Vulnerabilities > CVE-2015-0317 - Security vulnerability in Adobe Flash Player

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
adobe
linux
apple
microsoft
critical
nessus

Summary

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0319.

Vulnerable Configurations

Part Description Count
Application
Adobe
315
OS
Linux
1
OS
Apple
1
OS
Microsoft
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-118.NASL
    descriptionflash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed : - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - NULL pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
    last seen2020-06-05
    modified2015-02-09
    plugin id81243
    published2015-02-09
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81243
    titleopenSUSE Security Update : flash-player (openSUSE-2015-118)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-118.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81243);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-0313", "CVE-2015-0314", "CVE-2015-0315", "CVE-2015-0316", "CVE-2015-0317", "CVE-2015-0318", "CVE-2015-0319", "CVE-2015-0320", "CVE-2015-0321", "CVE-2015-0322", "CVE-2015-0323", "CVE-2015-0324", "CVE-2015-0325", "CVE-2015-0326", "CVE-2015-0327", "CVE-2015-0328", "CVE-2015-0329", "CVE-2015-0330");
    
      script_name(english:"openSUSE Security Update : flash-player (openSUSE-2015-118)");
      script_summary(english:"Check for the openSUSE-2015-118 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "flash-player was updated to version 11.2.202.442 to fix 18 security
    issues.
    
    These security issues were fixed :
    
      - Use-after-free vulnerabilities that could lead to code
        execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320,
        CVE-2015-0322). 
    
      - Memory corruption vulnerabilities that could lead to
        code execution (CVE-2015-0314, CVE-2015-0316,
        CVE-2015-0318, CVE-2015-0321, CVE-2015-0329,
        CVE-2015-0330). 
    
      - Type confusion vulnerabilities that could lead to code
        execution (CVE-2015-0317, CVE-2015-0319). 
    
      - Heap buffer overflow vulnerabilities that could lead to
        code execution (CVE-2015-0323, CVE-2015-0327). 
    
      - Buffer overflow vulnerability that could lead to code
        execution (CVE-2015-0324). 
    
      - NULL pointer dereference issues (CVE-2015-0325,
        CVE-2015-0326, CVE-2015-0328).
    
    More information is available at
    https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=915918"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected flash-player packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player PCRE Regex Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player-kde4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-11.2.202.442-98.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-gnome-11.2.202.442-98.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-kde4-11.2.202.442-98.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-11.2.202.442-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-gnome-11.2.202.442-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-kde4-11.2.202.442-2.33.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player / flash-player-gnome / flash-player-kde4");
    }
    
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSA15-02.NASL
    descriptionAccording to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen2020-06-01
    modified2020-06-02
    plugin id81127
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81127
    titleFlash Player <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSA15-02.NASL
    descriptionAccording to its version, the Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen2020-06-01
    modified2020-06-02
    plugin id81128
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81128
    titleFlash Player For Mac <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
  • NASL familyWindows
    NASL idSMB_KB3021953.NASL
    descriptionThe remote host is missing KB3021953. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328) - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen2020-06-01
    modified2020-06-02
    plugin id81209
    published2015-02-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81209
    titleMS KB3021953: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0140.NASL
    descriptionAn updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-04 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.442.
    last seen2020-06-01
    modified2020-06-02
    plugin id81244
    published2015-02-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81244
    titleRHEL 5 / 6 : flash-plugin (RHSA-2015:0140)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201502-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201502-02 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id81225
    published2015-02-09
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81225
    titleGLSA-201502-02 : Adobe Flash Player: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FLASH-PLAYER-150206.NASL
    descriptionflash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313 / CVE-2015-0315 / CVE-2015-0320 / CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314 / CVE-2015-0316 / CVE-2015-0318 / CVE-2015-0321 / CVE-2015-0329 / CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317 / CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323 / CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - NULL pointer dereference issues. (CVE-2015-0325 / CVE-2015-0326 / CVE-2015-0328) More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
    last seen2020-06-01
    modified2020-06-02
    plugin id81245
    published2015-02-09
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81245
    titleSuSE 11.3 Security Update : flash-player, flash-player-gnome, flash-player-kde4 (SAT Patch Number 10287)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_40_0_2214_111.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331) - A use-after-free error exists related to the DOM component. (CVE-2015-1209) - A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210) - A privilege escalation error exists related to service workers. (CVE-2015-1211) - Various, unspecified errors exist. (CVE-2015-1212)
    last seen2020-06-01
    modified2020-06-02
    plugin id81207
    published2015-02-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81207
    titleGoogle Chrome < 40.0.2214.111 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_40_0_2214_111.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331) - A use-after-free error exists related to the DOM component. (CVE-2015-1209) - A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210) - A privilege escalation error exists related to service workers. (CVE-2015-1211) - Various, unspecified errors exist. (CVE-2015-1212)
    last seen2020-06-01
    modified2020-06-02
    plugin id81208
    published2015-02-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81208
    titleGoogle Chrome < 40.0.2214.111 Multiple Vulnerabilities (Mac OS X)

Redhat

advisories
rhsa
idRHSA-2015:0140
rpms
  • flash-plugin-0:11.2.202.442-1.el5
  • flash-plugin-0:11.2.202.442-1.el6