DATABASE RESOURCES PRICING ABOUT US

{"id": "ZDI-14-040", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "Adobe Flash Player RegExp Stack Buffer Overflow Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of regular expressions in ActionScript where an expression could overflow a data structure on the stack. An attacker can leverage this vulnerability to execute code under the context of the current process.", "published": "2014-04-03T00:00:00", "modified": "2014-04-03T00:00:00", "epss": [{"cve": "CVE-2014-0498", "epss": 0.08956, "percentile": 0.93843, "modified": "2023-09-14"}], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-14-040/", "reporter": "Wen Guanxing from Venustech", "references": ["http://helpx.adobe.com/security/products/flash-player/apsb14-07.html"], "cvelist": ["CVE-2014-0498"], "immutableFields": [], "lastseen": "2023-09-15T13:24:06", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2014-0974"]}, {"type": "cve", "idList": ["CVE-2014-0498"]}, {"type": "gentoo", "idList": ["GLSA-201405-04"]}, {"type": "mageia", "idList": ["MGASA-2014-0091"]}, {"type": "nessus", "idList": ["8807.PRM", "FLASH_PLAYER_APSB14-07.NASL", "GENTOO_GLSA-201405-04.NASL", "MACOSX_FLASH_PLAYER_12_0_0_70.NASL", "OPENSUSE-2014-157.NASL", "REDHAT-RHSA-2014-0196.NASL", "SMB_KB2934802.NASL", "SUSE_11_FLASH-PLAYER-140224.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121179", "OPENVAS:1361412562310850571", "OPENVAS:1361412562310851089", "OPENVAS:1361412562310903338", "OPENVAS:1361412562310903339", "OPENVAS:1361412562310903340", "OPENVAS:850571"]}, {"type": "redhat", "idList": ["RHSA-2014:0196"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13726"]}, {"type": "seebug", "idList": ["SSV:61526"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:0277-1", "OPENSUSE-SU-2014:0278-1", "SUSE-SU-2014:0290-1"]}, {"type": "thn", "idList": ["THN:F302CDA9688F8F9725A0957D7EE3FB30"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-0498"]}]}, "score": {"value": 3.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2014-0974"]}, {"type": "cve", "idList": ["CVE-2014-0498"]}, {"type": "gentoo", "idList": ["GLSA-201405-04"]}, {"type": "nessus", "idList": ["SMB_KB2934802.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310850571"]}, {"type": "redhat", "idList": ["RHSA-2014:0196"]}, {"type": "seebug", "idList": ["SSV:61526"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0290-1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2014-0498", "epss": 0.14108, "percentile": 0.9484, "modified": "2023-05-07"}], "vulnersScore": 3.6}, "_state": {"dependencies": 1694784310, "score": 1694784458, "epss": 0}, "_internal": {"score_hash": "904b6bce881fb4dbb231bfed2dd13fc2"}}

{"checkpoint_advisories": [{"lastseen": "2021-12-17T12:09:10", "description": "A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.", "cvss3": {}, "published": "2014-03-04T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player Memory Corruption (APSB14-07: CVE-2014-0498)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498"], "modified": "2014-03-10T00:00:00", "id": "CPAI-2014-0974", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-09-21T09:45:31", "description": "Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and\n11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before\n11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR\nSDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628\nallows attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "ubuntucve", "title": "CVE-2014-0498", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498"], "modified": "2014-02-21T00:00:00", "id": "UB:CVE-2014-0498", "href": "https://ubuntu.com/security/CVE-2014-0498", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:33:40", "description": "BUGTRAQ ID: 65704\r\nCVE(CAN) ID: CVE-2014-0498\r\n\r\nAdobe Flash Player\u662f\u4e00\u4e2a\u96c6\u6210\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u3002Adobe AIR\u662f\u9488\u5bf9\u7f51\u7edc\u4e0e\u684c\u9762\u5e94\u7528\u7684\u7ed3\u5408\u6240\u5f00\u53d1\u51fa\u6765\u7684\u6280\u672f\uff0c\u53ef\u4ee5\u4e0d\u5fc5\u7ecf\u7531\u6d4f\u89c8\u5668\u800c\u5bf9\u7f51\u7edc\u4e0a\u7684\u4e91\u7aef\u7a0b\u5f0f\u505a\u63a7\u5236\u3002\r\n\r\nAdobe Flash Player\u53caAIR\u5728\u5904\u7406\u542b\u6709\u7279\u5236Flash\u5185\u5bb9\u7684\u6076\u610f\u7f51\u9875\u65f6\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u5305\u62ec\u6808\u6ea2\u51fa\u3001\u5185\u5b58\u6cc4\u9732\u3001\u53cc\u91cd\u91ca\u653e\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8fd9\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u6700\u7ec8\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7cfb\u7edf\u3002\r\n0\r\nAdobe Flash Player &lt; 12.0.0.44\r\nAdobe Flash Player &lt; 11.2.202.336\r\nAdobe AIR 4.0.0.1390\r\nAdobe AIR 3.9.0.1390 SDK\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\nAdobe\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08apsb14-07\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\napsb14-07\uff1aSecurity updates available for Adobe Flash Player\r\n\u94fe\u63a5\uff1ahttp://helpx.adobe.com/security/products/flash-player/apsb14-07.html", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "seebug", "title": "Adobe Flash Player\u53caAIR\u8fdc\u7a0b\u6808\u6ea2\u51fa\u6f0f\u6d1e(CVE-2014-0498)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-0498"], "modified": "2014-02-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61526", "id": "SSV:61526", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2023-09-20T13:43:34", "description": "Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.", "cvss3": {}, "published": "2014-02-21T05:06:00", "type": "cve", "title": "CVE-2014-0498", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498"], "modified": "2018-12-13T15:54:00", "cpe": [], "id": "CVE-2014-0498", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "openvas": [{"lastseen": "2020-01-31T18:37:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for flash-player (SUSE-SU-2014:0290-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851089", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851089\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:45:17 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for flash-player (SUSE-SU-2014:0290-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update of Adobe Flash Player fixes the following\n issues:\n\n * A stack overflow vulnerability that could have\n resulted in arbitrary code execution. (CVE-2014-0498)\n\n * A memory leak vulnerability that could have been used\n to defeat memory address layout randomization.\n (CVE-2014-0499)\n\n * A double free vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0502)\n\n Security Issue references:\n\n * CVE-2014-0498\n\n * CVE-2014-0499\n\n * CVE-2014-0502\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0290-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.341~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.341~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.341~0.3.1\", rls:\"SLED11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:09:53", "description": "Check for the Version of flash-player", "cvss3": {}, "published": "2014-02-25T00:00:00", "type": "openvas", "title": "SuSE Update for flash-player openSUSE-SU-2014:0278-1 (flash-player)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850571", "href": "http://plugins.openvas.org/nasl.php?oid=850571", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0278_1.nasl 8044 2017-12-08 08:32:49Z santu $\n#\n# SuSE Update for flash-player openSUSE-SU-2014:0278-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(850571);\n script_version(\"$Revision: 8044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:32:49 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:47:57 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Update for flash-player openSUSE-SU-2014:0278-1 (flash-player)\");\n\n tag_insight = \"\n Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\";\n\n tag_affected = \"flash-player on openSUSE 11.4\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"openSUSE-SU\", value: \"2014:0278_1\");\n script_summary(\"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.341~95.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.341~95.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.341~95.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-22T17:03:34", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-24T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2020-04-20T00:00:00", "id": "OPENVAS:1361412562310903340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903340", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Linux)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903340\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65704, 65703, 65702);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-24 18:04:57 +0530 (Mon, 24 Feb 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to multiple unspecified and a double free error.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to, disclose potentially\nsensitive information and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.2.202.341 on Linux\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.2.202.341 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57057\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.341\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.341\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:27", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-24T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310903338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903338", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903338\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65704, 65703, 65702);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-02-24 18:04:57 +0530 (Mon, 24 Feb 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Windows)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to multiple unspecified and a double free error.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to, disclose potentially\nsensitive information and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.269 and 11.8.x through 12.0.x\nbefore 12.0.0.70 on Windows\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.269 or 12.0.0.70 or later.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57057\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.269\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"12.0.0.69\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:39:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for flash-player (openSUSE-SU-2014:0278-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850571", "sourceData": "# Copyright (C) 2014 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850571\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:47:57 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"openSUSE: Security Advisory for flash-player (openSUSE-SU-2014:0278-1)\");\n\n script_tag(name:\"affected\", value:\"flash-player on openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n\n * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"openSUSE-SU\", value:\"2014:0278-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.4\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.341~95.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.341~95.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.341~95.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:25", "description": "This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.", "cvss3": {}, "published": "2014-02-24T00:00:00", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2019-07-17T00:00:00", "id": "OPENVAS:1361412562310903339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903339", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903339\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65704, 65703, 65702);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-02-24 18:21:06 +0530 (Mon, 24 Feb 2014)\");\n script_name(\"Adobe Flash Player Multiple Vulnerabilities - 01 Feb14 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Flaw is due to multiple unspecified and a double free error.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to, disclose potentially\nsensitive information and compromise a user's system.\");\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before 11.7.700.269 and 11.8.x through 12.0.x\nbefore 12.0.0.70 on Mac OS X\");\n script_tag(name:\"solution\", value:\"Update to Adobe Flash Player version 11.7.700.269 or 12.0.0.70 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57057\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2014 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.7.700.269\") ||\n version_in_range(version:playerVer, test_version:\"11.8.0\", test_version2:\"12.0.0.69\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:11", "description": "Gentoo Linux Local Security Checks GLSA 201405-04", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201405-04", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0508", "CVE-2014-0503", "CVE-2014-0515", "CVE-2014-0498", "CVE-2014-0504", "CVE-2014-0507", "CVE-2014-0506", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121179", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201405-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121179\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:06 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201405-04\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201405-04\");\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\", \"CVE-2014-0503\", \"CVE-2014-0504\", \"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\", \"CVE-2014-0515\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201405-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.356\"), vulnerable: make_list(\"lt 11.2.202.356\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-07-08T14:09:55", "description": "According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.261 / 11.8.x / 11.9.x / 12.0.0.70. It is, therefore, potentially affected multiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "nessus", "title": "Flash Player <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB14-07.NASL", "href": "https://www.tenable.com/plugins/nessus/72606", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72606);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65702, 65703, 65704);\n\n script_name(english:\"Flash Player <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on the\nremote Windows host is equal or prior to 11.7.700.261 / 11.8.x / 11.9.x\n/ 12.0.0.70. It is, therefore, potentially affected multiple\nvulnerabilities :\n\n - A stack overflow vulnerability exists that could result\n in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used\n to aid in buffer overflow attacks by bypassing address\n space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in\n arbitrary code execution. (CVE-2014-0502)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-14-040/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.269 / 12.0.0.70 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 12.0.0.44\n variant == \"Chrome_Pepper\" &&\n (iver[0] == 12 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 44)\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n # < 11\n iver[0] < 11 ||\n # 11.x <= 11.7.700.261\n (\n iver[0] == 11 &&\n (\n iver[1] < 7 ||\n (\n iver[1] == 7 &&\n (\n iver[2] < 700 ||\n (iver[2] == 700 && iver[3] <= 261)\n )\n )\n )\n ) ||\n # 11.8.x\n (iver[0] == 11 && iver[1] == 8) ||\n # 11.9.x\n (iver[0] == 11 && iver[1] == 9) ||\n\n # 12.0.0.x <= 12.0.0.44\n (\n iver[0] == 12 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 44\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product: Browser Plugin (for Firefox / Netscape / Opera)';\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 12.0.0.70 (Chrome PepperFlash)';\n else\n {\n if (ver =~ \"^11\\.7\")\n fix = \"11.7.700.269\";\n else\n fix = \"12.0.0.70\";\n info += '\\n Fixed version : '+fix;\n }\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:31", "description": "Versions of Adobe Flash player prior to 11.7.700.275 / 13.0.0.182 are outdated and thus unpatched for the following vulnerabilities :\n\n - A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)\n - A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)\n - A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2015-07-10T00:00:00", "type": "nessus", "title": "Flash Player < 11.7.700.269 / 12.0.0.70 Multiple Vulnerabilities (APSB14-07)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "8807.PRM", "href": "https://www.tenable.com/plugins/nnm/8807", "sourceData": "Binary data 8807.prm", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:28:09", "description": "Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n\n - APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh) updated.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2014:0277-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player-kde4", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-157.NASL", "href": "https://www.tenable.com/plugins/nessus/75267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-157.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75267);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65702, 65703, 65704);\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2014:0277-1)\");\n script_summary(english:\"Check for the openSUSE-2014-157 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n\n - APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-02/msg00069.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.341-2.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.341-2.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.341-2.60.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.341-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.341-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.341-34.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:20:37", "description": "The remote host is missing KB2929825. It is, therefore, affected by multiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "nessus", "title": "MS KB2934802: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows", "cpe:/a:adobe:flash_player"], "id": "SMB_KB2934802.NASL", "href": "https://www.tenable.com/plugins/nessus/72608", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72608);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65702, 65703, 65704);\n script_xref(name:\"MSKB\", value:\"2934802\");\n\n script_name(english:\"MS KB2934802: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks version of ActiveX control\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an ActiveX control installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB2929825. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result\n in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used\n to aid in buffer overflow attacks by bypassing address\n space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in\n arbitrary code execution. (CVE-2014-0502)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-14-040/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/2934802/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB2934802.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\", \"SMB/ProductName\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 12.0.0.70\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 12 ||\n (\n iver[0] == 12 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 70)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 12.0.0.70\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:20:38", "description": "An updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2014-0498, CVE-2014-0499, CVE-2014-0502)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.341.", "cvss3": {}, "published": "2014-02-23T00:00:00", "type": "nessus", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2014:0196)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2014-0196.NASL", "href": "https://www.tenable.com/plugins/nessus/72643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0196. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72643);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_xref(name:\"RHSA\", value:\"2014:0196\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2014:0196)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes three security issues\nis now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nCritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security bulletin\nAPSB14-07, listed in the References section. Specially crafted SWF\ncontent could cause flash-plugin to crash or, potentially, execute\narbitrary code when a victim loads a page containing the malicious SWF\ncontent. (CVE-2014-0498, CVE-2014-0499, CVE-2014-0502)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.341.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-07.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0502\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0196\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.341-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.341-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:20:38", "description": "According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.261 / 11.8.x / 11.9.x / 12.0.0.44. It is, therefore, potentially affected by multiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used to aid in buffer overflow attacks by bypassing address space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2014-02-20T00:00:00", "type": "nessus", "title": "Flash Player for Mac <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07) (Mac OS X)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2019-11-26T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_12_0_0_70.NASL", "href": "https://www.tenable.com/plugins/nessus/72607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72607);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n script_bugtraq_id(65702, 65703, 65704);\n\n script_name(english:\"Flash Player for Mac <= 11.7.700.261 / 12.0.0.44 Multiple Vulnerabilities (APSB14-07) (Mac OS X)\");\n script_summary(english:\"Checks version of Flash Player\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the instance of Flash Player installed on\nthe remote Mac OS X host is equal or prior to 11.7.700.261 / 11.8.x /\n11.9.x / 12.0.0.44. It is, therefore, potentially affected by\nmultiple vulnerabilities :\n\n - A stack overflow vulnerability exists that could result\n in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability exists that could be used\n to aid in buffer overflow attacks by bypassing address\n space layout randomization (ASLR). (CVE-2014-0499)\n\n - A double free vulnerability exists that could result in\n arbitrary code execution. (CVE-2014-0502)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-14-040/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-07.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 11.7.700.269 / 12.0.0.70 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0502\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nextended_cutoff_version = \"11.7.700.261\";\nextended_fixed_version = \"11.7.700.269\";\n\nstandard_cutoff_version = \"12.0.0.44\";\nstandard_fixed_version = \"12.0.0.70\";\n\nfixed_version_for_report = NULL;\n\nif (version =~ \"^([0-9]|10)\\.|^11\\.[0-6]\")\n fixed_version_for_report = extended_fixed_version;\n\nelse if (\n version =~ \"^11\\.7\\.\" &&\n ver_compare(ver:version, fix:extended_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = extended_fixed_version;\n\nelse if (version =~ \"^11\\.[89]\\.\") fixed_version_for_report = standard_fixed_version;\nelse if (\n version =~ \"^12\\.0\\.0\\.\" &&\n ver_compare(ver:version, fix:standard_cutoff_version, strict:FALSE) <= 0\n) fixed_version_for_report = standard_fixed_version;\n\nif (!isnull(fixed_version_for_report))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T14:20:40", "description": "This update of Adobe Flash Player fixes the following issues :\n\n - A stack overflow vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability that could have been used to defeat memory address layout randomization.\n (CVE-2014-0499)\n\n - A double free vulnerability that could have resulted in arbitrary code execution. (CVE-2014-0502)", "cvss3": {}, "published": "2014-02-26T00:00:00", "type": "nessus", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 8922)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:flash-player", "p-cpe:/a:novell:suse_linux:11:flash-player-gnome", "p-cpe:/a:novell:suse_linux:11:flash-player-kde4", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_FLASH-PLAYER-140224.NASL", "href": "https://www.tenable.com/plugins/nessus/72700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72700);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 8922)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Adobe Flash Player fixes the following issues :\n\n - A stack overflow vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0498)\n\n - A memory leak vulnerability that could have been used to\n defeat memory address layout randomization.\n (CVE-2014-0499)\n\n - A double free vulnerability that could have resulted in\n arbitrary code execution. (CVE-2014-0502)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0498.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0499.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0502.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8922.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.341-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.341-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-02T14:09:40", "description": "The remote host is affected by the vulnerability described in GLSA-201405-04 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-05-05T00:00:00", "type": "nessus", "title": "GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502", "CVE-2014-0503", "CVE-2014-0504", "CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-0515"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201405-04.NASL", "href": "https://www.tenable.com/plugins/nessus/73860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201405-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73860);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0498\", \"CVE-2014-0499\", \"CVE-2014-0502\", \"CVE-2014-0503\", \"CVE-2014-0504\", \"CVE-2014-0506\", \"CVE-2014-0507\", \"CVE-2014-0508\", \"CVE-2014-0509\", \"CVE-2014-0515\");\n script_bugtraq_id(65702, 65703, 65704, 66122, 66127, 66208, 66699, 66701, 66703, 67092);\n script_xref(name:\"GLSA\", value:\"201405-04\");\n\n script_name(english:\"GLSA-201405-04 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201405-04\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file using Adobe Flash Player, possibly resulting in execution of\n arbitrary code with the privileges of the process or a Denial of Service\n condition. Furthermore, a remote attacker may be able to bypass the Same\n Origin Policy or read the clipboard via unspecified vectors.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201405-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.356'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player Shader Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.356\"), vulnerable:make_list(\"lt 11.2.202.356\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2016-09-04T12:22:34", "description": "This update of Adobe Flash Player fixes the following\n issues:\n\n * A stack overflow vulnerability that could have\n resulted in arbitrary code execution. (CVE-2014-0498)\n * A memory leak vulnerability that could have been used\n to defeat memory address layout randomization.\n (CVE-2014-0499)\n * A double free vulnerability that could have resulted\n in arbitrary code execution. (CVE-2014-0502)\n", "cvss3": {}, "published": "2014-02-25T20:04:15", "type": "suse", "title": "Security update for flash-player (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-02-25T20:04:15", "id": "SUSE-SU-2014:0290-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:34", "description": "Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\n\n", "cvss3": {}, "published": "2014-02-24T08:04:11", "type": "suse", "title": "flash-player: update to 11.2.202.341 security release (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-02-24T08:04:11", "id": "OPENSUSE-SU-2014:0277-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:17", "description": "Adobe Flash Player was updated to 11.2.202.341: (bnc#865021)\n * APSB14-07, CVE-2014-0498 CVE-2014-0499 CVE-2014-0502\n - Contents of flashplayer_11_sa.i386.tar.gz changed back:\n spec file updated, supplementary script (update.sh)\n updated.\n\n", "cvss3": {}, "published": "2014-02-24T11:04:11", "type": "suse", "title": "flash-player: update to 11.2.202.341 security release (critical)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-02-24T11:04:11", "id": "OPENSUSE-SU-2014:0278-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:39", "description": "[](<https://4.bp.blogspot.com/--507JkCFoZA/UwhC21o6XWI/AAAAAAAAaRw/G5qvKdfg_Sg/s1600/Adobe+Flash+Palayer+emergency+patch+update.png>)\n\nSecurity Firm FireEye has [uncovered](<https://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html>) yet another critical zero-day vulnerability in widely used Adobe Flash Software and Adobe has been forced to issue a second [emergency patch update](<https://helpx.adobe.com/security/products/flash-player/apsb14-07.html>) in less than a month. \n \nAll versions of Adobe Flash Player released before today's patch are vulnerable to the zero-day exploit and the patch addresses a critical vulnerability _CVE-2014-0502_, being used in a watering hole attack -dubbed \"_Operation Greedywonk\", _that allows attackers to remotely take control of infected systems. \n \nThe vulnerability affects the latest versions of Flash, is reported to be targeting the websites of three non-profit institutions, being redirected to an malicious server hosting the zero-day exploit. \n \n\"_Visitors to the Peter G. Peterson Institute for International Economics (www.piie[.]com) were redirected to an exploit server hosting this Flash zero-day through a hidden iframe_.\" FireEye said. \n \n\n\nSecurity updates tackle a number of flaws including: \n\n\n * CVE-2014-0498 stack overflow vulnerability, if exploited, can execute arbitrary code\n * CVE-2014-0499 memory leak vulnerability, if exploited, defeat memory address layout randomization\n * CVE-2014-0502 double free vulnerability, if exploited, could result in arbitrary code execution\nReports confirmed that exploit for _CVE-2014-0502_ exists in the wild, that allows an attacker to bypass '_Address Space Layout Randomization (ASLR)_' protections on Windows XP, Windows 7 with Java version 1.6 or outdated office 2007 or 2010 to execute the malicious code.\n\n \n**Anatomy of the attack:** Antivirus firm** '**[Symantec](<http://www.symantec.com/connect/blogs/new-flash-zero-day-linked-yet-more-watering-hole-attacks>)' explained:\n\n> **\"**_This attack technique is known as a watering hole attack. In this case the target visits a compromised website that contains an IFrame inserted by the attackers in order to redirect the target to another website (giftserv.hopto.org). This new site loads a malicious index.php file (Trojan.Malscript) which checks whether the victim is running a 32-bit or 64-bit system. Depending on the results, a malicious index.html file (also Trojan.Malscript) and additional components are also downloaded from either the 32-bit or 64-bit folders hosted on the attacker\u2019s server. The malicious index.html file then loads the cc.swf Adobe Flash file (Trojan.Swifi) containing the zero-day. Once exploited, a logo.gif image file is downloaded containing encrypted shellcode which downloads and executes the malicious server.exe (Backdoor.Jolob) payload_.\n\nA very successful watering hole attack in early 2013 targeted mobile app developers and infected the internal networks of Apple, Facebook, Microsoft and Twitter, among other companies. \n \nFortunately, only certain computers are vulnerable to those further exploits: all Windows XP machines, and Windows 7 machines that have Java 1.6 or Microsoft Office 2007 or 2010 installed. \"_Users can mitigate the threat by upgrading from Windows XP and updating Java and Office,_\" FireEye researchers said. \n \nTo Determine which version of Flash you are running, you can visit Adobe\u2019s [website here](<https://www.adobe.com/software/flash/about/>). Users are recommended to update their Adobe Flash layer to address this critical vulnerability. You should download it from the [Adobe Flash Player Download](<https://get.adobe.com/flashplayer/>) Centre.\n", "cvss3": {}, "published": "2014-02-21T19:36:00", "type": "thn", "title": "Adobe releases another Emergency Security Patch for Flash Player", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2014-0498", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-02-22T06:36:51", "id": "THN:F302CDA9688F8F9725A0957D7EE3FB30", "href": "https://thehackernews.com/2014/02/adobe-releases-another-emergency.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2023-05-26T10:21:36", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security bulletin APSB14-07,\nlisted in the References section. Specially-crafted SWF content could\ncause flash-plugin to crash or, potentially, execute arbitrary code when a\nvictim loads a page containing the malicious SWF content. (CVE-2014-0498,\nCVE-2014-0499, CVE-2014-0502)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.341.\n", "cvss3": {}, "published": "2014-02-21T00:00:00", "type": "redhat", "title": "(RHSA-2014:0196) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2018-06-07T05:04:37", "id": "RHSA-2014:0196", "href": "https://access.redhat.com/errata/RHSA-2014:0196", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2023-09-20T15:33:34", "description": "Adobe Flash Player 11.2.202.341 contains fixes to critical security vulnerabilities found in earlier versions that could cause a crash and potentially allow an attacker to remotely take control of the affected system. This update resolves a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498). This update resolves a memory leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0499). This update resolves a double free vulnerability that could result in arbitrary code execution (CVE-2014-0502). Adobe is aware of reports that CVE-2014-0502 is being exploited in the wild. \n", "cvss3": {}, "published": "2014-02-21T18:20:39", "type": "mageia", "title": "Updated flash-player-plugin package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502"], "modified": "2014-02-21T18:20:39", "id": "MGASA-2014-0091", "href": "https://advisories.mageia.org/MGASA-2014-0091.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-09-21T07:38:05", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to bypass the Same Origin Policy or read the clipboard via unspecified vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.356\"", "cvss3": {}, "published": "2014-05-03T00:00:00", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities ", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0498", "CVE-2014-0499", "CVE-2014-0502", "CVE-2014-0503", "CVE-2014-0504", "CVE-2014-0506", "CVE-2014-0507", "CVE-2014-0508", "CVE-2014-0509", "CVE-2014-0515"], "modified": "2014-05-03T00:00:00", "id": "GLSA-201405-04", "href": "https://security.gentoo.org/glsa/201405-04", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T18:46:17", "description": "Use-after-free, buffer overflow, restrictions bypass, crossite scripting.", "cvss3": {}, "published": "2014-05-04T00:00:00", "type": "securityvulns", "title": "Adobe Flash Player multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-0509", "CVE-2014-0492", "CVE-2014-0508", "CVE-2014-0503", "CVE-2014-0515", "CVE-2014-0498", "CVE-2014-0504", "CVE-2014-0507", "CVE-2014-0491", "CVE-2014-0497", "CVE-2014-0506", "CVE-2014-0502", "CVE-2014-0499"], "modified": "2014-05-04T00:00:00", "id": "SECURITYVULNS:VULN:13726", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13726", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}