Vulnerabilities > CVE-2014-0497 - Numeric Errors vulnerability in Adobe Flash Player
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Adobe Flash Player Integer Underflow Remote Code Execution. CVE-2014-0497. Remote exploit for windows platform |
| file | exploits/windows/remote/33212.rb |
| id | EDB-ID:33212 |
| last seen | 2016-02-03 |
| modified | 2014-05-06 |
| platform | windows |
| port | |
| published | 2014-05-06 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/33212/ |
| title | Adobe Flash Player Integer Underflow Remote Code Execution |
| type | remote |
Metasploit
| description | This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_AVM2 |
| last seen | 2020-05-13 |
| modified | 2017-07-24 |
| published | 2014-05-04 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/adobe_flash_avm2.rb |
| title | Adobe Flash Player Integer Underflow Remote Code Execution |
Nessus
NASL family Windows NASL id FLASH_PLAYER_APSB14-04.NASL description According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.260 / 11.8.x / 11.9.x / 12.0.0.43. It is, therefore, potentially affected by an unspecified vulnerability that could lead to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72284 published 2014-02-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72284 title Flash Player <= 11.7.700.260 / 12.0.0.43 Unspecified Remote Code Execution (APSB14-04) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72284); script_version("1.13"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-0497"); script_bugtraq_id(65327); script_name(english:"Flash Player <= 11.7.700.260 / 12.0.0.43 Unspecified Remote Code Execution (APSB14-04)"); script_summary(english:"Checks version of Flash Player"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a browser plugin that is affected by a code execution vulnerability."); script_set_attribute(attribute:"description", value: "According to its version, the instance of Flash Player installed on the remote Windows host is equal or prior to 11.7.700.260 / 11.8.x / 11.9.x / 12.0.0.43. It is, therefore, potentially affected by an unspecified vulnerability that could lead to arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-04.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Flash Player version 11.7.700.261 / 12.0.0.44 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0497"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Integer Underflow Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("flash_player_installed.nasl"); script_require_keys("SMB/Flash_Player/installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Flash_Player/installed"); # Identify vulnerable versions. info = ""; # we're checking for versions less than *or equal to* the cutoff! foreach variant (make_list("Plugin", "ActiveX", "Chrome", "Chrome_Pepper")) { vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*"); files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*"); if (!isnull(vers) && !isnull(files)) { foreach key (keys(vers)) { ver = vers[key]; if (ver) { iver = split(ver, sep:'.', keep:FALSE); for (i=0; i<max_index(iver); i++) iver[i] = int(iver[i]); if ( ( # Chrome Flash <= 12.0.0.41 variant == "Chrome_Pepper" && (iver[0] == 12 && iver[1] == 0 && iver[2] == 0 && iver[3] <= 41) ) || (variant != "Chrome_Pepper" && ( # < 11 iver[0] < 11 || # 11.x <= 11.7.700.257 ( iver[0] == 11 && ( iver[1] < 7 || ( iver[1] == 7 && ( iver[2] < 700 || (iver[2] == 700 && iver[3] <= 257) ) ) ) ) || # 11.8.x (iver[0] == 11 && iver[1] == 8) || # 11.9.x (iver[0] == 11 && iver[1] == 9) || # 12.0.0.x <= 12.0.0.43 ( iver[0] == 12 && ( iver[1] == 0 && ( iver[2] == 0 && ( iver[3] <= 43 ) ) ) ) ) ) ) { num = key - ("SMB/Flash_Player/"+variant+"/Version/"); file = files["SMB/Flash_Player/"+variant+"/File/"+num]; if (variant == "Plugin") { info += '\n Product: Browser Plugin (for Firefox / Netscape / Opera)'; } else if (variant == "ActiveX") { info += '\n Product : ActiveX control (for Internet Explorer)'; } else if ("Chrome" >< variant) { info += '\n Product : Browser Plugin (for Google Chrome)'; } info += '\n Path : ' + file + '\n Installed version : ' + ver; if (variant == "Chrome_Pepper") info += '\n Fixed version : 12.0.0.44 (Chrome PepperFlash)'; else { if (ver =~ "^11\.7") fix = "11.7.700.261"; else fix = "12.0.0.44"; info += '\n Fixed version : '+fix; } info += '\n'; } } } } } if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) security_hole(port:port, extra:info); else security_hole(port); } else { if (thorough_tests) exit(0, 'No vulnerable versions of Adobe Flash Player were found.'); else exit(1, 'Google Chrome\'s built-in Flash Player may not have been detected because the \'Perform thorough tests\' setting was not enabled.'); }NASL family Windows NASL id SMB_KB2929825.NASL description The remote host is missing KB2929825. It is, therefore, affected by an unspecified vulnerability that could lead to arbitrary code execution related to the installed version of the Adobe Flash ActiveX control. last seen 2020-06-01 modified 2020-06-02 plugin id 72286 published 2014-02-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72286 title MS KB2929825: Update for Vulnerability in Adobe Flash Player in Internet Explorer code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72286); script_version("1.14"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-0497"); script_bugtraq_id(65327); script_xref(name:"MSKB", value:"2929825"); script_name(english:"MS KB2929825: Update for Vulnerability in Adobe Flash Player in Internet Explorer"); script_summary(english:"Checks version of ActiveX control"); script_set_attribute(attribute:"synopsis", value: "The remote host has an ActiveX control installed that is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The remote host is missing KB2929825. It is, therefore, affected by an unspecified vulnerability that could lead to arbitrary code execution related to the installed version of the Adobe Flash ActiveX control."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-04.html"); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801"); script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/2929825/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash"); script_set_attribute(attribute:"solution", value: "Install Microsoft KB2929825."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0497"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Integer Underflow Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl"); script_require_keys("SMB/Registry/Enumerated", "SMB/WindowsVersion", "SMB/ProductName"); script_require_ports(139, 445); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_activex_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); if (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, "activex_init()"); # Adobe Flash Player CLSID clsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}'; file = activex_get_filename(clsid:clsid); if (isnull(file)) { activex_end(); audit(AUDIT_FN_FAIL, "activex_get_filename", "NULL"); } if (!file) { activex_end(); audit(AUDIT_ACTIVEX_NOT_FOUND, clsid); } # Get its version. version = activex_get_fileversion(clsid:clsid); if (!version) { activex_end(); audit(AUDIT_VER_FAIL, file); } info = ''; iver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(iver); i++) iver[i] = int(iver[i]); # < 12.0.0.44 if ( (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) && ( iver[0] < 12 || ( iver[0] == 12 && ( (iver[1] == 0 && iver[2] == 0 && iver[3] < 44) ) ) ) ) { info = '\n Path : ' + file + '\n Installed version : ' + version + '\n Fixed version : 12.0.0.44\n'; } port = kb_smb_transport(); if (info != '') { if (report_verbosity > 0) { if (report_paranoia > 1) { report = info + '\n' + 'Note, though, that Nessus did not check whether the kill bit was\n' + "set for the control's CLSID because of the Report Paranoia setting" + '\n' + 'in effect when this scan was run.\n'; } else { report = info + '\n' + 'Moreover, its kill bit is not set so it is accessible via Internet\n' + 'Explorer.\n'; } security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_HOST_NOT, 'affected');NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B7A7576D8E0A11E399769C4E36909CC0.NASL description Adobe reports : These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. last seen 2020-06-01 modified 2020-06-02 plugin id 72313 published 2014-02-05 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72313 title FreeBSD : linux-flashplugin -- multiple vulnerabilities (b7a7576d-8e0a-11e3-9976-9c4e36909cc0) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(72313); script_version("1.9"); script_cvs_date("Date: 2018/11/23 12:49:57"); script_cve_id("CVE-2014-0497"); script_name(english:"FreeBSD : linux-flashplugin -- multiple vulnerabilities (b7a7576d-8e0a-11e3-9976-9c4e36909cc0)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Adobe reports : These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system." ); # http://www.adobe.com/support/security/bulletins/apsb14-04.html script_set_attribute( attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb14-04.html" ); # https://vuxml.freebsd.org/freebsd/b7a7576d-8e0a-11e3-9976-9c4e36909cc0.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?48ddbd74" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Integer Underflow Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"linux-f10-flashplugin<11.2r202.336")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family MacOS X Local Security Checks NASL id MACOSX_FLASH_PLAYER_12_0_0_44.NASL description According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.260 / 11.8.x / 11.9.x / 12.0.0.43. It is, therefore, potentially affected by an unspecified vulnerability that could lead to arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72285 published 2014-02-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72285 title Flash Player for Mac <= 11.7.700.260 / 12.0.0.43 Unspecified Remote Code Execution (APSB14-04) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72285); script_version("1.11"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-0497"); script_bugtraq_id(65327); script_name(english:"Flash Player for Mac <= 11.7.700.260 / 12.0.0.43 Unspecified Remote Code Execution (APSB14-04)"); script_summary(english:"Checks version of Flash Player"); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host has a browser plugin that is affected by a code execution vulnerability."); script_set_attribute(attribute:"description", value: "According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 11.7.700.260 / 11.8.x / 11.9.x / 12.0.0.43. It is, therefore, potentially affected by an unspecified vulnerability that could lead to arbitrary code execution."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-04.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Flash Player version 11.7.700.261 / 12.0.0.44 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0497"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Integer Underflow Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_flash_player_installed.nasl"); script_require_keys("MacOSX/Flash_Player/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("MacOSX/Flash_Player/Version"); path = get_kb_item_or_exit("MacOSX/Flash_Player/Path"); # nb: we're checking for versions less than *or equal to* the cutoff! extended_cutoff_version = "11.7.700.260"; extended_fixed_version = "11.7.700.261"; standard_cutoff_version = "12.0.0.43"; standard_fixed_version = "12.0.0.44"; fixed_version_for_report = NULL; if (version =~ "^([0-9]|10)\.|^11\.[0-6]") fixed_version_for_report = extended_fixed_version; else if ( version =~ "^11\.7\." && ver_compare(ver:version, fix:extended_cutoff_version, strict:FALSE) <= 0 ) fixed_version_for_report = extended_fixed_version; else if (version =~ "^11\.[89]\.") fixed_version_for_report = standard_fixed_version; else if ( version =~ "^12\.0\.0\." && ver_compare(ver:version, fix:standard_cutoff_version, strict:FALSE) <= 0 ) fixed_version_for_report = standard_fixed_version; if (!isnull(fixed_version_for_report)) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version_for_report + '\n'; security_hole(port:0, extra:report); } else security_hole(0); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);NASL family SuSE Local Security Checks NASL id SUSE_11_FLASH-PLAYER-140206.NASL description This update resolves an integer underflow vulnerability that could have been exploited to execute arbitrary code on the affected system. (CVE-2014-0497) More information: http://helpx.adobe.com/security/products/flash-player/apsb14-04.html last seen 2020-06-05 modified 2014-02-12 plugin id 72455 published 2014-02-12 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72455 title SuSE 11.2 / 11.3 Security Update : flash-player (SAT Patch Numbers 8876 / 8880) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(72455); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0497"); script_name(english:"SuSE 11.2 / 11.3 Security Update : flash-player (SAT Patch Numbers 8876 / 8880)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update resolves an integer underflow vulnerability that could have been exploited to execute arbitrary code on the affected system. (CVE-2014-0497) More information: http://helpx.adobe.com/security/products/flash-player/apsb14-04.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=862288" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0497.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 8876 / 8880 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Integer Underflow Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-kde4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"flash-player-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"flash-player-gnome-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"flash-player-kde4-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"flash-player-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"flash-player-gnome-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"flash-player-kde4-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-gnome-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-kde4-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-gnome-11.2.202.336-0.3.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-kde4-11.2.202.336-0.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201402-06.NASL description The remote host is affected by the vulnerability described in GLSA-201402-06 (Adobe Flash Player: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted SWF file using Adobe Flash Player, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72383 published 2014-02-07 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72383 title GLSA-201402-06 : Adobe Flash Player: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-109.NASL description Flash Player received an out of band critical security update to fix an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system (CVE-2014-0497). More information can be found on: http://helpx.adobe.com/security/products/flash-player/apsb14-04.html last seen 2020-06-05 modified 2014-06-13 plugin id 75246 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75246 title openSUSE Security Update : flash-player (openSUSE-SU-2014:0197-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0137.NASL description An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB14-04, listed in the References section. Specially crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. (CVE-2014-0497) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.336. last seen 2020-06-01 modified 2020-06-02 plugin id 72363 published 2014-02-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72363 title RHEL 5 / 6 : flash-plugin (RHSA-2014:0137)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/126489/adobe_flash_avm2.rb.txt |
| id | PACKETSTORM:126489 |
| last seen | 2016-12-05 |
| published | 2014-05-05 |
| reporter | juan vazquez |
| source | https://packetstormsecurity.com/files/126489/Adobe-Flash-Player-Integer-Underflow-Remote-Code-Execution.html |
| title | Adobe Flash Player Integer Underflow Remote Code Execution |
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:86453 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-86453 title Adobe Flash Player Integer Underflow Remote Code Execution bulletinFamily exploit description No description provided by source. id SSV:62259 last seen 2017-11-19 modified 2014-05-08 published 2014-05-08 reporter Root source https://www.seebug.org/vuldb/ssvid-62259 title Adobe Flash Player 整数堆栈下溢远程命令执行
The Hacker News
id THN:4DE1AF7BDFD0877B0B7DFD7595D0B20D last seen 2018-01-27 modified 2014-02-05 published 2014-02-05 reporter Pierluigi Paganini source https://thehackernews.com/2014/02/adobe-issues-emergency-flash-player.html title Adobe issues Emergency Flash Player update to patch critical zero-day threat id THN:F6B79957FA6EFD8F9C60F4A8646CCE04 last seen 2018-01-27 modified 2015-07-09 published 2015-07-09 reporter Wang Wei source https://thehackernews.com/2015/07/Hacking-Team-Flash-Zero-Day.html title Hacking Team Flash Zero-Day Linked to Cyber Attacks on South Korea and Japan
References
- http://googlechromereleases.blogspot.com/2014/02/stable-channel-update.html
- http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html
- http://rhn.redhat.com/errata/RHSA-2014-0137.html
- http://secunia.com/advisories/56437
- http://secunia.com/advisories/56737
- http://secunia.com/advisories/56780
- http://secunia.com/advisories/56799
- http://secunia.com/advisories/56839
- http://www.exploit-db.com/exploits/33212
- http://www.osvdb.org/102849
- http://www.securityfocus.com/bid/65327
- http://www.securitytracker.com/id/1029715
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90884