email to get some valuable data like banking information\u2026all without including a malicious file. Email is still one of the most lucrative attack vectors for cyber criminals, with total global losses from business email compromise (BEC) scams predicted to reach $9 billion this year. To counter those scams, Trend Micro introduced its Writing Style DNA, a new layer of protection against BEC attacks that uses artificial intelligence (AI) to \u201cblueprint\u201d a user\u2019s style of writing through more than 7,000 writing characteristics. When an email is suspected of impersonating a high-profile user, like an organization\u2019s CEO, the style is compared to Trend Micro\u2019s trained AI model and a warning is sent to the implied sender, the recipient and the IT department. You can learn more about Writing Style DNA [here](<https://blog.trendmicro.com/leveraging-the-power-of-ai-to-stop-email-scammers/>).\n\n_Postscript_: For the record, I did nothing with the information I heard \u2013 but I could have. Be aware of your surroundings because you never know who might be listening.\n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before April 10, 2018. The following table maps Digital Vaccine filters to the Adobe updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [April 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/4/10/the-april-2018-security-update-review>) from the Zero Day Initiative:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** \n---|---|--- \nAPSB18-08 | CVE-2018-4932 | 31154 \nAPSB18-08 | CVE-2018-4933 | 31156 \nAPSB18-08 | CVE-2018-4934 | 31186 \nAPSB18-08 | CVE-2018-4935 | 31190 \nAPSB18-08 | CVE-2018-4936 | 31201 \n \n \n\n**Zero-Day Filters**\n\nThere are six new zero-day filters covering three vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Apple (1)_**\n\n| \n\n * 31167: ZDI-CAN-5544: Zero Day Initiative Vulnerability (Apple Safari) \n---|--- \n| \n \n**_GE (4)_**\n\n| \n\n * 31161: ZDI-CAN-5538: Zero Day Initiative Vulnerability (GE MDS PulseNET)\n * 31163: ZDI-CAN-5539: Zero Day Initiative Vulnerability (GE MDS PulseNET)\n * 31164: ZDI-CAN-5540: Zero Day Initiative Vulnerability (GE MDS PulseNET)\n * 31165: ZDI-CAN-5541: Zero Day Initiative Vulnerability (GE MDS PulseNET) \n---|--- \n| \n \n**_Oracle (1)_**\n\n| \n\n * 31138: HTTPS: Oracle Secure Backup exec_qr Command Injection Vulnerability (ZDI-09-003) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-april-9-2018/>).\n\nThe post [TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 16, 2018](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-april-16-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "cvss3": {}, "published": "2018-04-20T14:45:13", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of April 16, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936"], "modified": "2018-04-20T14:45:13", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-april-16-2018/", "id": "TRENDMICROBLOG:D9B17B48CEEA4DCA8DA652578FCCCCAE", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-10-24T21:13:36", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-08)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4933", "CVE-2018-4937", "CVE-2018-4936", "CVE-2018-4932", "CVE-2018-4934", "CVE-2018-4935"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813204", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813204", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-08)-Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813204\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\",\n \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 10:51:14 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-08)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A remote code-execution vulnerability that occurs due to a use-after-free\n condition.\n\n - Multiple remote code-execution vulnerabilities that occur due to an\n out-of-bounds write error.\n\n - Multiple information-disclosure vulnerabilities that occur due to an\n out-of-bounds read error.\n\n - An information-disclosure vulnerability that occurs due to a heap overflow\n condition .\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain th control of the affected system. Depending on the\n privileges associated with this application, an attacker could then install\n programs, view, change, or delete data, or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 29.0.0.140 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version 29.0.0.140,\n or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"29.0.0.140\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.140\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:13:53", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4933", "CVE-2018-4937", "CVE-2018-4936", "CVE-2018-4932", "CVE-2018-4934", "CVE-2018-4935"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813209", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813209\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\",\n \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 10:51:53 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A remote code-execution vulnerability that occurs due to a use-after-free\n condition.\n\n - Multiple remote code-execution vulnerabilities that occur due to an\n out-of-bounds write error.\n\n - Multiple information-disclosure vulnerabilities that occur due to an\n out-of-bounds read error.\n\n - An information-disclosure vulnerability that occurs due to a heap overflow\n condition .\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain th control of the affected system. Depending on the\n privileges associated with this application, an attacker could then install\n programs, view, change, or delete data, or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 29.0.0.140\n within Google Chrome on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 29.0.0.140, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"29.0.0.140\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.140\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:13:20", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-08)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4933", "CVE-2018-4937", "CVE-2018-4936", "CVE-2018-4932", "CVE-2018-4934", "CVE-2018-4935"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813206", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813206", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-08)-Linux\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813206\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\",\n \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 10:51:16 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-08)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A remote code-execution vulnerability that occurs due to a use-after-free\n condition.\n\n - Multiple remote code-execution vulnerabilities that occur due to an\n out-of-bounds write error.\n\n - Multiple information-disclosure vulnerabilities that occur due to an\n out-of-bounds read error.\n\n - An information-disclosure vulnerability that occurs due to a heap overflow\n condition .\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain th control of the affected system. Depending on the\n privileges associated with this application, an attacker could then install\n programs, view, change, or delete data, or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 29.0.0.140 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 29.0.0.140, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"29.0.0.140\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.140\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:13:21", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-08)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4933", "CVE-2018-4937", "CVE-2018-4936", "CVE-2018-4932", "CVE-2018-4934", "CVE-2018-4935"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813205", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813205", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-08)-MAC OS X\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813205\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\",\n \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 10:51:15 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-08)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A remote code-execution vulnerability that occurs due to a use-after-free\n condition.\n\n - Multiple remote code-execution vulnerabilities that occur due to an\n out-of-bounds write error.\n\n - Multiple information-disclosure vulnerabilities that occur due to an\n out-of-bounds read error.\n\n - An information-disclosure vulnerability that occurs due to a heap overflow\n condition .\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain th control of the affected system. Depending on the\n privileges associated with this application, an attacker could then install\n programs, view, change, or delete data, or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 29.0.0.140 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 29.0.0.140, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"29.0.0.140\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.140\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:23", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4933", "CVE-2018-4937", "CVE-2018-4936", "CVE-2018-4932", "CVE-2018-4934", "CVE-2018-4935"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813207", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- Windows\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813207\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\",\n \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 10:51:51 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A remote code-execution vulnerability that occurs due to a use-after-free\n condition.\n\n - Multiple remote code-execution vulnerabilities that occur due to an\n out-of-bounds write error.\n\n - Multiple information-disclosure vulnerabilities that occur due to an\n out-of-bounds read error.\n\n - An information-disclosure vulnerability that occurs due to a heap overflow\n condition .\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain th control of the affected system. Depending on the\n privileges associated with this application, an attacker could then install\n programs, view, change, or delete data, or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 29.0.0.140\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 29.0.0.140, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"29.0.0.140\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.140\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:13:26", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-11T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4933", "CVE-2018-4937", "CVE-2018-4936", "CVE-2018-4932", "CVE-2018-4934", "CVE-2018-4935"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813208", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- Linux\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813208\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\",\n \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 10:51:52 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-08)- Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A remote code-execution vulnerability that occurs due to a use-after-free\n condition.\n\n - Multiple remote code-execution vulnerabilities that occur due to an\n out-of-bounds write error.\n\n - Multiple information-disclosure vulnerabilities that occur due to an\n out-of-bounds read error.\n\n - An information-disclosure vulnerability that occurs due to a heap overflow\n condition .\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain th control of the affected system. Depending on the\n privileges associated with this application, an attacker could then install\n programs, view, change, or delete data, or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 29.0.0.140\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 29.0.0.140, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"29.0.0.140\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"29.0.0.140\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-19T19:25:52", "description": "This host is missing a critical security\n update according to Microsoft KB4093110.", "cvss3": {}, "published": "2018-04-11T00:00:00", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Flash Player Security Update (KB4093110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4933", "CVE-2018-4937", "CVE-2018-4936", "CVE-2018-4932", "CVE-2018-4934", "CVE-2018-4935"], "modified": "2020-06-17T00:00:00", "id": "OPENVAS:1361412562310813210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813210", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Security Update (KB4093110)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813210\");\n script_version(\"2020-06-17T13:37:18+0000\");\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\",\n \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-17 13:37:18 +0000 (Wed, 17 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-11 15:57:09 +0530 (Wed, 11 Apr 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Security Update (KB4093110)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4093110.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"- A remote code-execution vulnerability that occurs due to a use-after-free\n condition.\n\n - Multiple remote code-execution vulnerabilities that occur due to an\n out-of-bounds write error.\n\n - Multiple information-disclosure vulnerabilities that occur due to an\n out-of-bounds read error.\n\n - An information-disclosure vulnerability that occurs due to a heap overflow\n condition.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to gain th control of the affected system. Depending on the\n privileges associated with this application, an attacker could then install\n programs, view, change, or delete data, or create new accounts with full\n user rights.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1511 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1607 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1703 for x32/x64 Edition\n\n - Microsoft Windows 10 Version 1709 for x32/x64 Edition\n\n - Microsoft Windows 10 x32/x64 Edition\n\n - Microsoft Windows 8.1 for x32/x64 Edition\n\n - Microsoft Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/kb/4093110\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path = path + \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"29.0.0.140\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 29.0.0.140\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2021-06-08T18:46:01", "description": "### Description\n\nAdobe Flash Player is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected applications or to gain sensitive information. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Flash Player version 29.0.0.113 and prior versions are vulnerable.\n\n### Technologies Affected\n\n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.2.54 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.1 \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.106.17 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.26 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.11 \n * Adobe Flash Player 10.3.183.15 \n * Adobe Flash Player 10.3.183.16 \n * Adobe Flash Player 10.3.183.18 \n * Adobe Flash Player 10.3.183.19 \n * Adobe Flash Player 10.3.183.20 \n * Adobe Flash Player 10.3.183.23 \n * Adobe Flash Player 10.3.183.25 \n * Adobe Flash Player 10.3.183.29 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.43 \n * Adobe Flash Player 10.3.183.48 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.50 \n * Adobe Flash Player 10.3.183.51 \n * Adobe Flash Player 10.3.183.61 \n * Adobe Flash Player 10.3.183.63 \n * Adobe Flash Player 10.3.183.67 \n * Adobe Flash Player 10.3.183.68 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.183.75 \n * Adobe Flash Player 10.3.183.86 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.24 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11 \n * Adobe Flash Player 11.0 \n * Adobe Flash Player 11.0.1.129 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 11.0.1.153 \n * Adobe Flash Player 11.0.1.60 \n * Adobe Flash Player 11.0.1.98 \n * Adobe Flash Player 11.1 \n * Adobe Flash Player 11.1.102.228 \n * Adobe Flash Player 11.1.102.55 \n * Adobe Flash Player 11.1.102.59 \n * Adobe Flash Player 11.1.102.62 \n * Adobe Flash Player 11.1.102.63 \n * Adobe Flash Player 11.1.111.10 \n * Adobe Flash Player 11.1.111.44 \n * Adobe Flash Player 11.1.111.5 \n * Adobe Flash Player 11.1.111.50 \n * Adobe Flash Player 11.1.111.54 \n * Adobe Flash Player 11.1.111.6 \n * Adobe Flash Player 11.1.111.64 \n * Adobe Flash Player 11.1.111.7 \n * Adobe Flash Player 11.1.111.73 \n * Adobe Flash Player 11.1.111.8 \n * Adobe Flash Player 11.1.111.9 \n * Adobe Flash Player 11.1.112.61 \n * Adobe Flash Player 11.1.115.11 \n * Adobe Flash Player 11.1.115.34 \n * Adobe Flash Player 11.1.115.48 \n * Adobe Flash Player 11.1.115.54 \n * Adobe Flash Player 11.1.115.58 \n * Adobe Flash Player 11.1.115.59 \n * Adobe Flash Player 11.1.115.6 \n * Adobe Flash Player 11.1.115.63 \n * Adobe Flash Player 11.1.115.69 \n * Adobe Flash Player 11.1.115.7 \n * Adobe Flash Player 11.1.115.8 \n * Adobe Flash Player 11.1.115.81 \n * Adobe Flash Player 11.2.202 238 \n * Adobe Flash Player 11.2.202.160 \n * Adobe Flash Player 11.2.202.197 \n * Adobe Flash Player 11.2.202.221 \n * Adobe Flash Player 11.2.202.223 \n * Adobe Flash Player 11.2.202.228 \n * Adobe Flash Player 11.2.202.229 \n * Adobe Flash Player 11.2.202.233 \n * Adobe Flash Player 11.2.202.235 \n * Adobe Flash Player 11.2.202.236 \n * Adobe Flash Player 11.2.202.238 \n * Adobe Flash Player 11.2.202.243 \n * Adobe Flash Player 11.2.202.251 \n * Adobe Flash Player 11.2.202.258 \n * Adobe Flash Player 11.2.202.261 \n * Adobe Flash Player 11.2.202.262 \n * Adobe Flash Player 11.2.202.270 \n * Adobe Flash Player 11.2.202.273 \n * Adobe Flash Player 11.2.202.275 \n * Adobe Flash Player 11.2.202.280 \n * Adobe Flash Player 11.2.202.285 \n * Adobe Flash Player 11.2.202.291 \n * Adobe Flash Player 11.2.202.297 \n * Adobe Flash Player 11.2.202.310 \n * Adobe Flash Player 11.2.202.327 \n * Adobe Flash Player 11.2.202.332 \n * Adobe Flash Player 11.2.202.335 \n * Adobe Flash Player 11.2.202.336 \n * Adobe Flash Player 11.2.202.341 \n * Adobe Flash Player 11.2.202.346 \n * Adobe Flash Player 11.2.202.350 \n * Adobe Flash Player 11.2.202.356 \n * Adobe Flash Player 11.2.202.359 \n * Adobe Flash Player 11.2.202.378 \n * Adobe Flash Player 11.2.202.394 \n * Adobe Flash Player 11.2.202.400 \n * Adobe Flash Player 11.2.202.406 \n * Adobe Flash Player 11.2.202.411 \n * Adobe Flash Player 11.2.202.418 \n * Adobe Flash Player 11.2.202.424 \n * Adobe Flash Player 11.2.202.425 \n * Adobe Flash Player 11.2.202.429 \n * Adobe Flash Player 11.2.202.438 \n * Adobe Flash Player 11.2.202.440 \n * Adobe Flash Player 11.2.202.442 \n * Adobe Flash Player 11.2.202.451 \n * Adobe Flash Player 11.2.202.457 \n * Adobe Flash Player 11.2.202.460 \n * Adobe Flash Player 11.2.202.466 \n * Adobe Flash Player 11.2.202.468 \n * Adobe Flash Player 11.2.202.481 \n * Adobe Flash Player 11.2.202.491 \n * Adobe Flash Player 11.2.202.508 \n * Adobe Flash Player 11.2.202.521 \n * Adobe Flash Player 11.2.202.535 \n * Adobe Flash Player 11.2.202.540 \n * Adobe Flash Player 11.2.202.548 \n * Adobe Flash Player 11.2.202.554 \n * Adobe Flash Player 11.2.202.559 \n * Adobe Flash Player 11.2.202.569 \n * Adobe Flash Player 11.2.202.577 \n * Adobe Flash Player 11.2.202.616 \n * Adobe Flash Player 11.2.202.621 \n * Adobe Flash Player 11.2.202.626 \n * Adobe Flash Player 11.2.202.632 \n * Adobe Flash Player 11.2.202.635 \n * Adobe Flash Player 11.2.202.644 \n * Adobe Flash Player 11.2.202.95 \n * Adobe Flash Player 11.3.300.214 \n * Adobe Flash Player 11.3.300.231 \n * Adobe Flash Player 11.3.300.250 \n * Adobe Flash Player 11.3.300.257 \n * Adobe Flash Player 11.3.300.262 \n * Adobe Flash Player 11.3.300.265 \n * Adobe Flash Player 11.3.300.268 \n * Adobe Flash Player 11.3.300.270 \n * Adobe Flash Player 11.3.300.271 \n * Adobe Flash Player 11.3.300.273 \n * Adobe Flash Player 11.3.31.230 \n * Adobe Flash Player 11.3.378.5 \n * Adobe Flash Player 11.4.400.231 \n * Adobe Flash Player 11.4.402.265 \n * Adobe Flash Player 11.4.402.278 \n * Adobe Flash Player 11.4.402.287 \n * Adobe Flash Player 11.5.500.80 \n * Adobe Flash Player 11.5.502.110 \n * Adobe Flash Player 11.5.502.118 \n * Adobe Flash Player 11.5.502.124 \n * Adobe Flash Player 11.5.502.131 \n * Adobe Flash Player 11.5.502.135 \n * Adobe Flash Player 11.5.502.136 \n * Adobe Flash Player 11.5.502.146 \n * Adobe Flash Player 11.5.502.149 \n * Adobe Flash Player 11.6.602.105 \n * Adobe Flash Player 11.6.602.167 \n * Adobe Flash Player 11.6.602.168 \n * Adobe Flash Player 11.6.602.171 \n * Adobe Flash Player 11.6.602.180 \n * Adobe Flash Player 11.7.700.169 \n * Adobe Flash Player 11.7.700.202 \n * Adobe Flash Player 11.7.700.203 \n * Adobe Flash Player 11.7.700.224 \n * Adobe Flash Player 11.7.700.225 \n * Adobe Flash Player 11.7.700.232 \n * Adobe Flash Player 11.7.700.242 \n * Adobe Flash Player 11.7.700.252 \n * Adobe Flash Player 11.7.700.257 \n * Adobe Flash Player 11.7.700.260 \n * Adobe Flash Player 11.7.700.261 \n * Adobe Flash Player 11.7.700.269 \n * Adobe Flash Player 11.7.700.272 \n * Adobe Flash Player 11.7.700.275 \n * Adobe Flash Player 11.7.700.279 \n * Adobe Flash Player 11.8.800.168 \n * Adobe Flash Player 11.8.800.170 \n * Adobe Flash Player 11.8.800.94 \n * Adobe Flash Player 11.8.800.97 \n * Adobe Flash Player 11.9.900.117 \n * Adobe Flash Player 11.9.900.152 \n * Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 12 \n * Adobe Flash Player 12.0.0.38 \n * Adobe Flash Player 12.0.0.41 \n * Adobe Flash Player 12.0.0.43 \n * Adobe Flash Player 12.0.0.44 \n * Adobe Flash Player 12.0.0.70 \n * Adobe Flash Player 12.0.0.77 \n * Adobe Flash Player 13.0.0.182 \n * Adobe Flash Player 13.0.0.201 \n * Adobe Flash Player 13.0.0.206 \n * Adobe Flash Player 13.0.0.214 \n * Adobe Flash Player 13.0.0.223 \n * Adobe Flash Player 13.0.0.231 \n * Adobe Flash Player 13.0.0.241 \n * Adobe Flash Player 13.0.0.244 \n * Adobe Flash Player 13.0.0.250 \n * Adobe Flash Player 13.0.0.252 \n * Adobe Flash Player 13.0.0.258 \n * Adobe Flash Player 13.0.0.259 \n * Adobe Flash Player 13.0.0.260 \n * Adobe Flash Player 13.0.0.262 \n * Adobe Flash Player 13.0.0.264 \n * Adobe Flash Player 13.0.0.269 \n * Adobe Flash Player 13.0.0.277 \n * Adobe Flash Player 13.0.0.281 \n * Adobe Flash Player 13.0.0.289 \n * Adobe Flash Player 13.0.0.292 \n * Adobe Flash Player 13.0.0.296 \n * Adobe Flash Player 13.0.0.302 \n * Adobe Flash Player 13.0.0.309 \n * Adobe Flash Player 14.0.0.125 \n * Adobe Flash Player 14.0.0.145 \n * Adobe Flash Player 14.0.0.176 \n * Adobe Flash Player 14.0.0.177 \n * Adobe Flash Player 14.0.0.179 \n * Adobe Flash Player 15.0.0.152 \n * Adobe Flash Player 15.0.0.189 \n * Adobe Flash Player 15.0.0.223 \n * Adobe Flash Player 15.0.0.239 \n * Adobe Flash Player 15.0.0.242 \n * Adobe Flash Player 15.0.0.246 \n * Adobe Flash Player 16.0.0.234 \n * Adobe Flash Player 16.0.0.235 \n * Adobe Flash Player 16.0.0.257 \n * Adobe Flash Player 16.0.0.287 \n * Adobe Flash Player 16.0.0.291 \n * Adobe Flash Player 16.0.0.296 \n * Adobe Flash Player 16.0.0.305 \n * Adobe Flash Player 17.0.0.134 \n * Adobe Flash Player 17.0.0.169 \n * Adobe Flash Player 17.0.0.188 \n * Adobe Flash Player 18.0.0.143 \n * Adobe Flash Player 18.0.0.160 \n * Adobe Flash Player 18.0.0.161 \n * Adobe Flash Player 18.0.0.194 \n * Adobe Flash Player 18.0.0.203 \n * Adobe Flash Player 18.0.0.204 \n * Adobe Flash Player 18.0.0.209 \n * Adobe Flash Player 18.0.0.232 \n * Adobe Flash Player 18.0.0.233 \n * Adobe Flash Player 18.0.0.241 \n * Adobe Flash Player 18.0.0.252 \n * Adobe Flash Player 18.0.0.255 \n * Adobe Flash Player 18.0.0.261 \n * Adobe Flash Player 18.0.0.268 \n * Adobe Flash Player 18.0.0.324 \n * Adobe Flash Player 18.0.0.326 \n * Adobe Flash Player 18.0.0.329 \n * Adobe Flash Player 18.0.0.333 \n * Adobe Flash Player 18.0.0.343 \n * Adobe Flash Player 18.0.0.352 \n * Adobe Flash Player 18.0.0.360 \n * Adobe Flash Player 18.0.0.366 \n * Adobe Flash Player 18.0.0.375 \n * Adobe Flash Player 19.0.0.185 \n * Adobe Flash Player 19.0.0.207 \n * Adobe Flash Player 19.0.0.226 \n * Adobe Flash Player 19.0.0.245 \n * Adobe Flash Player 2 \n * Adobe Flash Player 20.0.0.228 \n * Adobe Flash Player 20.0.0.235 \n * Adobe Flash Player 20.0.0.267 \n * Adobe Flash Player 20.0.0.272 \n * Adobe Flash Player 20.0.0.286 \n * Adobe Flash Player 20.0.0.306 \n * Adobe Flash Player 21.0 \n * Adobe Flash Player 21.0.0.182 \n * Adobe Flash Player 21.0.0.197 \n * Adobe Flash Player 21.0.0.213 \n * Adobe Flash Player 21.0.0.216 \n * Adobe Flash Player 21.0.0.226 \n * Adobe Flash Player 21.0.0.241 \n * Adobe Flash Player 21.0.0.242 \n * Adobe Flash Player 22.0.0.192 \n * Adobe Flash Player 23.0.0.162 \n * Adobe Flash Player 23.0.0.185 \n * Adobe Flash Player 23.0.0.205 \n * Adobe Flash Player 23.0.0.207 \n * Adobe Flash Player 24.0.0.186 \n * Adobe Flash Player 24.0.0.194 \n * Adobe Flash Player 24.0.0.221 \n * Adobe Flash Player 25.0.0.127 \n * Adobe Flash Player 25.0.0.148 \n * Adobe Flash Player 25.0.0.163 \n * Adobe Flash Player 25.0.0.171 \n * Adobe Flash Player 26.0.0.120 \n * Adobe Flash Player 26.0.0.126 \n * Adobe Flash Player 26.0.0.131 \n * Adobe Flash Player 26.0.0.137 \n * Adobe Flash Player 26.0.0.151 \n * Adobe Flash Player 27.0.0.130 \n * Adobe Flash Player 27.0.0.159 \n * Adobe Flash Player 27.0.0.170 \n * Adobe Flash Player 27.0.0.187 \n * Adobe Flash Player 28.0.0.126 \n * Adobe Flash Player 28.0.0.137 \n * Adobe Flash Player 28.0.0.161 \n * Adobe Flash Player 29.0.0.113 \n * Adobe Flash Player 3 \n * Adobe Flash Player 4 \n * Adobe Flash Player 6.0.21.0 \n * Adobe Flash Player 6.0.79 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.14.0 \n * Adobe Flash Player 7.0.19.0 \n * Adobe Flash Player 7.0.24.0 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.53.0 \n * Adobe Flash Player 7.0.60.0 \n * Adobe Flash Player 7.0.61.0 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.66.0 \n * Adobe Flash Player 7.0.67.0 \n * Adobe Flash Player 7.0.68.0 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.0.73.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 7.61 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.0.8.0 \n * Adobe Flash Player 9.0.9.0 \n * Adobe Flash Player 9.125.0 \n * Redhat Enterprise Linux 6 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2018-04-10T00:00:00", "type": "symantec", "title": "Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-4933", "CVE-2018-4937", "CVE-2018-4936", "CVE-2018-4932", "CVE-2018-4934", "CVE-2018-4935"], "modified": "2018-04-10T00:00:00", "id": "SMNTC-103708", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103708", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2023-05-25T14:36:26", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 29.0.0.140.\n\nSecurity Fix(es):\n\n* flash-plugin: Remote Code Execution vulnerabilities (APSB18-08) (CVE-2018-4932, CVE-2018-4935, CVE-2018-4937)\n\n* flash-plugin: Information Disclosure vulnerabilities (APSB18-08) (CVE-2018-4933, CVE-2018-4934, CVE-2018-4936)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-11T21:13:17", "type": "redhat", "title": "(RHSA-2018:1119) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2018-06-07T14:21:46", "id": "RHSA-2018:1119", "href": "https://access.redhat.com/errata/RHSA-2018:1119", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:27:28", "description": "The remote Windows host is missing security update KB4093110. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "cvss3": {}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "KB4093110: Security update for Adobe Flash Player (April 2018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2019-05-21T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS18_APR_4093110.NASL", "href": "https://www.tenable.com/plugins/nessus/108962", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108962);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/05/21 6:55:12\");\n\n script_cve_id(\n \"CVE-2018-4932\",\n \"CVE-2018-4933\",\n \"CVE-2018-4934\",\n \"CVE-2018-4935\",\n \"CVE-2018-4936\",\n \"CVE-2018-4937\"\n );\n script_xref(name:\"MSKB\", value:\"4093110\");\n script_xref(name:\"MSFT\", value:\"MS18-4093110\");\n\n script_name(english:\"KB4093110: Security update for Adobe Flash Player (April 2018)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4093110. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n # https://support.microsoft.com/en-us/help/4093110/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?08e97ef2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4093110 to address this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-4935\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-04\";\nkbs = make_list('4093110');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.113\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.113\", strict:FALSE) <= 0)\n fix = \"29.0.0.140\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-04', kb:'4093110', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:37:20", "description": "The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 29.0.0.113.\nIt is therefore affected by multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "Adobe Flash Player for Mac <= 29.0.0.113 (APSB18-08)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB18-08.NASL", "href": "https://www.tenable.com/plugins/nessus/108959", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108959);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/04/05 23:25:06\");\n\n script_cve_id(\n \"CVE-2018-4932\",\n \"CVE-2018-4933\",\n \"CVE-2018-4934\",\n \"CVE-2018-4935\",\n \"CVE-2018-4936\",\n \"CVE-2018-4937\"\n );\n\n script_name(english:\"Adobe Flash Player for Mac <= 29.0.0.113 (APSB18-08)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OSX host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote macOS or Mac\nOS X host is equal or prior to version 29.0.0.113.\nIt is therefore affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 29.0.0.140 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\",value:\"local\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\ncutoff_version = \"29.0.0.113\";\nfix = \"29.0.0.140\";\n# We're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:37:20", "description": "Adobe reports :\n\n- This update resolves a use-after-free vulnerability that could lead to remote code execution (CVE-2018-4932).\n\n- This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure (CVE-2018-4933, CVE-2018-4934).\n\n- This update resolves out-of-bounds write vulnerabilities that could lead to remote code execution (CVE-2018-4935, CVE-2018-4937).\n\n- This update resolves a heap overflow vulnerability that could lead to information disclosure (CVE-2018-4936).", "cvss3": {}, "published": "2018-04-11T00:00:00", "type": "nessus", "title": "FreeBSD : Flash Player -- multiple vulnerabilities (5c6f7482-3ced-11e8-b157-6451062f0f7a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2023-01-27T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5C6F74823CED11E8B1576451062F0F7A.NASL", "href": "https://www.tenable.com/plugins/nessus/108979", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2023 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108979);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/27\");\n\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\", \"CVE-2018-4936\", \"CVE-2018-4937\");\n\n script_name(english:\"FreeBSD : Flash Player -- multiple vulnerabilities (5c6f7482-3ced-11e8-b157-6451062f0f7a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Adobe reports :\n\n- This update resolves a use-after-free vulnerability that could lead\nto remote code execution (CVE-2018-4932).\n\n- This update resolves out-of-bounds read vulnerabilities that could\nlead to information disclosure (CVE-2018-4933, CVE-2018-4934).\n\n- This update resolves out-of-bounds write vulnerabilities that could\nlead to remote code execution (CVE-2018-4935, CVE-2018-4937).\n\n- This update resolves a heap overflow vulnerability that could lead\nto information disclosure (CVE-2018-4936).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\"\n );\n # https://vuxml.freebsd.org/freebsd/5c6f7482-3ced-11e8-b157-6451062f0f7a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0081459b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplayer<29.0.0.140\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:02", "description": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 29.0.0.140.\n\nSecurity Fix(es) :\n\n* flash-plugin: Remote Code Execution vulnerabilities (APSB18-08) (CVE-2018-4932, CVE-2018-4935, CVE-2018-4937)\n\n* flash-plugin: Information Disclosure vulnerabilities (APSB18-08) (CVE-2018-4933, CVE-2018-4934, CVE-2018-4936)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2018-04-12T00:00:00", "type": "nessus", "title": "RHEL 6 : flash-plugin (RHSA-2018:1119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2022-01-28T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1119.NASL", "href": "https://www.tenable.com/plugins/nessus/109009", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1119. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109009);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/28\");\n\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\", \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_xref(name:\"RHSA\", value:\"2018:1119\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2018:1119)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 29.0.0.140.\n\nSecurity Fix(es) :\n\n* flash-plugin: Remote Code Execution vulnerabilities (APSB18-08)\n(CVE-2018-4932, CVE-2018-4935, CVE-2018-4937)\n\n* flash-plugin: Information Disclosure vulnerabilities (APSB18-08)\n(CVE-2018-4933, CVE-2018-4934, CVE-2018-4936)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-4937\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1119\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-29.0.0.140-1.el6_9\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:44", "description": "Versions of Adobe Flash Player prior to 29.0.0.140 are unpatched, and therefore affected by multiple vulnerabilities :\n\n - A Use-After-Free vulnerability exists that could lead to arbitrary code execution. (CVE-2018-4932)\n - Multiple out-of-bounds read vulnerabilities exist that could lead to information disclosure. (CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4937)\n - A heap overflow vulnerability exists that could lead to information disclosure. (CVE-2018-4936) ", "cvss3": {}, "published": "2019-03-20T00:00:00", "type": "nessus", "title": "Flash Player < 29.0.0.140 Multiple Vulnerabilities (APSB18-08)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2019-04-09T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "700432.PRM", "href": "https://www.tenable.com/plugins/nnm/700432", "sourceData": "Binary data 700432.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:27", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.113. It is therefore affected by multiple vulnerabilities.", "cvss3": {}, "published": "2018-04-10T00:00:00", "type": "nessus", "title": "Adobe Flash Player <= 29.0.0.113 (APSB18-08)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB18-08.NASL", "href": "https://www.tenable.com/plugins/nessus/108958", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108958);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2018-4932\",\n \"CVE-2018-4933\",\n \"CVE-2018-4934\",\n \"CVE-2018-4935\",\n \"CVE-2018-4936\",\n \"CVE-2018-4937\"\n );\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.113 (APSB18-08)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.113. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 29.0.0.140 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.113\n if (ver_compare(ver:ver,fix:\"29.0.0.113\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"29.0.0.140\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"29.0.0.140\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 29.0.0.140\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 29.0.0.140 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:50", "description": "The remote host is affected by the vulnerability described in GLSA-201804-11 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, disclose sensitive information or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2018-04-12T00:00:00", "type": "nessus", "title": "GLSA-201804-11 : Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2023-01-27T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201804-11.NASL", "href": "https://www.tenable.com/plugins/nessus/109007", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201804-11.\n#\n# The advisory text is Copyright (C) 2001-2023 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109007);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/27\");\n\n script_cve_id(\"CVE-2018-4932\", \"CVE-2018-4933\", \"CVE-2018-4934\", \"CVE-2018-4935\", \"CVE-2018-4936\", \"CVE-2018-4937\");\n script_xref(name:\"GLSA\", value:\"201804-11\");\n\n script_name(english:\"GLSA-201804-11 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201804-11\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, disclose sensitive information or bypass\n security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-08.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201804-11\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Adobe Flash users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-29.0.0.140'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 29.0.0.140\"), vulnerable:make_list(\"lt 29.0.0.140\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mscve": [{"lastseen": "2023-06-07T15:23:57", "description": "This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin [APSB18-08](<http://helpx.adobe.com/security/products/flash-player/apsb18-08.html>): CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, and CVE-2018-4937.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-10T07:00:00", "type": "mscve", "title": "April 2018 Adobe Flash Security Update", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2018-04-10T07:00:00", "id": "MS:ADV180007", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV180007", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "adobe": [{"lastseen": "2023-06-07T16:22:44", "description": "Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address [critical]() vulnerabilities in Adobe Flash Player 29.0.0.113 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-10T00:00:00", "type": "adobe", "title": "APSB18-08 Security updates available for Adobe Flash Player", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2018-04-10T00:00:00", "id": "APSB18-08", "href": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-06-07T16:45:14", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, disclose sensitive information or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-29.0.0.140\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-11T00:00:00", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2018-04-11T00:00:00", "id": "GLSA-201804-11", "href": "https://security.gentoo.org/glsa/201804-11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-06-07T16:29:33", "description": "\n\nAdobe reports:\n\n\nThis update resolves a use-after-free vulnerability that\n\t could lead to remote code execution (CVE-2018-4932).\nThis update resolves out-of-bounds read vulnerabilities that\n\t could lead to information disclosure (CVE-2018-4933,\n\t CVE-2018-4934).\nThis update resolves out-of-bounds write vulnerabilities that\n\t could lead to remote code execution (CVE-2018-4935,\n\t CVE-2018-4937).\nThis update resolves a heap overflow vulnerability that\n\t could lead to information disclosure (CVE-2018-4936).\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2018-04-10T00:00:00", "type": "freebsd", "title": "Flash Player -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2018-07-11T00:00:00", "id": "5C6F7482-3CED-11E8-B157-6451062F0F7A", "href": "https://vuxml.freebsd.org/freebsd/5c6f7482-3ced-11e8-b157-6451062f0f7a.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-04-25T05:50:18", "description": "Adobe fixed four critical vulnerabilities in its Flash Player and InDesign products as part of its regularly scheduled [April Security Bulletin](<https://helpx.adobe.com/security.html>) Tuesday morning.\n\nIn all, Adobe released 19 patches for products including [Adobe Experience Manager](<https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html>), [Adobe InDesign CC](<https://helpx.adobe.com/security/products/indesign/apsb18-11.html>), [Adobe Digital Editions](<https://helpx.adobe.com/security/products/Digital-Editions/apsb18-13.html>) and the [Adobe PhoneGap Push Plugin](<https://helpx.adobe.com/security/products/phonegap/apsb18-15.html>). According to Adobe, it \u201cis not aware of any exploits in the wild for any of the issues addressed in these updates.\u201d Additionally, specific details for each of the CVEs have not been made public yet.\n\nThe most serious of the bugs impact Adobe Flash Player 29.0.0.113 and earlier versions. \u201cSuccessful exploitation could lead to arbitrary code execution in the context of the current user,\u201d Adobe said.\n\nAffected versions of Flash Player are Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome and Adobe Flash Player for Microsoft Edge and IE 11. CVEs include [CVE-2018-4932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4932>), [CVE-2018-4933](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4933>), [CVE-2018-4934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4934>), [CVE-2018-4935](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4935>), [CVE-2018-4936](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4936>) and [CVE-2018-4937](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4937>).\n\nThree out of four of the vulnerabilities rated critical include a use-after-free vulnerability (CVE-2018-4932) that could result in a remote code execution attack, an out-of-bounds write flaw (CVE-2018-4935) that creates conditions ripe for unwanted information disclosure and another out-of-bounds write (CVE-2018-4937) bug that could create favorable conditions for remote code execution attacks.\n\nMateusz Jurczyk and Natalie Silvanovich of Google Project Zero are credited for finding four of the Adobe Flash Player bugs \u2013 two of which were rated critical (CVE-2018-4935, CVE-2018-4937). Lin Wang of Beihang University is also credited for discovering one of the critical Flash Player bugs (CVE-2018-4932).\n\nAdobe is urging users of Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux to update to Adobe Flash Player 29.0.0.140 via the products update mechanism or by visiting the Adobe Flash Player Download Center. It said Google Chrome, Edge and IE users will each be automatically updated to the latest versions.\n\nThe Adobe Flash Player for Microsoft Edge and Internet Explorer 11 will also be included later today in Microsoft\u2019s April Patch Tuesday release.\n\nAnother bug rated critical was identified by Honggang Ren of Fortinet\u2019s FortiGuard Labs who identified a memory corruption bug ([CVE-2018-4928](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4928>)) in Adobe InDesign CC that could trigger an arbitrary code execution attack.\n\n\u201cThis update resolves a critical memory corruption vulnerability (CVE-2018-4928) caused by unsafe parsing of a specially crafted .inx file,\u201d Adobe wrote. It recommends \u201cusers update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking \u2018Updates.'\u201d\n", "cvss3": {}, "published": "2018-04-10T16:21:34", "type": "threatpost", "title": "Adobe Patches Four Critical Bugs in Flash, InDesign", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-4928", "CVE-2018-4932", "CVE-2018-4933", "CVE-2018-4934", "CVE-2018-4935", "CVE-2018-4936", "CVE-2018-4937"], "modified": "2018-04-10T16:21:34", "id": "THREATPOST:50B9CBBF00A001001CE5ADB1157BCDD9", "href": "https://threatpost.com/adobe-patches-four-critical-bugs-in-flash-indesign/131097/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
CVE-2018-4934
