Vulnerabilities > CVE-2011-0609

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
adobe
opensuse
suse
google
nessus
exploit available
metasploit

Summary

Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.

Vulnerable Configurations

Part Description Count
Application
Adobe
153
Application
Google
1203
OS
Apple
2
OS
Linux
1
OS
Microsoft
1
OS
Oracle
1
OS
Google
2
OS
Opensuse
3
OS
Suse
2

Exploit-Db

descriptionAdobe Flash Player AVM Bytecode Verification. CVE-2011-0609. Remote exploit for windows platform
idEDB-ID:17027
last seen2016-02-02
modified2011-03-23
published2011-03-23
reportermetasploit
sourcehttps://www.exploit-db.com/download/17027/
titleAdobe Flash Player AVM Bytecode Verification

Metasploit

descriptionThis module exploits a vulnerability in Adobe Flash Player versions 10.2.152.33 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for the RSA attack in March 2011. Specifically, this issue results in uninitialized memory being referenced and later executed. Taking advantage of this issue relies on heap spraying and controlling the uninitialized memory. Currently this exploit works for IE6, IE7, and Firefox 3.6 and likely several other browsers. DEP does catch the exploit and causes it to fail. Due to the nature of the uninitialized memory its fairly difficult to get around this restriction.
idMSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASHPLAYER_AVM
last seen2020-06-04
modified2017-07-24
published2011-03-23
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/adobe_flashplayer_avm.rb
titleAdobe Flash Player AVM Bytecode Verification Vulnerability

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0372.NASL
    descriptionAn updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-05, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code. (CVE-2011-0609) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.2.153.1.
    last seen2020-06-01
    modified2020-06-02
    plugin id52760
    published2011-03-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52760
    titleRHEL 5 / 6 : flash-plugin (RHSA-2011:0372)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:0372. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52760);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2011-0609");
      script_bugtraq_id(46860);
      script_xref(name:"RHSA", value:"2011:0372");
    
      script_name(english:"RHEL 5 / 6 : flash-plugin (RHSA-2011:0372)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated Adobe Flash Player package that fixes one security issue is
    now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    The flash-plugin package contains a Mozilla Firefox compatible Adobe
    Flash Player web browser plug-in.
    
    This update fixes one vulnerability in Adobe Flash Player. This
    vulnerability is detailed on the Adobe security page APSB11-05, listed
    in the References section. Specially crafted SWF content could cause
    flash-plugin to crash or, potentially, execute arbitrary code.
    (CVE-2011-0609)
    
    All users of Adobe Flash Player should install this updated package,
    which upgrades Flash Player to version 10.2.153.1."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-0609"
      );
      # http://www.adobe.com/support/security/bulletins/apsb11-05.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.adobe.com/support/security/bulletins/apsb11-05.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2011:0372"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected flash-plugin package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:flash-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2011:0372";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"flash-plugin-10.2.153.1-1.el5")) flag++;
    
    
      if (rpm_check(release:"RHEL6", reference:"flash-plugin-10.2.153.1-1.el6")) flag++;
    
    
      if (flag)
      {
        flash_plugin_caveat = '\n' +
          'NOTE: This vulnerability check only applies to RedHat released\n' +
          'versions of the flash-plugin package. This check does not apply to\n' +
          'Adobe released versions of the flash-plugin package, which are\n' +
          'versioned similarly and cause collisions in detection.\n\n' +
    
          'If you are certain you are running the Adobe released package of\n' +
          'flash-plugin and are running a version of it equal or higher to the\n' +
          'RedHat version listed above then you can consider this a false\n' +
          'positive.\n';
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-plugin");
      }
    }
    
  • NASL familyWindows
    NASL idADOBE_READER_APSA11-01.NASL
    descriptionThe remote Windows host contains a version of Adobe Reader 9.x < 9.4.3 or 10.x < 10.1. Such versions are affected by an unspecified memory corruption vulnerability in authplay.dll. A remote attacker could exploit this by tricking a user into viewing maliciously crafted SWF content, resulting in arbitrary code execution. This bug is currently being exploited in the wild.
    last seen2020-06-01
    modified2020-06-02
    plugin id52672
    published2011-03-15
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52672
    titleAdobe Reader 9.x / 10.x Unspecified Memory Corruption (APSB11-06)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(52672);
      script_version("1.21");
      script_cvs_date("Date: 2018/11/15 20:50:26");
    
      script_cve_id("CVE-2011-0609");
      script_bugtraq_id(46860);
      script_xref(name:"CERT", value:"192052");
      script_xref(name:"EDB-ID", value:"17027");
    
      script_name(english:"Adobe Reader 9.x / 10.x Unspecified Memory Corruption (APSB11-06)");
      script_summary(english:"Checks version of Adobe Reader");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The version of Adobe Reader on the remote Windows host is affected by
    a memory corruption vulnerability."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote Windows host contains a version of Adobe Reader 9.x <
    9.4.3 or 10.x < 10.1.  Such versions are affected by an unspecified
    memory corruption vulnerability in authplay.dll. 
    
    A remote attacker could exploit this by tricking a user into viewing
    maliciously crafted SWF content, resulting in arbitrary code
    execution. 
    
    This bug is currently being exploited in the wild."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?82775d9e"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.adobe.com/support/security/advisories/apsa11-01.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.adobe.com/support/security/bulletins/apsb11-06.html"
      );
      # "The update for Adobe Reader X (10.x) for Windows also incorporate the updates
      # previously addressed in all other supported versions of Adobe Reader and Acrobat
      # as noted in Security Bulletin APSB11-06 and Security Bulletin APSB11-08."
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.adobe.com/support/security/bulletins/apsb11-16.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1d9dd300"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade to Adobe Reader 9.4.2 / 10.1 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat_reader");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("adobe_reader_installed.nasl");
      script_require_keys("SMB/Acroread/Version");
    
      exit(0);
    }
    
    
    include('global_settings.inc');
    
    info =  '';
    info2 = '';
    vuln = 0;
    vers = get_kb_list('SMB/Acroread/Version');
    if (isnull(vers)) exit(0, 'The "SMB/Acroread/Version" KB list is missing.');
    
    foreach version (vers)
    {
      ver = split(version, sep:'.', keep:FALSE);
      for (i=0; i<max_index(ver); i++)
        ver[i] = int(ver[i]);
    
      path = get_kb_item('SMB/Acroread/'+version+'/Path');
      if (isnull(path)) path = 'n/a';
    
      verui = get_kb_item('SMB/Acroread/'+version+'/Version_UI');
      if (isnull(verui)) verui = version;
    
      if (
        (ver[0] == 9 && ver[1]  < 4) ||
        (ver[0] == 9 && ver[1] == 4 && ver[2] < 3) ||
        (ver[0] == 10 && ver[1] < 1)
      )
      {
        vuln++;
        info += '\n  Path              : '+path+
                '\n  Installed version : '+verui+
                '\n  Fixed version     : 9.4.3 / 10.1\n';
      }
      else
        info2 += " and " + verui;
    }
    
    if (info)
    {
      if (report_verbosity > 0)
      {
        if (vuln > 1) s = "s of Adobe Reader are";
        else s = " of Adobe Reader is";
    
        report =
          '\nThe following vulnerable instance'+s+' installed on the'+
          '\nremote host :\n'+
          info;
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
    
      exit(0);
    }
    
    if (info2)
    {
      info2 -= " and ";
      if (" and " >< info2) be = "are";
      else be = "is";
    
      exit(0, "The host is not affected since Adobe Reader "+info2+" "+be+" installed.");
    }
    else exit(1, "Unexpected error - 'info2' is empty.");
    
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_FLASH-PLAYER-110328.NASL
    descriptionThe Adobe Standalone Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id75496
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75496
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2011:0239-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update flash-player-4239.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75496);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2011-0609");
    
      script_name(english:"openSUSE Security Update : flash-player (openSUSE-SU-2011:0239-1)");
      script_summary(english:"Check for the flash-player-4239 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Adobe Standalone Flash Player was updated to the 10.2.153.1,
    fixing several bugs and one security issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=679672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=682902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-03/msg00031.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected flash-player package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"flash-player-10.2.153.1-0.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player");
    }
    
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSA11-01.NASL
    descriptionThe remote Windows host contains a version of Adobe Flash Player earlier than 10.2.153.1. Such versions are affected by an unspecified memory corruption vulnerability. A remote attacker could exploit this by tricking a user into viewing maliciously crafted SWF content, resulting in arbitrary code execution. This bug is currently being exploited in the wild.
    last seen2020-06-01
    modified2020-06-02
    plugin id52673
    published2011-03-15
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52673
    titleFlash Player < 10.2.153.1 Unspecified Memory Corruption (APSB11-05)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(52673);
      script_version("1.16");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2011-0609");
      script_bugtraq_id(46860);
      script_xref(name:"CERT", value:"192052");
      script_xref(name:"EDB-ID", value:"17027");
      script_xref(name:"Secunia", value:"43751");
      script_xref(name:"Secunia", value:"43757");
    
      script_name(english:"Flash Player < 10.2.153.1 Unspecified Memory Corruption (APSB11-05)");
      script_summary(english:"Checks version of Flash Player");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains a browser plug-in that is affected
    by a memory corruption vulnerability."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote Windows host contains a version of Adobe Flash Player
    earlier than 10.2.153.1.  Such versions are affected by an
    unspecified memory corruption vulnerability. 
    
    A remote attacker could exploit this by tricking a user into viewing
    maliciously crafted SWF content, resulting in arbitrary code
    execution. 
    
    This bug is currently being exploited in the wild."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?82775d9e"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.adobe.com/support/security/advisories/apsa11-01.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.adobe.com/support/security/bulletins/apsb11-05.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Upgrade to Flash Player 10.2.153.1 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("flash_player_installed.nasl");
      script_require_keys("SMB/Flash_Player/installed");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    get_kb_item_or_exit('SMB/Flash_Player/installed');
    
    info = '';
    
    foreach variant (make_list("Plugin", "ActiveX", "Chrome"))
    {
      vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*");
      files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*");
      if (!isnull(vers) && !isnull(files))
      {
        foreach key (keys(vers))
        {
          ver = vers[key];
          if (ver)
          {
            iver = split(ver, sep:'.', keep:FALSE);
            for(i=0;i<max_index(iver);i++)
              iver[i] = int(iver[i]);
    
            if (
              ("Plugin" >< variant || "ActiveX" >< variant) && (
                iver[0] < 10 ||
                (
                  iver[0] == 10 &&
                  (
                    iver[1] < 2 ||
                    (
                      iver[1] == 2 &&
                      (
                        iver[2] < 153 ||
                        (iver[2] == 153 && iver[3] < 1)
                      )
                    )
                  )
                )
              )
            )
            {
              num = key - ("SMB/Flash_Player/"+variant+"/Version/");
              file = files["SMB/Flash_Player/"+variant+"/File/"+num];
              if (variant == "Plugin")
              {
                info += '\n  Product : Browser Plugin (for Firefox / Netscape / Opera)';
              }
              else if (variant == "ActiveX")
              {
                info += '\n  Product : ActiveX control (for Internet Explorer)';
              }
    
              info += '\n  Path              : ' + file +
                      '\n  Installed version : ' + ver +
                      '\n  Fixed version     : 10.2.153.1\n';
            }
            # Chrome
            else if (
              ("Chrome" >< variant) && (
                iver[0] < 10 ||
                (
                  iver[0] == 10 &&
                  (
                    iver[1] < 2 ||
                    (
                      iver[1] == 2 &&
                      (
                        iver[2] < 154 ||
                        (iver[2] == 154 && iver[3] < 25)
                      )
                    )
                  )
                )
              )
            )
            {
              num = key - ("SMB/Flash_Player/"+variant+"/Version/");
              file = files["SMB/Flash_Player/"+variant+"/File/"+num];
              info += '\n  Product: Browser Plugin (for Google Chrome)';
              info += '\n  Path              : ' + file +
                      '\n  Installed version : ' + ver ;
              info += '\n  Fixed version     : 10.2.154.25 (as included with Google Chrome 10.0.648.134)\n';
            }
          }
        }
      }
    }
    
    if (info)
    {
      if (report_verbosity > 0)
        security_hole(port:get_kb_item("SMB/transport"), extra:info);
      else
        security_hole(get_kb_item("SMB/transport"));
    }
    else exit(0, 'The host is not affected.');
    
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLASH-PLAYER-7391.NASL
    descriptionThe Adobe Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue : - This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
    last seen2020-06-01
    modified2020-06-02
    plugin id52969
    published2011-03-25
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52969
    titleSuSE 10 Security Update : flash-player (ZYPP Patch Number 7391)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52969);
      script_version ("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2011-0609");
    
      script_name(english:"SuSE 10 Security Update : flash-player (ZYPP Patch Number 7391)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Adobe Flash Player was updated to the 10.2.153.1, fixing several
    bugs and one security issue :
    
      - This vulnerability (CVE-2011-0609) could cause a crash
        and potentially allow an attacker to take control of the
        affected system. There are reports that this
        vulnerability is being exploited in the wild in targeted
        attacks via a Flash (.swf) file embedded in a Microsoft
        Excel (.xls) file delivered as an email attachment."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0609.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7391.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:3, reference:"flash-player-10.2.153.1-0.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLASH-PLAYER-7398.NASL
    descriptionThe Adobe Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue : - This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
    last seen2020-06-01
    modified2020-06-02
    plugin id57188
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57188
    titleSuSE 10 Security Update : flash-player (ZYPP Patch Number 7398)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57188);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2011-0609");
    
      script_name(english:"SuSE 10 Security Update : flash-player (ZYPP Patch Number 7398)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Adobe Flash Player was updated to the 10.2.153.1, fixing several
    bugs and one security issue :
    
      - This vulnerability (CVE-2011-0609) could cause a crash
        and potentially allow an attacker to take control of the
        affected system. There are reports that this
        vulnerability is being exploited in the wild in targeted
        attacks via a Flash (.swf) file embedded in a Microsoft
        Excel (.xls) file delivered as an email attachment."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0609.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7398.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"flash-player-10.2.153.1-0.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FLASH-PLAYER-110321.NASL
    descriptionThe Adobe Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue : - This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
    last seen2020-06-01
    modified2020-06-02
    plugin id52959
    published2011-03-24
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52959
    titleSuSE 11.1 Security Update : flash-player (SAT Patch Number 4190)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52959);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-0609");
    
      script_name(english:"SuSE 11.1 Security Update : flash-player (SAT Patch Number 4190)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Adobe Flash Player was updated to the 10.2.153.1, fixing several
    bugs and one security issue :
    
      - This vulnerability (CVE-2011-0609) could cause a crash
        and potentially allow an attacker to take control of the
        affected system. There are reports that this
        vulnerability is being exploited in the wild in targeted
        attacks via a Flash (.swf) file embedded in a Microsoft
        Excel (.xls) file delivered as an email attachment."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=679672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-0609.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 4190.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"flash-player-10.2.153.1-0.2.1")) flag++;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_FLASH-PLAYER-110328.NASL
    descriptionThe Adobe Standalone Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id75832
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75832
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2011:0239-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update flash-player-4239.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75832);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-0609");
    
      script_name(english:"openSUSE Security Update : flash-player (openSUSE-SU-2011:0239-1)");
      script_summary(english:"Check for the flash-player-4239 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Adobe Standalone Flash Player was updated to the 10.2.153.1,
    fixing several bugs and one security issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=679672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=682902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-03/msg00031.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected flash-player package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"flash-player-10.2.153.1-0.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player");
    }
    
  • NASL familyWindows
    NASL idADOBE_AIR_APSB11-05.NASL
    descriptionThe remote Windows host contains a version of Adobe AIR earlier than 2.6. Such versions are affected by a memory corruption vulnerability that could allow arbitrary code execution on the remote system or trigger a denial of service condition.
    last seen2020-06-01
    modified2020-06-02
    plugin id52755
    published2011-03-22
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52755
    titleAdobe AIR < 2.6 Unspecified Memory Corruption (APSB11-05)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52755);
      script_version("1.14");
      script_cvs_date("Date: 2018/06/27 18:42:26");
    
      script_cve_id("CVE-2011-0609");
      script_bugtraq_id(46860);
      script_xref(name:"CERT", value:"192052");
      script_xref(name:"EDB-ID", value:"17027");
      script_xref(name:"Secunia", value:"43751");
    
      script_name(english:"Adobe AIR < 2.6 Unspecified Memory Corruption (APSB11-05)");
      script_summary(english:"Checks version of Adobe AIR");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host contains a version of Adobe AIR that is
    affected by a memory corruption vulnerability."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote Windows host contains a version of Adobe AIR earlier than
    2.6.  Such versions are affected by a memory corruption vulnerability
    that could allow arbitrary code execution on the remote system or
    trigger a denial of service condition.");
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82775d9e");
      script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/advisories/apsa11-01.html");
      script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb11-05.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Adobe AIR 2.6 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/14"); # APSA11-01
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("adobe_air_installed.nasl");
      script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    
    version = get_kb_item_or_exit("SMB/Adobe_AIR/Version");
    path = get_kb_item_or_exit("SMB/Adobe_AIR/Path");
    
    version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI");
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui;
    
    fix = '2.6.0.19120';
    fix_ui = '2.6';
    
    if (ver_compare(ver:version, fix:fix) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version_report +
          '\n  Fixed version     : ' + fix_ui + '\n';
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(get_kb_item("SMB/transport"));
      exit(0);
    }
    else exit(0, "The Adobe AIR "+version_report+" install is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_FLASH-PLAYER-110321.NASL
    descriptionThe Adobe Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue. This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
    last seen2020-06-01
    modified2020-06-02
    plugin id75831
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75831
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2011:0215-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update flash-player-4187.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75831);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-0609");
    
      script_name(english:"openSUSE Security Update : flash-player (openSUSE-SU-2011:0215-1)");
      script_summary(english:"Check for the flash-player-4187 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Adobe Flash Player was updated to the 10.2.153.1, fixing several
    bugs and one security issue. 
    
    This vulnerability (CVE-2011-0609) could cause a crash and potentially
    allow an attacker to take control of the affected system. There are
    reports that this vulnerability is being exploited in the wild in
    targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel
    (.xls) file delivered as an email attachment."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=679672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-03/msg00016.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected flash-player package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player AVM Bytecode Verification Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686)$") audit(AUDIT_ARCH_NOT, "i586 / i686", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"flash-player-10.2.153.1-0.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player");
    }
    
  • NASL familyWindows
    NASL idGOOGLE_CHROME_10_0_648_134.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 10.0.648.134. Such versions of Chrome contain a vulnerable version of Adobe Flash Player. A remote attacker could exploit this by tricking a user into viewing unspecified, malicious SWF content, resulting in arbitrary code execution. This bug is currently being exploited in the wild.
    last seen2017-10-29
    modified2013-11-13
    plugin id52713
    published2011-03-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=52713
    titleGoogle Chrome < 10.0.648.134 Unspecified Adobe Flash Player
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201110-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201110-11 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details. Impact : By enticing a user to open a specially crafted SWF file a remote attacker could cause a Denial of Service or the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id56504
    published2011-10-14
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56504
    titleGLSA-201110-11 : Adobe Flash Player: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_FLASH-PLAYER-110328.NASL
    descriptionThe Adobe Standalone Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id53721
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53721
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2011:0239-1)
  • NASL familyWindows
    NASL idADOBE_ACROBAT_APSA11-01.NASL
    descriptionThe remote Windows host contains a version of Adobe Acrobat 9.x < 9.4.3 or 10.x < 10.0.2. Such versions are affected by an unspecified memory corruption vulnerability in authplay.dll. A remote attacker could exploit this by tricking a user into viewing maliciously crafted SWF content, resulting in arbitrary code execution. This bug is currently being exploited in the wild.
    last seen2020-06-01
    modified2020-06-02
    plugin id52671
    published2011-03-15
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52671
    titleAdobe Acrobat 9.x / 10.x Unspecified Memory Corruption (APSB11-06)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_FLASH-PLAYER-110321.NASL
    descriptionThe Adobe Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue. This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
    last seen2020-06-01
    modified2020-06-02
    plugin id53720
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53720
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2011:0215-1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_501EE07A564011E0985A001B2134EF46.NASL
    descriptionAdobe Product Security Incident Response Team reports : A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Macintosh operating systems. This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
    last seen2020-06-01
    modified2020-06-02
    plugin id52966
    published2011-03-25
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52966
    titleFreeBSD : linux-flashplugin -- remote code execution vulnerability (501ee07a-5640-11e0-985a-001b2134ef46)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_FLASH-PLAYER-110321.NASL
    descriptionThe Adobe Flash Player was updated to the 10.2.153.1, fixing several bugs and one security issue. This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
    last seen2020-06-01
    modified2020-06-02
    plugin id75495
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75495
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2011:0215-1)

Oval

accepted2015-08-03T04:00:40.859-04:00
classvulnerability
contributors
  • nameScott Quint
    organizationDTCC
  • nameShane Shaffer
    organizationG2, Inc.
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentAdobe Flash Player 9 is installed
    ovaloval:org.mitre.oval:def:7402
  • commentAdobe Flash Player is installed
    ovaloval:org.mitre.oval:def:6700
  • commentAdobe Flash Player is installed
    ovaloval:org.mitre.oval:def:6700
  • commentAdobe Acrobat 10.x is installed
    ovaloval:org.mitre.oval:def:11989
  • commentAdobe Flash Player 10 is installed
    ovaloval:org.mitre.oval:def:7610
  • commentAdobe Reader 9 Series is installed
    ovaloval:org.mitre.oval:def:6523
  • commentAdobe Flash Player is installed
    ovaloval:org.mitre.oval:def:6700
  • commentAdobe Acrobat 9 Series is installed
    ovaloval:org.mitre.oval:def:6013
  • commentAdobe Reader 10.x is installed
    ovaloval:org.mitre.oval:def:12283
  • commentActiveX Control is installed
    ovaloval:org.mitre.oval:def:26707
descriptionUnspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
familywindows
idoval:org.mitre.oval:def:14147
statusaccepted
submitted2011-11-04T14:32:53.000-05:00
titleUnspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
version75

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/99639/adobe_flashplayer_avm.rb.txt
idPACKETSTORM:99639
last seen2016-12-05
published2011-03-23
reporterbannedit
sourcehttps://packetstormsecurity.com/files/99639/Adobe-Flash-Player-AVM-Bytecode-Verification.html
titleAdobe Flash Player AVM Bytecode Verification

Redhat

advisories
rhsa
idRHSA-2011:0372
rpms
  • flash-plugin-0:10.2.153.1-1.el5
  • flash-plugin-0:10.2.153.1-1.el6

Saint

bid46860
descriptionAdobe Reader Flash AVM2 Memory Corruption
idmisc_flash
osvdb71254
titleadobe_reader_flash_avm2
typeclient

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:71506
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-71506
titleAdobe Flash Player AVM Bytecode Verification