DATABASE RESOURCES PRICING ABOUT US

{"id": "UB:CVE-2018-5000", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-5000", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow\nvulnerability. Successful exploitation could lead to information\ndisclosure.", "published": "2018-07-09T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2018-5000", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000", "https://rhn.redhat.com/errata/RHSA-2018-1827.html", "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-5000", "https://launchpad.net/bugs/cve/CVE-2018-5000", "https://security-tracker.debian.org/tracker/CVE-2018-5000"], "cvelist": ["CVE-2018-5000"], "immutableFields": [], "lastseen": "2022-08-04T13:48:16", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB18-19"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0538"]}, {"type": "cve", "idList": ["CVE-2018-5000"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "mageia", "idList": ["MGASA-2018-0286"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["700434.PRM", "FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "GENTOO_GLSA-201806-02.NASL", "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "REDHAT-RHSA-2018-1827.NASL", "SMB_NT_MS18_JUN_4287903.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813396", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602"]}, {"type": "redhat", "idList": ["RHSA-2018:1827"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "zdi", "idList": ["ZDI-18-569"]}]}, "score": {"value": 3.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB18-19"]}, {"type": "archlinux", "idList": ["ASA-201806-7"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0538"]}, {"type": "cve", "idList": ["CVE-2018-5000"]}, {"type": "freebsd", "idList": ["2DDE5A56-6AB1-11E8-B639-6451062F0F7A"]}, {"type": "gentoo", "idList": ["GLSA-201806-02"]}, {"type": "kaspersky", "idList": ["KLA11261"]}, {"type": "mscve", "idList": ["MS:ADV180014"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB18-19.NASL", "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "GENTOO_GLSA-201806-02.NASL", "REDHAT-RHSA-2018-1827.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813396", "OPENVAS:1361412562310813397", "OPENVAS:1361412562310813398", "OPENVAS:1361412562310813399", "OPENVAS:1361412562310813400", "OPENVAS:1361412562310813601", "OPENVAS:1361412562310813602"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5000", "RH:CVE-2018-5001"]}, {"type": "thn", "idList": ["THN:A63890B8ADE3B23F098107F5CC398A2F"]}, {"type": "threatpost", "idList": ["THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913"]}, {"type": "zdi", "idList": ["ZDI-18-569"]}]}, "exploitation": null, "vulnersScore": 3.7}, "_state": {"dependencies": 1659998956, "score": 1659903019}, "_internal": {"score_hash": "189c168012f70282e3170dda4d4f2dd4"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20180607.1-0ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "1:20180607.1-0ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.18.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [30.0.0.113ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "30.0.0.113", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "30.0.0.113ubuntu0.16.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}], "bugs": []}

{"checkpoint_advisories": [{"lastseen": "2021-12-17T11:28:14", "description": "An integer overflow vulnerability exists in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-12T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Integer Overflow (APSB18-19: CVE-2018-5000)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5000"], "modified": "2018-06-12T00:00:00", "id": "CPAI-2018-0538", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "zdi": [{"lastseen": "2022-01-31T21:50:19", "description": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the handling of RTMP data. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-07T00:00:00", "type": "zdi", "title": "Adobe Flash RTMP Parsing Integer Overflow Information Disclosure Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5000"], "modified": "2018-06-07T00:00:00", "id": "ZDI-18-569", "href": "https://www.zerodayinitiative.com/advisories/ZDI-18-569/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2022-03-23T17:38:55", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-07-09T19:29:00", "type": "cve", "title": "CVE-2018-5000", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5000"], "modified": "2019-03-07T20:16:00", "cpe": ["cpe:/a:adobe:flash_player:29.0.0.171", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/a:adobe:flash_player_desktop_runtime:29.0.0.171", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2018-5000", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5000", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player_desktop_runtime:29.0.0.171:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:chrome:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:internet_explorer_11:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:29.0.0.171:*:*:*:*:edge:*:*"]}], "redhatcve": [{"lastseen": "2023-02-01T05:22:23", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-10-11T15:56:27", "type": "redhatcve", "title": "CVE-2018-5001", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5000", "CVE-2018-5001"], "modified": "2023-02-01T04:18:45", "id": "RH:CVE-2018-5001", "href": "https://access.redhat.com/security/cve/cve-2018-5001", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-01T05:22:24", "description": "Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-06-07T13:20:02", "type": "redhatcve", "title": "CVE-2018-5000", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5000", "CVE-2018-5001"], "modified": "2023-02-01T04:18:42", "id": "RH:CVE-2018-5000", "href": "https://access.redhat.com/security/cve/cve-2018-5000", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "kaspersky": [{"lastseen": "2021-12-22T23:55:08", "description": "### *Detect date*:\n06/06/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Flash player. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.\n\n### *Affected products*:\nAdobe Flash player NPAPI earlier than 30.0.0.113 \nAdobe Flash player PPAPI earlier than 30.0.0.113 \nAdobe Flash player ActiveX earlier than 30.0.0.113\n\n### *Solution*:\nUpdate to the latest version \n[Flash Player Download Center](<https://get.adobe.com/flashplayer/>)\n\n### *Original advisories*:\n[APSB18-19](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2018-4945](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4945>)6.8High \n[CVE-2018-5000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5000>)4.3Warning \n[CVE-2018-5001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5001>)4.3Warning\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-06T00:00:00", "type": "kaspersky", "title": "KLA11261 Multiple vulnerabilities in Adobe Flash player", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001"], "modified": "2020-06-18T00:00:00", "id": "KLA11261", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11261/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:40:29", "description": "[](<https://thehackernews.com/images/-k6QCPtxwTZE/WxlTMrG5lfI/AAAAAAAAw_k/bo_WNUgDaAkgJr1kVhgRZJyFc037GljMQCLcBGAs/s728-e100/flash-player-zero-day-exploit.png>)\n\nIf you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. \n \nAdobe has [released](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>) a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attacks against Windows users. \n \nIndependently discovered last week by several security firms\u2014including [ICEBRG](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack>), [Qihoo 360](<https://blogs.360.cn/blog/cve-2018-5002-en/>) and Tencent\u2014the Adobe Flash player zero-day attacks have primarily been targeting users in the Middle East using a specially crafted Excel spreadsheet. \n \n\n\n> \"The hackers carefully constructed an Office document that remotely loaded Flash vulnerability. When the document was opened, all the exploit code and malicious payload were delivered through remote servers,\" Qihoo 360 published vulnerability analysis in a blog post.\n\n \nThe stack-based buffer overflow vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player 29.0.0.171 and earlier versions on Windows, MacOS, and Linux, as well as Adobe Flash Player for Google Chrome, and can be exploited to achieve arbitrary code execution on targeted systems. \n\n\n[](<https://thehackernews.com/images/-x-GKe265Wi0/WxlUPkJ3oVI/AAAAAAAAw_s/M8FBkOiBGBEaQ_MjIDZU-vmOSLgqUdCzgCLcBGAs/s728-e100/flash-player-zero-day-vulnerability.png>)\n\nThe vulnerability resides in the interpreter code of the Flash Player that handles static-init methods, which fails to correctly handle the exceptions for try/catch statements. \n \n\n\n> \"Because Flash assumes that it is impossible to execute to the catch block when processing the try catch statement, it does not check the bytecode in the catch block,\" the researchers explain. \"The attacker uses the getlocal, setlocal instruction in the catch block to read and write arbitrary addresses on the stack.\"\n\n \nThe registration date for a web domain, mimicking a job search website in the Middle East, used as the command and control (C&amp;C) server for zero-day attacks suggests that hackers have been making preparations for the attack since February. \n \nBesides the patch for CVE-2018-5002, Adobe also rolled out security updates for two \"important\" vulnerabilities\u2014including Integer Overflow bug (CVE-2018-5000) and an Out-of-bounds read issue (CVE-2018-5001)\u2014both of which lead to information disclosure. \n \nSo, users are highly recommended to immediately update their Adobe Flash Player to versions 30.0.0.113 via their update mechanism within the software or by visiting the Adobe Flash Player Download Center.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-07T15:51:00", "type": "thn", "title": "Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-07T16:53:39", "id": "THN:A63890B8ADE3B23F098107F5CC398A2F", "href": "https://thehackernews.com/2018/06/flash-player-zero-day-exploit.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:47:07", "description": "Adobe reports :\n\n- This update resolves a type confusion vulnerability that could lead to arbitrary code execution (CVE-2018-4945).\n\n- This update resolves an integer overflow vulnerability that could lead to information disclosure (CVE-2018-5000).\n\n- This update resolves an out-of-bounds read vulnerability that could lead to information disclosure (CVE-2018-5001).\n\n- This update resolves a stack-based buffer overflow vulnerability that could lead to arbitrary code execution (CVE-2018-5002).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-08T00:00:00", "type": "nessus", "title": "FreeBSD : Flash Player -- multiple vulnerabilities (2dde5a56-6ab1-11e8-b639-6451062f0f7a)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2022-05-27T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplayer", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL", "href": "https://www.tenable.com/plugins/nessus/110403", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110403);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/27\");\n\n script_cve_id(\"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\", \"CVE-2018-5002\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"FreeBSD : Flash Player -- multiple vulnerabilities (2dde5a56-6ab1-11e8-b639-6451062f0f7a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Adobe reports :\n\n- This update resolves a type confusion vulnerability that could lead\nto arbitrary code execution (CVE-2018-4945).\n\n- This update resolves an integer overflow vulnerability that could\nlead to information disclosure (CVE-2018-5000).\n\n- This update resolves an out-of-bounds read vulnerability that could\nlead to information disclosure (CVE-2018-5001).\n\n- This update resolves a stack-based buffer overflow vulnerability\nthat could lead to arbitrary code execution (CVE-2018-5002).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/2dde5a56-6ab1-11e8-b639-6451062f0f7a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?13773e4f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplayer<30.0.0.113\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:47:06", "description": "The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-08T00:00:00", "type": "nessus", "title": "KB4287903: Security update for Adobe Flash Player (June 2018)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS18_JUN_4287903.NASL", "href": "https://www.tenable.com/plugins/nessus/110414", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110414);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_bugtraq_id(104412, 104413);\n script_xref(name:\"MSKB\", value:\"4287903\");\n script_xref(name:\"MSFT\", value:\"MS18-4287903\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"KB4287903: Security update for Adobe Flash Player (June 2018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update KB4287903. It is,\ntherefore, affected by multiple remote code execution vulnerabilities\nin Adobe Flash Player.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # https://support.microsoft.com/en-us/help/4287903/security-update-for-adobe-flash-player\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea99fd83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released KB4287903 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS18-06\";\nkbs = make_list('4287903');\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 29.0.0.171\nfix = FALSE;\nif(ver_compare(ver:iver, fix:\"29.0.0.171\", strict:FALSE) <= 0)\n fix = \"30.0.0.113\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n replace_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS18-06', kb:'4287903', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:47:18", "description": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 30.0.0.113.\n\nSecurity Fix(es) :\n\n* flash-plugin: Arbitrary Code Execution vulnerability (APSB18-19) (CVE-2018-4945)\n\n* flash-plugin: Arbitrary Code Execution vulnerability (APSB18-19) (CVE-2018-5002)\n\n* flash-plugin: Information Disclosure vulnerabilities (APSB18-19) (CVE-2018-5000, CVE-2018-5001)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-12T00:00:00", "type": "nessus", "title": "RHEL 6 : flash-plugin (RHSA-2018:1827)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1827.NASL", "href": "https://www.tenable.com/plugins/nessus/110469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1827. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110469);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_xref(name:\"RHSA\", value:\"2018:1827\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"RHEL 6 : flash-plugin (RHSA-2018:1827)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 30.0.0.113.\n\nSecurity Fix(es) :\n\n* flash-plugin: Arbitrary Code Execution vulnerability (APSB18-19)\n(CVE-2018-4945)\n\n* flash-plugin: Arbitrary Code Execution vulnerability (APSB18-19)\n(CVE-2018-5002)\n\n* flash-plugin: Information Disclosure vulnerabilities (APSB18-19)\n(CVE-2018-5000, CVE-2018-5001)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:1827\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-4945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5000\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-5002\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected flash-plugin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1827\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-30.0.0.113-1.el6_9\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:50", "description": "Versions of Adobe Flash Player prior to 30.0.0.113 are unpatched, and therefore affected by multiple vulnerabilities :\n\n - A type confusion vulnerability exists that could lead to arbitrary code execution. (CVE-2018-4945)\n - An integer overflow vulnerability exists that could lead to information disclosure. (CVE-2018-5000)\n - An out-of-bounds read vulnerability exists that could lead to information disclosure. (CVE-2018-5001)\n - A stack-based buffer overflow vulnerability exists that could lead to arbitrary code execution. (CVE-2018-5002)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-20T00:00:00", "type": "nessus", "title": "Flash Player < 30.0.0.113 Multiple Vulnerabilities (APSB18-19)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2019-04-09T00:00:00", "cpe": ["cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"], "id": "700434.PRM", "href": "https://www.tenable.com/plugins/nnm/700434", "sourceData": "Binary data 700434.prm", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:47:05", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-07T00:00:00", "type": "nessus", "title": "Adobe Flash Player <= 29.0.0.171 (APSB18-19)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB18-19.NASL", "href": "https://www.tenable.com/plugins/nessus/110397", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110397);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"Adobe Flash Player <= 29.0.0.171 (APSB18-19)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows\nhost is equal or prior to version 29.0.0.171. It is therefore \naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if (isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if (isnull(ver))\n continue;\n\n # <= 29.0.0.171\n if (ver_compare(ver:ver,fix:\"29.0.0.171\",strict:FALSE) <= 0)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"30.0.0.113\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"30.0.0.113\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if (variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 30.0.0.113\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 30.0.0.113 (Chrome PepperFlash)';\n else if (!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:info);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:47:06", "description": "The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 29.0.0.171.\nIt is therefore affected by multiple vulnerabilities.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-07T00:00:00", "type": "nessus", "title": "Adobe Flash Player for Mac <= 29.0.0.171 (APSB18-19)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB18-19.NASL", "href": "https://www.tenable.com/plugins/nessus/110396", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110396);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2018-4945\",\n \"CVE-2018-5000\",\n \"CVE-2018-5001\",\n \"CVE-2018-5002\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"Adobe Flash Player for Mac <= 29.0.0.171 (APSB18-19)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS or Mac OSX host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote macOS or Mac\nOS X host is equal or prior to version 29.0.0.171.\nIt is therefore affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 30.0.0.113 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\ncutoff_version = \"29.0.0.171\";\nfix = \"30.0.0.113\";\n# We're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:46:52", "description": "The remote host is affected by the vulnerability described in GLSA-201806-02 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-14T00:00:00", "type": "nessus", "title": "GLSA-201806-02 : Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4944", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2022-05-27T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201806-02.NASL", "href": "https://www.tenable.com/plugins/nessus/110523", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201806-02.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110523);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/27\");\n\n script_cve_id(\"CVE-2018-4944\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\", \"CVE-2018-5002\");\n script_xref(name:\"GLSA\", value:\"201806-02\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"GLSA-201806-02 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201806-02\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201806-02\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-30.0.0.113'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5002\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 30.0.0.113\"), vulnerable:make_list(\"lt 30.0.0.113\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-05-30T05:54:43", "description": "Adobe has patched two critical and two important vulnerabilities in its Flash Player on Thursday, including one that is being exploited in the wild in targeted attacks against Windows users.\n\nThe critical vulnerability with an existing exploit ([CVE-2018-5002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5002>)) is a stack-based buffer overflow bug that could enable arbitrary code execution, according to Adobe. The attacks are leveraging Office documents, according to Adobe.\n\n\u201cAdobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users,\u201d the company said in a [release](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>), Thursday. \u201cThese attacks leverage Office documents with embedded malicious Flash Player content distributed via email.\u201d\n\nMicrosoft did not respond to a request for comment from Threatpost by publication.\n\nAllan Liska, threat intelligence analyst at Recorded Future, told Threatpost the vuln is being currently exploited as part of several phishing campaigns.\n\n\u201cThe exploit takes advantage of a Flash file embedded in a Microsoft Office document, when the victim opens the Office Document the trojaned Flash code automatically runs and executes shell code which calls out to the attackers command and control servers,\u201d Liska told Threatpost.\n\nImpacted versions include Adobe Flash Player Desktop Runtime (29.0.0.171 and earlier versions) on Windows, MacOS and Linux; Adobe Flash Player for Google Chrome (29.0.0.171 and earlier versions) for Windows, macOS, Linux and Chrome OSl and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (29.0.0.171 and earlier versions) for Windows 10 and 8.1.\n\nThe updates for all platforms had a priority rating of two out of three, meaning there are no exploits; but the Adobe Flash Player Desktop Runtime platform for Linux was rated priority three out of three.\n\nAccording to Adobe\u2019s priority rating description, this priority rating means \u201cupdate resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.\u201d\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security.\n\nThe company issued a patch for another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution. The bug was discovered by Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager, working with Trend Micro\u2019s Zero Day Initiative.\n\nAdobe also issued patches for two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nAdobe recommended that all impacted versions update immediately to versions 30.0.0.113 via their update mechanism within the product or by visiting the Adobe Flash Player Download Center.\n\nMeanwhile, Adobe Flash Player with Google Chrome, Microsoft Edge, and IE 11 for Windows 10 and 8.1 \u201cwill be automatically downloaded to the latest version,\u201d the company said.\n\nAdobe has doled out its fair share of patches over the past few months \u2013 just [weeks](<https://threatpost.com/adobe-doles-out-second-round-of-higher-priority-patches/131967/>) ago the company posted patches for a slew of critical vulnerabilities, which have a higher risk of being exploited. Earlier in [May](<https://threatpost.com/adobe-patches-critical-bugs-in-flash-player-creative-cloud/131794/>), Adobe released patches for five critical and important vulnerabilities spanning Creative Cloud, Adobe Flash Player and web conferencing software tool Adobe Connect.\n", "cvss3": {}, "published": "2018-06-07T13:14:25", "type": "threatpost", "title": "Adobe Patches Critical Flash Player Bug With Active Exploit", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-07T13:14:25", "id": "THREATPOST:34985C64EA7AF207D4CE9A800671E3C1", "href": "https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T05:52:38", "description": "A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday.\n\nThe Flash Player vulnerability (CVE-2018-5002), a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today by [Adobe](<https://threatpost.com/adobe-patches-critical-flash-player-bug-with-active-exploit/132595/>).\n\nThe vulnerability \u201callows for a maliciously crafted Flash object to execute code on victim computers, which enables an attacker to execute a range of payloads and actions,\u201d researchers from ICEBRG\u2019s Security Research Team, who was the first to report the discovered vuln, said in a Thursday [post](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>). It\u2019s particularly dangerous because all that needs to happen for the bug to be triggered is for the victim to open a malicious file.\n\nAccording to Adobe, CVE-2018-5002 was discovered by researchers from an array of organizations, including individuals from ICEBRG; 360 Threat Intelligence Center of 360 Enterprise Security Group; and Qihoo 360 Core Security. [ICEBRG ](<https://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack?utm_source=twitter&utm_medium=social&utm_term=&utm_content=&utm_campaign=blogpost-adobe0day>)and [Qihoo 360 ](<http://blogs.360.cn/blog/cve-2018-5002-en/>)both came out with posts analyzing the new bug.\n\nThe exploit uses a carefully constructed Microsoft Office document to download and execute an Adobe Flash exploit to the victims\u2019 computers, according to ICEBRG researchers. The documents were sent primarily via email, according to Adobe.\n\nFirst, the user would open a weaponized Shockwave Flash file. From there, the file downloads and executes the exploit to achieve code execution on the system.\n\nThe file then executes shellcode, which calls out to the attackers command and control servers and enables the threat actor to further control the victim machine.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2018/06/07155857/flash-exploit.png>)\u201cTypically, the final payload consists of shell code that provides backdoor functionality to the system or stages additional tools,\u201d ICEBRG researchers said.\n\nBoth ICEBRG and Qihoo 360 found evidence that suggested the exploit was targeting Qatari victims, based on geopolitical interests.\n\n\u201cThe weaponized document \u2026 is an Arabic language themed document that purports to inform the target of employee salary adjustments,\u201d ICEBRG researchers said. \u201cMost of the job titles included in the document are diplomatic in nature, specifically referring to salaries with positions referencing secretaries, ambassadors, diplomats, etc.\u201d\n\nMeanwhile, Qihoo researchers also said that \u201call clues show this is a typical APT attack.\u201d\n\n\u201cThe attacker developed sophisticated plans in the cloud and spent at least three months preparing for the attack,\u201d Qihoo researchers said. \u201cThe detailed phishing attack content was also tailored to the attack target.\u201d\n\nAdobe dealt with another zero-day Flash vulnerability back in February, which was [exploited ](<https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets>)by North Korean hackers.\n\nThe company on Thursday also patched another critical vulnerability ([CVE-2018-4945](<https://nvd.nist.gov/vuln/detail/CVE-2018-4945>)) that enables arbitrary code execution; and two \u201cimportant\u201d vulnerabilities that could both lead to information disclosure, including one (CVE-2018-5000) Integer Overflow bug and an Out-of-bounds read glitch (CVE-2018-5001).\n\nMicrosoft did not respond to a request for multiple request for comment from Threatpost. The company posted a[ security update](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180014>) regarding the vulnerability on Thursday.\n\n\u201cIn order to protect themselves users should immediately upgrade their Adobe Flash and disable macros in Microsoft Office,\u201d Allan Liska, threat intelligence analyst at Recorded Future, told Threatpost.\n", "cvss3": {}, "published": "2018-06-07T20:05:52", "type": "threatpost", "title": "Zero-Day Flash Exploit Targeting Middle East", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2018-4878", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-07T20:05:52", "id": "THREATPOST:DBD7145D5FE0AE34B1D653D25DF60AE8", "href": "https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "adobe": [{"lastseen": "2022-10-21T17:05:56", "description": "Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address [critical]() vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-07T00:00:00", "type": "adobe", "title": "APSB18-19 Security updates available for Adobe Flash Player", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-07T00:00:00", "id": "APSB18-19", "href": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nAdobe reports:\n\n\nThis update resolves a type confusion vulnerability that\n\t could lead to arbitrary code execution (CVE-2018-4945).\nThis update resolves an integer overflow vulnerability that\n\t could lead to information disclosure (CVE-2018-5000).\nThis update resolves an out-of-bounds read vulnerability that\n\t could lead to information disclosure (CVE-2018-5001).\nThis update resolves a stack-based buffer overflow vulnerability that\n\t could lead to arbitrary code execution (CVE-2018-5002).\n\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-07T00:00:00", "type": "freebsd", "title": "Flash Player -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-07-11T00:00:00", "id": "2DDE5A56-6AB1-11E8-B639-6451062F0F7A", "href": "https://vuxml.freebsd.org/freebsd/2dde5a56-6ab1-11e8-b639-6451062f0f7a.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-10-24T21:14:57", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-19)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813396", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813396\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:31 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:13:51", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-19)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813397", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813397", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813397\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:32 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:43", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "openvas", "title": "Adobe Flash Player Security Updates(apsb18-19)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813398", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813398", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813398\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:20:33 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Security Updates(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 30.0.0.113 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:40", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813400", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813400", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813400\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:40 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:23", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813601", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813601", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813601\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:41 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:14:05", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "modified": "2019-10-23T00:00:00", "id": "OPENVAS:1361412562310813399", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813399", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813399\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:21:39 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update(apsb18-19)-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player prior to 30.0.0.113\n within Google Chrome on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for\n Google Chrome 30.0.0.113, or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\"))\n{\n report = report_fixed_ver(installed_version:vers, fixed_version:\"30.0.0.113\", install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-15T17:01:22", "description": "This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "modified": "2020-05-13T00:00:00", "id": "OPENVAS:1361412562310813602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813602", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813602\");\n script_version(\"2020-05-13T14:08:32+0000\");\n script_cve_id(\"CVE-2018-5002\", \"CVE-2018-4945\", \"CVE-2018-5000\", \"CVE-2018-5001\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-13 14:08:32 +0000 (Wed, 13 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 12:38:35 +0530 (Fri, 08 Jun 2018)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (apsb18-19)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb18-19.html\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n within Microsoft Edge or Internet Explorer and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exists due to,\n\n - A type confusion error.\n\n - An integer overflow error.\n\n - An out-of-bounds read error.\n\n - A stack-based buffer overflow error.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to conduct arbitrary code execution and disclosure of sensitive\n information.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player within Microsoft Edge or\n Internet Explorer on,\n\n Windows 10 Version 1803 for x32/x64 Edition,\n\n Windows 10 Version 1607 for x32/x64 Edition,\n\n Windows 10 Version 1703 for x32/x64 Edition,\n\n Windows 10 Version 1709 for x32/x64 Edition,\n\n Windows 10 x32/x64 Edition,\n\n Windows 8.1 for x32/x64 Edition and\n\n Windows Server 2012/2012 R2/2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more\n information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1, win2016:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path = path + \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"30.0.0.113\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 30.0.0.113\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "trendmicroblog": [{"lastseen": "2018-06-08T16:23:49", "description": "\n\nIt was a busy day yesterday, with Adobe issuing four emergency patches for their Flash Player, including one for a zero-day being actively exploited in the wild. Adobe has [indicated](<https://helpx.adobe.com/security/products/flash-player/apsb18-19.html>) that CVE-2018-5002 was discovered being used in limited, targeted attacks on Windows users in the wild. The attacks use Microsoft Office documents embedded with malicious Flash Player content.\n\nThree of the four CVEs were found through our Zero Day Initiative:\n\n| \n\n * CVE-2018-4945: Jihui Lu of Tencent KeenLab and willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative\n * CVE-2018-5000: Anonymously reported through Trend Micro's Zero Day Initiative\n * CVE-2018-5001: Anonymously reported through Trend Micro's Zero Day Initiative\n * CVE-2018-5002: Independently identified and reported by the following organizations and individuals: Chenming Xu and Jason Jones of ICEBRG, Bai Haowen, Zeng Haitao and Huang Chaowen of 360 Threat Intelligence Center of 360 Enterprise Security Group, and Yang Kang, Hu Jiang, Zhang Qing, and Jin Quan of Qihoo 360 Core Security (@360CoreSec), Tencent PC Manager \n---|--- \n| \n \nWe issued an out-of-band Digital Vaccine (DV) package to address these vulnerabilities:\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter** \n---|---|--- \nAPSB18-19 | CVE-2018-4945 | 32133: HTTP: Adobe Flash MovieClip object Memory Corruption Vulnerability (ZDI-18-570) \nAPSB18-19 | CVE-2018-5000 | 32134: HTTP: Adobe Flash RTMP Information Disclosure Vulnerability (ZDI-18-569) \nAPSB18-19 | CVE-2018-5001 | 32132: HTTP: Adobe Flash ApplyFilter Method Information Disclosure Vulnerability (ZDI-18-568) \nAPSB18-19 | CVE-2018-5002 | 32131: HTTP: Adobe Flash XLSX li8 Buffer Overflow Vulnerability \n \n \n\n**Zero-Day Filters**\n\nThere are 16 new zero-day filters covering 10 vendors in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (1)_**\n\n| \n\n * 31950: HTTP: Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Vulnerability (ZDI-18-213) \n---|--- \n| \n \n**_Advantech (4)_**\n\n| \n\n * 31848: HTTP: Advantech WebAccess Node uMailLogin Proj SQL Injection Vulnerability (ZDI-18-144)\n * 31954: HTTP: Advantech WebAccess Node screnc Buffer Overflow Vulnerability (ZDI-18-498)\n * 31957: RPC: Advantech WebAccess Node bwmakdir Buffer Overflow Vulnerability (ZDI-18-497)\n * 31973: HTTP: Advantech WebAccess NMS DownloadAction Directory Traversal Vulnerability (ZDI-18-471) \n---|--- \n| \n \n**_Apple (2)_**\n\n| \n\n * 31943: HTTP: Apple Safari Spread Operator Type Confusion Vulnerability (ZDI-18-271)\n * 31951: HTTP: Apple Safari RenderLayer Use-After-Free Vulnerability (ZDI-18-274) \n---|--- \n| \n \n**_Foxit (2)_**\n\n| \n\n * 31941: HTTP: Foxit Reader Text Annotations Use-After-Free Vulnerability (ZDI-18-342)\n * 31945: HTTP: Foxit Reader XFA execEvent Use-After-Free Vulnerability (ZDI-18-354) \n---|--- \n| \n \n**_Microsoft (1)_**\n\n| \n\n * 31952: HTTP: Microsoft Windows VBScript Filter Function Memory Corruption Vulnerability (ZDI-18-296) \n---|--- \n| \n \n**_Novell (1)_**\n\n| \n\n * 31840: HTTP: Novell NetIQ Access Manager FwRequest Unrestricted File Upload (ZDI-18-145) \n---|--- \n| \n \n**_OMRON (1)_**\n\n| \n\n * 29983: HTTP: OMRON CX-Supervisor SCS Alarm Object Use-After-Free Vulnerability (ZDI-18-255) \n---|--- \n| \n \n**_Spotify (1)_**\n\n| \n\n * 31958: HTTP: Spotify Music Player URI Parsing Command Injection Vulnerability (ZDI-18-280) \n---|--- \n| \n \n**_Trend Micro (1)_**\n\n| \n\n * 31949: HTTP: Trend Micro Smart Protection Server Auth Command Injection Vulnerability (ZDI-18-218) \n---|--- \n| \n \n**_WECON (2)_**\n\n| \n\n * 31879: ZDI-CAN-5788: Zero Day Initiative Vulnerability (WECON LeviStudioU)\n * 31881: ZDI-CAN-5794,5795: Zero Day Initiative Vulnerability (WECON LeviStudioU) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-may-28-2018/>).\n\nThe post [TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 4, 2018](<https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-june-4-2018/>) appeared first on [](<https://blog.trendmicro.com>).", "cvss3": {}, "published": "2018-06-08T15:12:05", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of June 4, 2018", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-08T15:12:05", "id": "TRENDMICROBLOG:2E1DD618823C4F9E766FE77AB4EB8913", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-and-zero-day-coverage-week-of-june-4-2018/", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2021-10-19T20:40:03", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 30.0.0.113.\n\nSecurity Fix(es):\n\n* flash-plugin: Arbitrary Code Execution vulnerability (APSB18-19) (CVE-2018-4945)\n\n* flash-plugin: Arbitrary\u00a0Code Execution vulnerability (APSB18-19) (CVE-2018-5002)\n\n* flash-plugin: Information Disclosure vulnerabilities (APSB18-19) (CVE-2018-5000, CVE-2018-5001)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-11T12:45:39", "type": "redhat", "title": "(RHSA-2018:1827) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-12T21:25:25", "id": "RHSA-2018:1827", "href": "https://access.redhat.com/errata/RHSA-2018:1827", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2022-10-26T18:28:14", "description": "This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin [APSB18-19](<http://helpx.adobe.com/security/products/flash-player/apsb18-19.html>): CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002.\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-07T07:00:00", "type": "mscve", "title": "June 2018 Adobe Flash Security Update", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5001", "CVE-2018-5002", "CVE-2018-5000", "CVE-2018-4945"], "modified": "2018-06-07T07:00:00", "id": "MS:ADV180014", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV180014", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:03", "description": "Arch Linux Security Advisory ASA-201806-7\n=========================================\n\nSeverity: Critical\nDate : 2018-06-09\nCVE-ID : CVE-2018-4945 CVE-2018-5000 CVE-2018-5001 CVE-2018-5002\nPackage : flashplugin\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-716\n\nSummary\n=======\n\nThe package flashplugin before version 30.0.0.113-1 is vulnerable to\nmultiple issues including arbitrary code execution and information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 30.0.0.113-1.\n\n# pacman -Syu \"flashplugin>=30.0.0.113-1\"\n\nThe problems have been fixed upstream in version 30.0.0.113.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-4945 (arbitrary code execution)\n\nA type confusion issue has been found in Adobe Flash Player before\n30.0.0.113, leading to arbitrary code execution.\n\n- CVE-2018-5000 (information disclosure)\n\nAn integer overflow issue has been found in Adobe Flash Player before\n30.0.0.113, leading to information disclosure.\n\n- CVE-2018-5001 (information disclosure)\n\nAn out-of-bounds read has been found in Adobe Flash Player before\n30.0.0.113, leading to information disclosure.\n\n- CVE-2018-5002 (arbitrary code execution)\n\nA stack-based buffer overflow has been found in Adobe Flash Player\nbefore 30.0.0.113, leading to arbitrary code execution.\n\nImpact\n======\n\nA remote attacker can access sensitive information or execute arbitrary\ncode via a crafted Flash file.\n\nReferences\n==========\n\nhttps://helpx.adobe.com/security/products/flash-player/apsb18-19.html\nhttps://security.archlinux.org/CVE-2018-4945\nhttps://security.archlinux.org/CVE-2018-5000\nhttps://security.archlinux.org/CVE-2018-5001\nhttps://security.archlinux.org/CVE-2018-5002", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-09T00:00:00", "type": "archlinux", "title": "[ASA-201806-7] flashplugin: multiple issues", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-09T00:00:00", "id": "ASA-201806-7", "href": "https://security.archlinux.org/ASA-201806-7", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:04:16", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-30.0.0.113\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-13T00:00:00", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-4944", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-13T00:00:00", "id": "GLSA-201806-02", "href": "https://security.gentoo.org/glsa/201806-02", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated flash-player-plugin packages fixes the following security issues A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information (CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-2018-5002). In response to a class of recently disclosed vulnerabilities in popular CPU hardware related to data cache timing (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754), known popularly as Spectre and Meltdown, Adobe are disabling the \u2018shareable\u2019 property of the ActionScript ByteArray class by default. For more info see the referenced adobe release notes. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T09:28:36", "type": "mageia", "title": "Updated flash-player-plugin packages fixes security issues\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-4945", "CVE-2018-5000", "CVE-2018-5001", "CVE-2018-5002"], "modified": "2018-06-16T09:28:36", "id": "MGASA-2018-0286", "href": "https://advisories.mageia.org/MGASA-2018-0286.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}