Vulnerabilities > CVE-2015-3097 - Information Exposure vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Windows NASL id ADOBE_AIR_APSB15-11.NASL description According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 17.0.0.172. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108) last seen 2020-06-01 modified 2020-06-02 plugin id 84158 published 2015-06-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84158 title Adobe AIR <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84158); script_version("1.19"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2015-3096", "CVE-2015-3097", "CVE-2015-3098", "CVE-2015-3099", "CVE-2015-3100", "CVE-2015-3101", "CVE-2015-3102", "CVE-2015-3103", "CVE-2015-3104", "CVE-2015-3105", "CVE-2015-3106", "CVE-2015-3107", "CVE-2015-3108" ); script_bugtraq_id( 75080, 75081, 75084, 75085, 75086, 75087, 75088, 75089, 75090 ); script_name(english:"Adobe AIR <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)"); script_summary(english:"Checks the version gathered by local check."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a version of Adobe AIR installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 17.0.0.172. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108)"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"); # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe AIR 18.0.0.144 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3107"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("adobe_air_installed.nasl"); script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Adobe_AIR/Version"); path = get_kb_item_or_exit("SMB/Adobe_AIR/Path"); version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui + ' (' + version + ')'; cutoff_version = '17.0.0.172'; fix = '18.0.0.144'; fix_ui = '18.0'; if (ver_compare(ver:version, fix:cutoff_version) <= 0) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version_report + '\n Fixed version : ' + fix_ui + " (" + fix + ')' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version_report, path);NASL family Windows NASL id GOOGLE_CHROME_43_0_2357_132.NASL description The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.132. It is, therefore, affected by multiple vulnerabilities in the bundled version of Adobe Flash : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 84667 published 2015-07-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84667 title Google Chrome < 43.0.2357.132 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84667); script_version("1.12"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2014-0578", "CVE-2015-3097", "CVE-2015-3114", "CVE-2015-3115", "CVE-2015-3116", "CVE-2015-3117", "CVE-2015-3118", "CVE-2015-3119", "CVE-2015-3120", "CVE-2015-3121", "CVE-2015-3122", "CVE-2015-3123", "CVE-2015-3124", "CVE-2015-3125", "CVE-2015-3126", "CVE-2015-3127", "CVE-2015-3128", "CVE-2015-3129", "CVE-2015-3130", "CVE-2015-3131", "CVE-2015-3132", "CVE-2015-3133", "CVE-2015-3134", "CVE-2015-3135", "CVE-2015-3136", "CVE-2015-3137", "CVE-2015-4428", "CVE-2015-4429", "CVE-2015-4430", "CVE-2015-4431", "CVE-2015-4432", "CVE-2015-4433", "CVE-2015-5116", "CVE-2015-5117", "CVE-2015-5118", "CVE-2015-5119", "CVE-2015-5124" ); script_bugtraq_id( 75090, 75568, 75590, 75591, 75592, 75593, 75594, 75595, 75596 ); script_name(english:"Google Chrome < 43.0.2357.132 Multiple Vulnerabilities"); script_summary(english:"Checks the version number of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.132. It is, therefore, affected by multiple vulnerabilities in the bundled version of Adobe Flash : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://googlechromereleases.blogspot.ca/2015/07/stable-channel-update.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e87f6dbb"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 43.0.2357.132 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5124"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player ByteArray Use After Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'43.0.2357.132', severity:SECURITY_HOLE);NASL family Windows NASL id ADOBE_AIR_APSB15-16.NASL description According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 18.0.0.144. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) last seen 2020-06-01 modified 2020-06-02 plugin id 84641 published 2015-07-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84641 title Adobe AIR <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84641); script_version("1.13"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2014-0578", "CVE-2015-3097", "CVE-2015-3114", "CVE-2015-3115", "CVE-2015-3116", "CVE-2015-3117", "CVE-2015-3118", "CVE-2015-3119", "CVE-2015-3120", "CVE-2015-3121", "CVE-2015-3122", "CVE-2015-3123", "CVE-2015-3124", "CVE-2015-3125", "CVE-2015-3126", "CVE-2015-3127", "CVE-2015-3128", "CVE-2015-3129", "CVE-2015-3130", "CVE-2015-3131", "CVE-2015-3132", "CVE-2015-3133", "CVE-2015-3134", "CVE-2015-3135", "CVE-2015-3136", "CVE-2015-3137", "CVE-2015-4428", "CVE-2015-4429", "CVE-2015-4430", "CVE-2015-4431", "CVE-2015-4432", "CVE-2015-4433", "CVE-2015-5116", "CVE-2015-5117", "CVE-2015-5118", "CVE-2015-5119", "CVE-2015-5124" ); script_bugtraq_id( 75090, 75568, 75590, 75591, 75592, 75593, 75594, 75595, 75596 ); script_name(english:"Adobe AIR <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16)"); script_summary(english:"Checks the version gathered by local check."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a version of Adobe AIR installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 18.0.0.144. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"); # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe AIR 18.0.0.180 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5124"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player ByteArray Use After Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/08"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("adobe_air_installed.nasl"); script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Adobe_AIR/Version"); path = get_kb_item_or_exit("SMB/Adobe_AIR/Path"); version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui + ' (' + version + ')'; cutoff_version = '18.0.0.144'; fix = '18.0.0.180'; fix_ui = '18.0'; if (ver_compare(ver:version, fix:cutoff_version) <= 0) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version_report + '\n Fixed version : ' + fix_ui + " (" + fix + ')' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version_report, path);NASL family MacOS X Local Security Checks NASL id MACOSX_ADOBE_AIR_APSB15-16.NASL description According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 18.0.0.144. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) last seen 2020-06-01 modified 2020-06-02 plugin id 84643 published 2015-07-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84643 title Adobe AIR for Mac <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16) NASL family Windows NASL id GOOGLE_CHROME_43_0_2357_124.NASL description The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.124. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 84049 published 2015-06-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84049 title Google Chrome < 43.0.2357.124 Multiple Vulnerabilities NASL family Windows NASL id SMB_KB3065820.NASL description The remote Windows host is missing KB3065820. It is, therefore, affected by the multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108) last seen 2020-06-01 modified 2020-06-02 plugin id 84052 published 2015-06-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84052 title MS KB3065820: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201506-01.NASL description The remote host is affected by the vulnerability described in GLSA-201506-01 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 84315 published 2015-06-22 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84315 title GLSA-201506-01 : Adobe Flash Player: Multiple vulnerabilities NASL family Windows NASL id FLASH_PLAYER_APSB15-16.NASL description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.194. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) last seen 2020-06-01 modified 2020-06-02 plugin id 84642 published 2015-07-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84642 title Adobe Flash Player <= 18.0.0.194 Multiple Vulnerabilities (APSB15-16) NASL family MacOS X Local Security Checks NASL id MACOSX_FLASH_PLAYER_APSB15-16.NASL description The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 18.0.0.194. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) last seen 2020-06-01 modified 2020-06-02 plugin id 84644 published 2015-07-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84644 title Adobe Flash Player <= 18.0.0.194 Multiple Vulnerabilities (APSB15-16) (Mac OS X) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_43_0_2357_132.NASL description The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.132. It is, therefore, affected by multiple vulnerabilities in the bundled version of Adobe Flash : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 84668 published 2015-07-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84668 title Google Chrome < 43.0.2357.132 Multiple Vulnerabilities (Mac OS X) NASL family Windows NASL id FLASH_PLAYER_APSB15-11.NASL description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 17.0.0.188. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108) last seen 2020-06-01 modified 2020-06-02 plugin id 84048 published 2015-06-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84048 title Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11) NASL family Windows NASL id SMB_KB3065823.NASL description The remote Windows host is missing KB3065823. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) last seen 2020-06-01 modified 2020-06-02 plugin id 84645 published 2015-07-09 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84645 title MS KB3065823: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1E63DB88105011E5A4DFC485083CA99C.NASL description Adobe reports : Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a vulnerability (CVE-2015-3096) that could be exploited to bypass the fix for CVE-2014-5333. These updates improve memory address randomization of the Flash heap for the Window 7 64-bit platform (CVE-2015-3097). These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102). These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-3100). These updates resolve a permission issue in the Flash broker for Internet Explorer that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2015-3101). These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3104). These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2015-3105). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107). These updates resolve a memory leak vulnerability that could be used to bypass ASLR (CVE-2015-3108). last seen 2020-06-01 modified 2020-06-02 plugin id 84132 published 2015-06-12 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84132 title FreeBSD : Adobe Flash Player -- critical vulnerabilities (1e63db88-1050-11e5-a4df-c485083ca99c)
References
- http://www.securityfocus.com/bid/75090
- http://www.securitytracker.com/id/1032519
- http://www.securitytracker.com/id/1032810
- https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
- https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
- https://security.gentoo.org/glsa/201506-01