Vulnerabilities > CVE-2015-6680 - Unspecified vulnerability in Adobe Shockwave Player

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
adobe
critical
nessus

Summary

Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6681.

Vulnerable Configurations

Part Description Count
Application
Adobe
67

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201509-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201509-07 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91735
    published2016-06-22
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91735
    titleGLSA-201509-07 : Adobe Flash Player: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201509-07.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91735);
      script_version("2.4");
      script_cvs_date("Date: 2019/04/11 17:23:06");
    
      script_cve_id("CVE-2015-5567", "CVE-2015-5568", "CVE-2015-5570", "CVE-2015-5571", "CVE-2015-5572", "CVE-2015-5573", "CVE-2015-5574", "CVE-2015-5575", "CVE-2015-5576", "CVE-2015-5577", "CVE-2015-5578", "CVE-2015-5579", "CVE-2015-5580", "CVE-2015-5581", "CVE-2015-5582", "CVE-2015-5584", "CVE-2015-5587", "CVE-2015-5588", "CVE-2015-6676", "CVE-2015-6677", "CVE-2015-6678", "CVE-2015-6679", "CVE-2015-6680", "CVE-2015-6681", "CVE-2015-6682");
      script_xref(name:"GLSA", value:"201509-07");
    
      script_name(english:"GLSA-201509-07 : Adobe Flash Player: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201509-07
    (Adobe Flash Player: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Adobe Flash Player.
          Please review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could possibly execute arbitrary code with the
          privileges of the process, cause a Denial of Service condition, obtain
          sensitive information, or bypass security restrictions.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201509-07"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Adobe Flash Player users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=www-plugins/adobe-flash-11.2.202.521'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 11.2.202.521"), vulnerable:make_list("lt 11.2.202.521"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Flash Player");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SHOCKWAVE_PLAYER_APSB15-22.NASL
    descriptionThe remote Mac OS X host contains a version of Adobe Shockwave Player that is prior or equal to 12.1.9.160. It is, therefore, affected by multiple remote code execution vulnerabilities due improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to corrupt memory, potentially resulting in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id85881
    published2015-09-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85881
    titleAdobe Shockwave Player <= 12.1.9.160 Multiple RCE (APSB15-22) (Mac OS X)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85881);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-6680", "CVE-2015-6681");
      script_bugtraq_id(76664);
    
      script_name(english:"Adobe Shockwave Player <= 12.1.9.160 Multiple RCE (APSB15-22) (Mac OS X)");
      script_summary(english:"Checks version of Shockwave Player.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Mac OS X host contains a web browser plugin that is
    affected by multiple remote code execution vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote Mac OS X host contains a version of Adobe Shockwave Player
    that is prior or equal to 12.1.9.160. It is, therefore, affected by
    multiple remote code execution vulnerabilities due improper validation
    of user-supplied input. A remote attacker can exploit these
    vulnerabilities to corrupt memory, potentially resulting in the
    execution of arbitrary code.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/shockwave/apsb15-22.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Shockwave Player 12.2.0.162 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6681");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:shockwave_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("shockwave_player_detect_macosx.nbin");
      script_require_keys("installed_sw/Shockwave Player", "Host/MacOSX/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    app = 'Shockwave Player';
    
    get_install_count(app_name:app, exit_if_zero:TRUE);
    
    install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
    
    ver = install['version'];
    path = install['path'];
    
    if (ver_compare(ver:ver, fix:'12.1.9.160', strict:FALSE) <= 0)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + ver +
          '\n  Fixed versions    : 12.2.0.162' +
          '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(port:0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, app, ver, path);
    
  • NASL familyWindows
    NASL idSHOCKWAVE_PLAYER_APSB15-22.NASL
    descriptionThe remote Windows host contains a version of Adobe Shockwave Player that is prior or equal to 12.1.9.160. It is, therefore, affected by multiple remote code execution vulnerabilities due improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to corrupt memory, potentially resulting in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id85882
    published2015-09-09
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85882
    titleAdobe Shockwave Player <= 12.1.9.160 Multiple RCE (APSB15-22)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85882);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id("CVE-2015-6680", "CVE-2015-6681");
      script_bugtraq_id(76664);
    
      script_name(english:"Adobe Shockwave Player <= 12.1.9.160 Multiple RCE (APSB15-22)");
      script_summary(english:"Checks version of Shockwave Player.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a web browser plugin that is affected
    by multiple remote code execution vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote Windows host contains a version of Adobe Shockwave Player
    that is prior or equal to 12.1.9.160. It is, therefore, affected by
    multiple remote code execution vulnerabilities due improper validation
    of user-supplied input. A remote attacker can exploit these
    vulnerabilities to corrupt memory, potentially resulting in the
    execution of arbitrary code.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/shockwave/apsb15-22.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Shockwave Player 12.2.0.162 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6681");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/09/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/09/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:shockwave_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("shockwave_player_apsb09_08.nasl");
      script_require_keys("SMB/shockwave_player");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    installs = get_kb_list_or_exit("SMB/shockwave_player/*/path");
    
    appname = "Shockwave Player";
    
    latest_vuln_version = "12.1.9.160"; # versions <= this version are vuln
    fix = "12.2.0.162";
    
    info = NULL;
    pattern = "SMB/shockwave_player/([^/]+)/([^/]+)/path";
    
    vuln = 0;
    foreach install (keys(installs))
    {
      match = eregmatch(string:install, pattern:pattern);
      if (!match) exit(1, "Unexpected format of KB key '" + install + "'.");
    
      file = installs[install];
      variant = match[1];
      version = match[2];
    
      if (ver_compare(ver:version, fix:latest_vuln_version) <= 0)
      {
        if (variant == "Plugin")
          info += '\n  Variant           : Browser Plugin (for Firefox / Netscape / Opera)';
        else if (variant == "ActiveX")
          info += '\n  Variant           : ActiveX control (for Internet Explorer)';
        info +=
          '\n  File              : ' + file +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fix + '\n';
        vuln++;
      }
    }
    
    if (!info) audit(AUDIT_INST_VER_NOT_VULN, appname);
    
    port = get_kb_item("SMB/transport");
    if (!port) port = 445;
    
    if (report_verbosity > 0)
    {
      if (vuln > 1) s = "s";
      else s = "";
    
      report =
        '\n' + 'Nessus has identified the following vulnerable instance' + s + ' of Shockwave'+
        '\n' + 'Player installed on the remote host :' +
        '\n' +
        info + '\n';
      security_hole(port:port, extra:report);
    }
    else security_hole(port);