Vulnerabilities > CVE-2015-3106 - Remote Code Execution vulnerability in Adobe Flash Player and AIR

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
adobe
apple
microsoft
linux
google
critical
nessus
exploit available

Summary

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107. CWE-416: Use After Free

Vulnerable Configurations

Part Description Count
Application
Adobe
377
OS
Apple
1
OS
Microsoft
1
OS
Linux
1
OS
Google
1

Exploit-Db

descriptionFlash AS2 Use After Free in TextField.filters. CVE-2015-3106. Dos exploit for windows platform
fileexploits/windows/dos/37847.txt
idEDB-ID:37847
last seen2016-02-04
modified2015-08-19
platformwindows
port
published2015-08-19
reporterbilou
sourcehttps://www.exploit-db.com/download/37847/
titleFlash AS2 Use After Free in TextField.filters
typedos

Nessus

  • NASL familyWindows
    NASL idADOBE_AIR_APSB15-11.NASL
    descriptionAccording to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 17.0.0.172. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108)
    last seen2020-06-01
    modified2020-06-02
    plugin id84158
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84158
    titleAdobe AIR <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84158);
      script_version("1.19");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-3096",
        "CVE-2015-3097",
        "CVE-2015-3098",
        "CVE-2015-3099",
        "CVE-2015-3100",
        "CVE-2015-3101",
        "CVE-2015-3102",
        "CVE-2015-3103",
        "CVE-2015-3104",
        "CVE-2015-3105",
        "CVE-2015-3106",
        "CVE-2015-3107",
        "CVE-2015-3108"
      );
      script_bugtraq_id(
        75080,
        75081,
        75084,
        75085,
        75086,
        75087,
        75088,
        75089,
        75090
      );
    
      script_name(english:"Adobe AIR <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)");
      script_summary(english:"Checks the version gathered by local check.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has a version of Adobe AIR installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its version, the installation of Adobe AIR on the remote
    Windows host is equal or prior to 17.0.0.172. It is, therefore,
    affected by multiple vulnerabilities :
    
      - An unspecified vulnerability exists that allows an
        attacker to bypass the fix for CVE-2014-5333.
        (CVE-2015-3096)
    
      - An unspecified memory address randomization flaw exists
        on Windows 7 64-bit. (CVE-2015-3097)
    
      - Multiple unspecified flaws exist that allow a remote
        attacker to bypass the same-origin-policy, resulting in
        the disclosure of sensitive information. (CVE-2015-3098,
        CVE-2015-3099, CVE-2015-3102)
    
      - A remote code execution vulnerability exists due to an
        unspecified stack overflow flaw. (CVE-2015-3100)
    
      - A permission flaw exists in the Flash broker for IE
        that allows an attacker to perform a privilege
        escalation. (CVE-2015-3101)
    
      - Multiple use-after-free errors exist that allow an
        attacker to execute arbitrary code. (CVE-2015-3103,
        CVE-2015-3106, CVE-2015-3107)
    
      - An integer overflow condition exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to execute arbitrary code. (CVE-2015-3104)
    
      - A memory corruption flaw exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this flaw, via specially crafted flash
        content, to corrupt memory and execute arbitrary code.
        (CVE-2015-3105)
    
      - An unspecified memory leak exists that allows an
        attacker to bypass the Address Space Layout
        Randomization (ASLR) feature. (CVE-2015-3108)");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html");
      # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe AIR 18.0.0.144 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3107");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_air_installed.nasl");
      script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("SMB/Adobe_AIR/Version");
    path = get_kb_item_or_exit("SMB/Adobe_AIR/Path");
    
    version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI");
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui + ' (' + version + ')';
    
    cutoff_version = '17.0.0.172';
    fix = '18.0.0.144';
    fix_ui = '18.0';
    
    if (ver_compare(ver:version, fix:cutoff_version) <= 0)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version_report +
          '\n  Fixed version     : ' + fix_ui + " (" + fix + ')' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version_report, path);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSB15-11.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 17.0.0.188. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108)
    last seen2020-06-01
    modified2020-06-02
    plugin id84050
    published2015-06-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84050
    titleAdobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11) (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84050);
      script_version("1.16");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-3096",
        "CVE-2015-3098",
        "CVE-2015-3099",
        "CVE-2015-3100",
        "CVE-2015-3101",
        "CVE-2015-3102",
        "CVE-2015-3103",
        "CVE-2015-3104",
        "CVE-2015-3105",
        "CVE-2015-3106",
        "CVE-2015-3107",
        "CVE-2015-3108"
      );
      script_bugtraq_id(
        75080,
        75081,
        75084,
        75085,
        75086,
        75087,
        75088,
        75089
      );
    
      script_name(english:"Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11) (Mac OS X)");
      script_summary(english:"Checks the version of Flash Player.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host has a browser plugin installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Flash Player installed on the remote Mac OS X
    host is equal or prior to version 17.0.0.188. It is, therefore,
    affected by multiple vulnerabilities :
    
      - An unspecified vulnerability exists that allows an
        attacker to bypass the fix for CVE-2014-5333.
        (CVE-2015-3096)
    
      - Multiple unspecified flaws exist that allow a remote
        attacker to bypass the same-origin-policy, resulting in
        the disclosure of sensitive information. (CVE-2015-3098,
        CVE-2015-3099, CVE-2015-3102)
    
      - A remote code execution vulnerability exists due to an
        unspecified stack overflow flaw. (CVE-2015-3100)
    
      - A permission flaw exists in the Flash broker for IE
        that allows an attacker to perform a privilege
        escalation. (CVE-2015-3101)
    
      - Multiple use-after-free errors exist that allow an
        attacker to execute arbitrary code. (CVE-2015-3103,
        CVE-2015-3106, CVE-2015-3107)
    
      - An integer overflow condition exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to execute arbitrary code. (CVE-2015-3104)
    
      - A memory corruption flaw exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this flaw, via specially crafted flash
        content, to corrupt memory and execute arbitrary code.
        (CVE-2015-3105)
    
      - An unspecified memory leak exists that allows an
        attacker to bypass the Address Space Layout
        Randomization (ASLR) feature. (CVE-2015-3108)");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html");
      # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Flash Player version 18.0.0.160 or later.
    
    Alternatively, Adobe has made version 13.0.0.292 available for those
    installations that cannot be upgraded to 18.x.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3107");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_flash_player_installed.nasl");
      script_require_keys("MacOSX/Flash_Player/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");
    path = get_kb_item_or_exit("MacOSX/Flash_Player/Path");
    
    if (ver_compare(ver:version, fix:"14.0.0.0", strict:FALSE) >= 0)
    {
      cutoff_version = "17.0.0.188";
      fix = "18.0.0.160";
    }
    else
    {
      cutoff_version = "13.0.0.289";
      fix = "13.0.0.292";
    }
    
    # nb: we're checking for versions less than *or equal to* the cutoff!
    if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fix +
          '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1086.NASL
    descriptionAn updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107) Multiple security bypass flaws were found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) A memory information leak flaw was found in flash-plugin that could allow an attacker to potentially bypass ASLR (Address Space Layout Randomization) protection, and make it easier to exploit other flaws. (CVE-2015-3108) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.466.
    last seen2020-06-01
    modified2020-06-02
    plugin id84111
    published2015-06-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84111
    titleRHEL 5 / 6 : flash-plugin (RHSA-2015:1086)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:1086. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84111);
      script_version("2.23");
      script_cvs_date("Date: 2019/10/24 15:35:40");
    
      script_cve_id("CVE-2015-3096", "CVE-2015-3098", "CVE-2015-3099", "CVE-2015-3100", "CVE-2015-3102", "CVE-2015-3103", "CVE-2015-3104", "CVE-2015-3105", "CVE-2015-3106", "CVE-2015-3107", "CVE-2015-3108");
      script_bugtraq_id(75080, 75081, 75084, 75085, 75086, 75087, 75088);
      script_xref(name:"RHSA", value:"2015:1086");
    
      script_name(english:"RHEL 5 / 6 : flash-plugin (RHSA-2015:1086)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated Adobe Flash Player package that fixes multiple security
    issues is now available for Red Hat Enterprise Linux 5 and 6
    Supplementary.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The flash-plugin package contains a Mozilla Firefox compatible Adobe
    Flash Player web browser plug-in.
    
    This update fixes multiple vulnerabilities in Adobe Flash Player.
    These vulnerabilities are detailed in the Adobe Security Bulletin
    APSB15-11 listed in the References section.
    
    Multiple flaws were found in the way flash-plugin displayed certain
    SWF content. An attacker could use these flaws to create a specially
    crafted SWF file that would cause flash-plugin to crash or,
    potentially, execute arbitrary code when the victim loaded a page
    containing the malicious SWF content. (CVE-2015-3100, CVE-2015-3103,
    CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107)
    
    Multiple security bypass flaws were found in flash-plugin that could
    lead to the disclosure of sensitive information. (CVE-2015-3096,
    CVE-2015-3098, CVE-2015-3099, CVE-2015-3102)
    
    A memory information leak flaw was found in flash-plugin that could
    allow an attacker to potentially bypass ASLR (Address Space Layout
    Randomization) protection, and make it easier to exploit other flaws.
    (CVE-2015-3108)
    
    All users of Adobe Flash Player should install this updated package,
    which upgrades Flash Player to version 11.2.202.466."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:1086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3099"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3098"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-3096"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected flash-plugin package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:flash-plugin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:1086";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"flash-plugin-11.2.202.466-1.el5")) flag++;
    
    
      if (rpm_check(release:"RHEL6", reference:"flash-plugin-11.2.202.466-1.el6_6")) flag++;
    
    
      if (flag)
      {
        flash_plugin_caveat = '\n' +
          'NOTE: This vulnerability check only applies to RedHat released\n' +
          'versions of the flash-plugin package. This check does not apply to\n' +
          'Adobe released versions of the flash-plugin package, which are\n' +
          'versioned similarly and cause collisions in detection.\n\n' +
    
          'If you are certain you are running the Adobe released package of\n' +
          'flash-plugin and are running a version of it equal or higher to the\n' +
          'RedHat version listed above then you can consider this a false\n' +
          'positive.\n';
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-plugin");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-412.NASL
    descriptionAdobe Flash Player was updated to 11.2.202.466 to fix multiple security issues. The following vulnerabilities were fixed : - CVE-2015-3096: bypass for CVE-2014-5333 - CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure - CVE-2015-3099: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure - CVE-2015-3100: stack overflow vulnerability that could lead to code execution - CVE-2015-3102: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure - CVE-2015-3103: use-after-free vulnerabilities that could lead to code execution - CVE-2015-3104: integer overflow vulnerability that could lead to code execution - CVE-2015-3105: memory corruption vulnerability that could lead to code execution - CVE-2015-3106: use-after-free vulnerabilities that could lead to code execution - CVE-2015-3107: use-after-free vulnerabilities that could lead to code execution - CVE-2015-3108: memory leak vulnerability that could be used to bypass ASLR
    last seen2020-06-05
    modified2015-06-12
    plugin id84135
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84135
    titleopenSUSE Security Update : Adobe Flash Player (openSUSE-2015-412)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-412.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84135);
      script_version("2.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-5333", "CVE-2015-3096", "CVE-2015-3098", "CVE-2015-3099", "CVE-2015-3100", "CVE-2015-3102", "CVE-2015-3103", "CVE-2015-3104", "CVE-2015-3105", "CVE-2015-3106", "CVE-2015-3107", "CVE-2015-3108");
    
      script_name(english:"openSUSE Security Update : Adobe Flash Player (openSUSE-2015-412)");
      script_summary(english:"Check for the openSUSE-2015-412 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Adobe Flash Player was updated to 11.2.202.466 to fix multiple
    security issues.
    
    The following vulnerabilities were fixed :
    
      - CVE-2015-3096: bypass for CVE-2014-5333
    
      - CVE-2015-3098: vulnerabilities that could be exploited
        to bypass the same-origin-policy and lead to information
        disclosure
    
      - CVE-2015-3099: vulnerabilities that could be exploited
        to bypass the same-origin-policy and lead to information
        disclosure
    
      - CVE-2015-3100: stack overflow vulnerability that could
        lead to code execution
    
      - CVE-2015-3102: vulnerabilities that could be exploited
        to bypass the same-origin-policy and lead to information
        disclosure
    
      - CVE-2015-3103: use-after-free vulnerabilities that could
        lead to code execution
    
      - CVE-2015-3104: integer overflow vulnerability that could
        lead to code execution
    
      - CVE-2015-3105: memory corruption vulnerability that
        could lead to code execution
    
      - CVE-2015-3106: use-after-free vulnerabilities that could
        lead to code execution
    
      - CVE-2015-3107: use-after-free vulnerabilities that could
        lead to code execution
    
      - CVE-2015-3108: memory leak vulnerability that could be
        used to bypass ASLR"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=934088"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected Adobe Flash Player packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player-kde4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-11.2.202.466-120.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-gnome-11.2.202.466-120.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-kde4-11.2.202.466-120.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-11.2.202.466-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-gnome-11.2.202.466-2.55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-kde4-11.2.202.466-2.55.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player / flash-player-gnome / flash-player-kde4");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ADOBE_AIR_APSB15-11.NASL
    descriptionAccording to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 17.0.0.172. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108)
    last seen2020-06-01
    modified2020-06-02
    plugin id84162
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84162
    titleAdobe AIR for Mac <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84162);
      script_version("1.17");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-3096",
        "CVE-2015-3098",
        "CVE-2015-3099",
        "CVE-2015-3100",
        "CVE-2015-3101",
        "CVE-2015-3102",
        "CVE-2015-3103",
        "CVE-2015-3104",
        "CVE-2015-3105",
        "CVE-2015-3106",
        "CVE-2015-3107",
        "CVE-2015-3108"
      );
      script_bugtraq_id(
        75080,
        75081,
        75084,
        75085,
        75086,
        75087,
        75088,
        75089
      );
    
      script_name(english:"Adobe AIR for Mac <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)");
      script_summary(english:"Checks the version gathered by local check.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host has a version of Adobe AIR installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its version, the installation of Adobe AIR on the remote
    Mac OS X host is equal or prior to 17.0.0.172. It is, therefore,
    affected by multiple vulnerabilities :
    
      - An unspecified vulnerability exists that allows an
        attacker to bypass the fix for CVE-2014-5333.
        (CVE-2015-3096)
    
      - Multiple unspecified flaws exist that allow a remote
        attacker to bypass the same-origin-policy, resulting in
        the disclosure of sensitive information. (CVE-2015-3098,
        CVE-2015-3099, CVE-2015-3102)
    
      - A remote code execution vulnerability exists due to an
        unspecified stack overflow flaw. (CVE-2015-3100)
    
      - A permission flaw exists in the Flash broker for IE
        that allows an attacker to perform a privilege
        escalation. (CVE-2015-3101)
    
      - Multiple use-after-free errors exist that allow an
        attacker to execute arbitrary code. (CVE-2015-3103,
        CVE-2015-3106, CVE-2015-3107)
    
      - An integer overflow condition exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to execute arbitrary code. (CVE-2015-3104)
    
      - A memory corruption flaw exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this flaw, via specially crafted flash
        content, to corrupt memory and execute arbitrary code.
        (CVE-2015-3105)
    
      - An unspecified memory leak exists that allows an
        attacker to bypass the Address Space Layout
        Randomization (ASLR) feature. (CVE-2015-3108)");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html");
      # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe AIR 18.0.0.143 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3107");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_adobe_air_installed.nasl");
      script_require_keys("MacOSX/Adobe_AIR/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    kb_base = "MacOSX/Adobe_AIR";
    version = get_kb_item_or_exit(kb_base+"/Version");
    path = get_kb_item_or_exit(kb_base+"/Path");
    
    # nb: we're checking for versions less than *or equal to* the cutoff!
    cutoff_version = '17.0.0.172';
    fixed_version_for_report = '18.0.0.143';
    
    if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version_for_report +
          '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version, path);
    
  • NASL familyWindows
    NASL idGOOGLE_CHROME_43_0_2357_124.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.124. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id84049
    published2015-06-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84049
    titleGoogle Chrome < 43.0.2357.124 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84049);
      script_version("1.17");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-3096",
        "CVE-2015-3097",
        "CVE-2015-3098",
        "CVE-2015-3099",
        "CVE-2015-3100",
        "CVE-2015-3102",
        "CVE-2015-3103",
        "CVE-2015-3104",
        "CVE-2015-3105",
        "CVE-2015-3106",
        "CVE-2015-3107",
        "CVE-2015-3108"
      );
      script_bugtraq_id(
        75080,
        75081,
        75084,
        75085,
        75086,
        75087,
        75088,
        75090
      );
    
      script_name(english:"Google Chrome < 43.0.2357.124 Multiple Vulnerabilities");
      script_summary(english:"Checks the version number of Google Chrome.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote Windows host is
    prior to 43.0.2357.124. It is, therefore, affected by multiple
    vulnerabilities related to Adobe Flash :
    
      - An unspecified vulnerability exists that allows an
        attacker to bypass the fix for CVE-2014-5333.
        (CVE-2015-3096)
    
      - An unspecified memory address randomization flaw exists
        on Windows 7 64-bit. (CVE-2015-3097)
    
      - Multiple unspecified flaws exist that allow a remote
        attacker to bypass the same-origin-policy, resulting in
        the disclosure of sensitive information. (CVE-2015-3098,
        CVE-2015-3099, CVE-2015-3102)
    
      - A remote code execution vulnerability exists due to an
        unspecified stack overflow flaw. (CVE-2015-3100)
    
      - Multiple use-after-free errors exist that allow an
        attacker to execute arbitrary code. (CVE-2015-3103,
        CVE-2015-3106, CVE-2015-3107)
    
      - An integer overflow condition exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to execute arbitrary code. (CVE-2015-3104)
    
      - A memory corruption flaw exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this flaw, via specially crafted flash
        content, to corrupt memory and execute arbitrary code.
        (CVE-2015-3105)
    
      - An unspecified memory leak exists that allows an
        attacker to bypass the Address Space Layout
        Randomization (ASLR) feature. (CVE-2015-3108)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # http://googlechromereleases.blogspot.com/2015/06/stable-channel-update.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9b0da1f");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome 43.0.2357.124 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3107");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("google_chrome_installed.nasl");
      script_require_keys("SMB/Google_Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("SMB/Google_Chrome/Installed");
    installs = get_kb_list("SMB/Google_Chrome/*");
    
    google_chrome_check_version(installs:installs, fix:'43.0.2357.124', severity:SECURITY_HOLE);
    
  • NASL familyWindows
    NASL idSMB_KB3065820.NASL
    descriptionThe remote Windows host is missing KB3065820. It is, therefore, affected by the multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108)
    last seen2020-06-01
    modified2020-06-02
    plugin id84052
    published2015-06-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84052
    titleMS KB3065820: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84052);
      script_version("1.20");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-3096",
        "CVE-2015-3097",
        "CVE-2015-3098",
        "CVE-2015-3099",
        "CVE-2015-3100",
        "CVE-2015-3101",
        "CVE-2015-3102",
        "CVE-2015-3103",
        "CVE-2015-3104",
        "CVE-2015-3105",
        "CVE-2015-3106",
        "CVE-2015-3107",
        "CVE-2015-3108"
      );
      script_bugtraq_id(
        75080,
        75081,
        75084,
        75085,
        75086,
        75087,
        75088,
        75089,
        75090
      );
      script_xref(name:"MSKB", value:"3065820");
    
      script_name(english:"MS KB3065820: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer");
      script_summary(english:"Checks the version of the ActiveX control.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has a browser plugin installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host is missing KB3065820. It is, therefore,
    affected by the multiple vulnerabilities :
    
      - An unspecified vulnerability exists that allows an
        attacker to bypass the fix for CVE-2014-5333.
        (CVE-2015-3096)
    
      - An unspecified memory address randomization flaw exists
        on Windows 7 64-bit. (CVE-2015-3097)
    
      - Multiple unspecified flaws exist that allow a remote
        attacker to bypass the same-origin-policy, resulting in
        the disclosure of sensitive information. (CVE-2015-3098,
        CVE-2015-3099, CVE-2015-3102)
    
      - A remote code execution vulnerability exists due to an
        unspecified stack overflow flaw. (CVE-2015-3100)
    
      - A permission flaw exists in the Flash broker for IE
        that allows an attacker to perform a privilege
        escalation. (CVE-2015-3101)
    
      - Multiple use-after-free errors exist that allow an
        attacker to execute arbitrary code. (CVE-2015-3103,
        CVE-2015-3106, CVE-2015-3107)
    
      - An integer overflow condition exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to execute arbitrary code. (CVE-2015-3104)
    
      - A memory corruption flaw exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this flaw, via specially crafted flash
        content, to corrupt memory and execute arbitrary code.
        (CVE-2015-3105)
    
      - An unspecified memory leak exists that allows an
        attacker to bypass the Address Space Layout
        Randomization (ASLR) feature. (CVE-2015-3108)");
      script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801");
      script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/3065820/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html");
      script_set_attribute(attribute:"solution", value:
    "Install Microsoft KB3065820.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3107");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_hotfixes.nasl");
      script_require_keys("SMB/Registry/Enumerated", "SMB/WindowsVersion");
      script_require_ports(139, 445);
    
      exit(0);
    }
    
    include("audit.inc");
    include("smb_func.inc");
    include("smb_hotfixes.inc");
    include("smb_hotfixes_fcheck.inc");
    include("smb_activex_func.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
    
    if (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
    if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);
    
    if (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, "activex_init()");
    
    # Adobe Flash Player CLSID
    clsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';
    
    file = activex_get_filename(clsid:clsid);
    if (isnull(file))
    {
      activex_end();
      audit(AUDIT_FN_FAIL, "activex_get_filename", "NULL");
    }
    if (!file)
    {
      activex_end();
      audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);
    }
    
    # Get its version.
    version = activex_get_fileversion(clsid:clsid);
    if (!version)
    {
      activex_end();
      audit(AUDIT_VER_FAIL, file);
    }
    
    info = '';
    
    iver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(iver); i++)
     iver[i] = int(iver[i]);
    
    # <= 17.0.0.188
    if (
      (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&
      (
        iver[0] < 17 ||
        (
          iver[0] == 17 &&
          (
            (iver[1] == 0 && iver[2] == 0 && iver[3] <= 188)
          )
        )
      )
    )
    {
      info = '\n  Path              : ' + file +
             '\n  Installed version : ' + version +
             '\n  Fixed version     : 18.0.0.160' +
             '\n';
    }
    
    port = kb_smb_transport();
    
    if (info != '')
    {
      if (report_verbosity > 0)
      {
        if (report_paranoia > 1)
        {
          report = info +
            '\n' +
            'Note, though, that Nessus did not check whether the kill bit was\n' +
            "set for the control's CLSID because of the Report Paranoia setting" + '\n' +
            'in effect when this scan was run.\n';
        }
        else
        {
          report = info +
            '\n' +
            'Moreover, its kill bit is not set so it is accessible via Internet\n' +
            'Explorer.\n';
        }
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_HOST_NOT, 'affected');
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201506-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201506-01 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id84315
    published2015-06-22
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84315
    titleGLSA-201506-01 : Adobe Flash Player: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201506-01.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84315);
      script_version("$Revision: 2.12 $");
      script_cvs_date("$Date: 2016/05/20 14:03:00 $");
    
      script_cve_id("CVE-2015-3096", "CVE-2015-3097", "CVE-2015-3098", "CVE-2015-3099", "CVE-2015-3100", "CVE-2015-3101", "CVE-2015-3102", "CVE-2015-3103", "CVE-2015-3104", "CVE-2015-3105", "CVE-2015-3106", "CVE-2015-3107", "CVE-2015-3108", "CVE-2015-4472");
      script_bugtraq_id(72490, 75080, 75081, 75084, 75085, 75086, 75087, 75088, 75089, 75090);
      script_xref(name:"GLSA", value:"201506-01");
    
      script_name(english:"GLSA-201506-01 : Adobe Flash Player: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201506-01
    (Adobe Flash Player: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Adobe Flash Player.
          Please review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could possibly execute arbitrary code with the
          privileges of the process, cause a Denial of Service condition, obtain
          sensitive information, or bypass security restrictions.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201506-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Adobe Flash Player users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-plugins/adobe-flash-11.2.202.466'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 11.2.202.466"), vulnerable:make_list("lt 11.2.202.466"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Flash Player");
    }
    
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB15-11.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 17.0.0.188. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - An unspecified memory address randomization flaw exists on Windows 7 64-bit. (CVE-2015-3097) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - A permission flaw exists in the Flash broker for IE that allows an attacker to perform a privilege escalation. (CVE-2015-3101) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108)
    last seen2020-06-01
    modified2020-06-02
    plugin id84048
    published2015-06-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84048
    titleAdobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84048);
      script_version("1.19");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-3096",
        "CVE-2015-3097",
        "CVE-2015-3098",
        "CVE-2015-3099",
        "CVE-2015-3100",
        "CVE-2015-3101",
        "CVE-2015-3102",
        "CVE-2015-3103",
        "CVE-2015-3104",
        "CVE-2015-3105",
        "CVE-2015-3106",
        "CVE-2015-3107",
        "CVE-2015-3108"
      );
      script_bugtraq_id(
        75080,
        75081,
        75084,
        75085,
        75086,
        75087,
        75088,
        75089,
        75090
      );
    
      script_name(english:"Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11)");
      script_summary(english:"Checks the version of Flash Player.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has a browser plugin installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Flash Player installed on the remote Windows host
    is equal or prior to version 17.0.0.188. It is, therefore, affected by
    multiple vulnerabilities :
    
      - An unspecified vulnerability exists that allows an
        attacker to bypass the fix for CVE-2014-5333.
        (CVE-2015-3096)
    
      - An unspecified memory address randomization flaw exists
        on Windows 7 64-bit. (CVE-2015-3097)
    
      - Multiple unspecified flaws exist that allow a remote
        attacker to bypass the same-origin-policy, resulting in
        the disclosure of sensitive information. (CVE-2015-3098,
        CVE-2015-3099, CVE-2015-3102)
    
      - A remote code execution vulnerability exists due to an
        unspecified stack overflow flaw. (CVE-2015-3100)
    
      - A permission flaw exists in the Flash broker for IE
        that allows an attacker to perform a privilege
        escalation. (CVE-2015-3101)
    
      - Multiple use-after-free errors exist that allow an
        attacker to execute arbitrary code. (CVE-2015-3103,
        CVE-2015-3106, CVE-2015-3107)
    
      - An integer overflow condition exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to execute arbitrary code. (CVE-2015-3104)
    
      - A memory corruption flaw exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this flaw, via specially crafted flash
        content, to corrupt memory and execute arbitrary code.
        (CVE-2015-3105)
    
      - An unspecified memory leak exists that allows an
        attacker to bypass the Address Space Layout
        Randomization (ASLR) feature. (CVE-2015-3108)");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html");
      # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Flash Player version 18.0.0.160 or later.
    
    Alternatively, Adobe has made version 13.0.0.292 available for those
    installations that cannot be upgraded to 18.x.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3107");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("flash_player_installed.nasl");
      script_require_keys("SMB/Flash_Player/installed");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("SMB/Flash_Player/installed");
    
    # Identify vulnerable versions.
    info = "";
    variants = make_list(
      "Plugin",
      "ActiveX",
      "Chrome",
      "Chrome_Pepper"
    );
    
    # we're checking for versions less than *or equal to* the cutoff!
    foreach variant (variants)
    {
      vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*");
      files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*");
    
      if(isnull(vers) || isnull(files))
        continue;
    
      foreach key (keys(vers))
      {
        ver = vers[key];
        if(isnull(ver))
          continue;
    
        vuln = FALSE;
    
        # Chrome Flash <= 17.0.0.188
        if(variant == "Chrome_Pepper" &&
           ver_compare(ver:ver,fix:"17.0.0.188",strict:FALSE) <= 0
        ) vuln = TRUE;
    
        # <= 13.0.0.289
        if(variant != "Chrome_Pepper" &&
           ver_compare(ver:ver,fix:"13.0.0.289",strict:FALSE) <= 0
        ) vuln = TRUE;
    
        # 14-17 <= 17.0.0.134
        if(variant != "Chrome_Pepper" &&
           ver =~ "^1[4-7]\." &&
           ver_compare(ver:ver,fix:"17.0.0.188",strict:FALSE) <= 0
        ) vuln = TRUE;
    
        if(vuln)
        {
          num = key - ("SMB/Flash_Player/"+variant+"/Version/");
          file = files["SMB/Flash_Player/"+variant+"/File/"+num];
          if (variant == "Plugin")
          {
            info += '\n Product : Browser plugin (for Firefox / Netscape / Opera)';
            fix = "18.0.0.160 / 13.0.0.292";
          }
          else if (variant == "ActiveX")
          {
            info += '\n Product : ActiveX control (for Internet Explorer)';
            fix = "18.0.0.160 / 13.0.0.292";
          }
          else if ("Chrome" >< variant)
          {
            info += '\n Product : Browser plugin (for Google Chrome)';
            if(variant == "Chrome")
              fix = "Upgrade to the latest version of Google Chrome.";
          }
          info += '\n  Path              : ' + file +
                  '\n  Installed version : ' + ver;
          if (variant == "Chrome_Pepper")
            info += '\n  Fixed version     : 18.0.0.160 (Chrome PepperFlash)';
          else if(!isnull(fix))
            info += '\n  Fixed version     : '+fix;
          info += '\n';
        }
      }
    }
    
    if (info)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0) security_hole(port:port, extra:info);
      else security_hole(port);
    }
    else
    {
      if (thorough_tests)
        exit(0, 'No vulnerable versions of Adobe Flash Player were found.');
      else
        exit(1, 'Google Chrome\'s built-in Flash Player may not have been detected because the \'Perform thorough tests\' setting was not enabled.');
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1043-1.NASL
    descriptionThe following issues are fixed by this updated : - CVE-2015-3096: These updates resolve a vulnerability that could be exploited to bypass the fix for CVE-2014-5333. - CVE-2015-3098, CVE-2015-3099, CVE-2015-3102: These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure. - CVE-2015-3100: These updates resolve a stack overflow vulnerability that could lead to code execution. - CVE-2015-3103, CVE-2015-3106, CVE-2015-3107: These updates resolve use-after-free vulnerabilities that could lead to code execution. - CVE-2015-3104: These updates resolve an integer overflow vulnerability that could lead to code execution. - CVE-2015-3105: These updates resolve a memory corruption vulnerability that could lead to code execution. - CVE-2015-3108: These updates resolve a memory leak vulnerability that could be used to bypass ASLR (CVE-2015-3108). (bsc#934088) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84147
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84147
    titleSUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1043-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:1043-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84147);
      script_version("2.20");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2014-5333", "CVE-2015-3096", "CVE-2015-3098", "CVE-2015-3099", "CVE-2015-3100", "CVE-2015-3102", "CVE-2015-3103", "CVE-2015-3104", "CVE-2015-3105", "CVE-2015-3106", "CVE-2015-3107", "CVE-2015-3108");
      script_bugtraq_id(69320, 75080, 75081, 75084, 75085, 75086, 75087, 75088);
    
      script_name(english:"SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1043-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following issues are fixed by this updated :
    
      - CVE-2015-3096: These updates resolve a vulnerability
        that could be exploited to bypass the fix for
        CVE-2014-5333.
    
      - CVE-2015-3098, CVE-2015-3099, CVE-2015-3102: These
        updates resolve vulnerabilities that could be exploited
        to bypass the same-origin-policy and lead to information
        disclosure.
    
      - CVE-2015-3100: These updates resolve a stack overflow
        vulnerability that could lead to code execution.
    
      - CVE-2015-3103, CVE-2015-3106, CVE-2015-3107: These
        updates resolve use-after-free vulnerabilities that
        could lead to code execution.
    
      - CVE-2015-3104: These updates resolve an integer overflow
        vulnerability that could lead to code execution.
    
      - CVE-2015-3105: These updates resolve a memory corruption
        vulnerability that could lead to code execution.
    
      - CVE-2015-3108: These updates resolve a memory leak
        vulnerability that could be used to bypass ASLR
        (CVE-2015-3108). (bsc#934088)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=934088"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3096/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3098/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3099/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3100/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3102/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3103/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3104/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3105/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3106/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3107/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3108/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20151043-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?aa58eb14"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12 :
    
    zypper in -t patch SUSE-SLE-WE-12-2015-263=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-263=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:flash-player");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:flash-player-gnome");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"flash-player-11.2.202.466-86.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"flash-player-gnome-11.2.202.466-86.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_43_0_2357_124.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.124. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash : - An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333. (CVE-2015-3096) - Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information. (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) - A remote code execution vulnerability exists due to an unspecified stack overflow flaw. (CVE-2015-3100) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107) - An integer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3104) - A memory corruption flaw exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw, via specially crafted flash content, to corrupt memory and execute arbitrary code. (CVE-2015-3105) - An unspecified memory leak exists that allows an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3108) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id84051
    published2015-06-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84051
    titleGoogle Chrome < 43.0.2357.124 Multiple Vulnerabilities (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84051);
      script_version("1.15");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-3096",
        "CVE-2015-3098",
        "CVE-2015-3099",
        "CVE-2015-3100",
        "CVE-2015-3102",
        "CVE-2015-3103",
        "CVE-2015-3104",
        "CVE-2015-3105",
        "CVE-2015-3106",
        "CVE-2015-3107",
        "CVE-2015-3108"
      );
      script_bugtraq_id(
        75080,
        75081,
        75084,
        75085,
        75086,
        75087,
        75088
      );
    
      script_name(english:"Google Chrome < 43.0.2357.124 Multiple Vulnerabilities (Mac OS X)");
      script_summary(english:"Checks the version number of Google Chrome.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser that is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Google Chrome installed on the remote Mac OS X host is
    prior to 43.0.2357.124. It is, therefore, affected by multiple
    vulnerabilities related to Adobe Flash :
    
      - An unspecified vulnerability exists that allows an
        attacker to bypass the fix for CVE-2014-5333.
        (CVE-2015-3096)
    
      - Multiple unspecified flaws exist that allow a remote
        attacker to bypass the same-origin-policy, resulting in
        the disclosure of sensitive information. (CVE-2015-3098,
        CVE-2015-3099, CVE-2015-3102)
    
      - A remote code execution vulnerability exists due to an
        unspecified stack overflow flaw. (CVE-2015-3100)
    
      - Multiple use-after-free errors exist that allow an
        attacker to execute arbitrary code. (CVE-2015-3103,
        CVE-2015-3106, CVE-2015-3107)
    
      - An integer overflow condition exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this to execute arbitrary code. (CVE-2015-3104)
    
      - A memory corruption flaw exists due to improper
        validation of user-supplied input. A remote attacker can
        exploit this flaw, via specially crafted flash
        content, to corrupt memory and execute arbitrary code.
        (CVE-2015-3105)
    
      - An unspecified memory leak exists that allows an
        attacker to bypass the Address Space Layout
        Randomization (ASLR) feature. (CVE-2015-3108)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      # http://googlechromereleases.blogspot.com/2015/06/stable-channel-update.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9b0da1f");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Google Chrome 43.0.2357.124 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3107");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player Drawing Fill Shader Memory Corruption');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_google_chrome_installed.nbin");
      script_require_keys("MacOSX/Google Chrome/Installed");
    
      exit(0);
    }
    
    include("google_chrome_version.inc");
    
    get_kb_item_or_exit("MacOSX/Google Chrome/Installed");
    
    google_chrome_check_version(fix:'43.0.2357.124', severity:SECURITY_HOLE);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1E63DB88105011E5A4DFC485083CA99C.NASL
    descriptionAdobe reports : Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a vulnerability (CVE-2015-3096) that could be exploited to bypass the fix for CVE-2014-5333. These updates improve memory address randomization of the Flash heap for the Window 7 64-bit platform (CVE-2015-3097). These updates resolve vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102). These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-3100). These updates resolve a permission issue in the Flash broker for Internet Explorer that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2015-3101). These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3104). These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2015-3105). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-3103, CVE-2015-3106, CVE-2015-3107). These updates resolve a memory leak vulnerability that could be used to bypass ASLR (CVE-2015-3108).
    last seen2020-06-01
    modified2020-06-02
    plugin id84132
    published2015-06-12
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84132
    titleFreeBSD : Adobe Flash Player -- critical vulnerabilities (1e63db88-1050-11e5-a4df-c485083ca99c)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1064-1.NASL
    descriptionAdobe Flash Player was updated to 11.2.202.466 to fix multiple security issues. The following vulnerabilities were fixed : CVE-2015-3096: bypass for CVE-2014-5333 CVE-2015-3098: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-3099: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-3100: stack overflow vulnerability that could lead to code execution CVE-2015-3102: vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-3103: use-after-free vulnerabilities that could lead to code execution CVE-2015-3104: integer overflow vulnerability that could lead to code execution CVE-2015-3105: memory corruption vulnerability that could lead to code execution CVE-2015-3106: use-after-free vulnerabilities that could lead to code execution CVE-2015-3107: use-after-free vulnerabilities that could lead to code execution CVE-2015-3108: memory leak vulnerability that could be used to bypass ASLR More information can be found on: <a href=
    last seen2020-06-01
    modified2020-06-02
    plugin id84207
    published2015-06-16
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84207
    titleSUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1064-1)

Redhat

advisories
rhsa
idRHSA-2015:1086
rpms
  • flash-plugin-0:11.2.202.466-1.el5
  • flash-plugin-0:11.2.202.466-1.el6_6