Vulnerabilities > CVE-2016-4121 - Use After Free vulnerability in Adobe products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_FLASH_PLAYER_APSB16-15.NASL description The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 21.0.0.226. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116) last seen 2020-06-01 modified 2020-06-02 plugin id 91165 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91165 title Adobe Flash Player for Mac <= 21.0.0.226 Multiple Vulnerabilities (APSB16-15) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91165); script_version("1.13"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163" ); script_bugtraq_id(90505); script_name(english:"Adobe Flash Player for Mac <= 21.0.0.226 Multiple Vulnerabilities (APSB16-15)"); script_summary(english:"Checks the version of Flash Player."); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host has a browser plugin installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 21.0.0.226. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"); # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Flash Player version 21.0.0.242 or later. Alternatively, Adobe has made version 18.0.0.352 available for those installs that cannot be upgraded to the latest version"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4117"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_flash_player_installed.nasl"); script_require_keys("MacOSX/Flash_Player/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("MacOSX/Flash_Player/Version"); path = get_kb_item_or_exit("MacOSX/Flash_Player/Path"); if (ver_compare(ver:version, fix:"19.0.0.0", strict:FALSE) >= 0) { cutoff_version = "21.0.0.226"; fix = "21.0.0.242"; } else { cutoff_version = "18.0.0.343"; fix = "18.0.0.352"; } # we're checking for versions less than or equal to the cutoff! if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:0, extra:report); } else security_hole(0); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
NASL family Windows NASL id FLASH_PLAYER_APSB16-15.NASL description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to 21.0.0.226. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116) last seen 2020-06-01 modified 2020-06-02 plugin id 91163 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91163 title Adobe Flash Player <= 21.0.0.226 Multiple Vulnerabilities (APSB16-15) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91163); script_version("1.14"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163" ); script_bugtraq_id(90505); script_name(english:"Adobe Flash Player <= 21.0.0.226 Multiple Vulnerabilities (APSB16-15)"); script_summary(english:"Checks the version of Flash Player."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to 21.0.0.226. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"); # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Flash Player version 21.0.0.242 or later. Alternatively, Adobe has made version 18.0.0.352 available for those installations that cannot be upgraded to the latest version."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4117"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("flash_player_installed.nasl"); script_require_keys("SMB/Flash_Player/installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Flash_Player/installed"); # Identify vulnerable versions. info = ""; variants = make_list( "Plugin", "ActiveX", "Chrome", "Chrome_Pepper" ); # we're checking for versions less than *or equal to* the cutoff! foreach variant (variants) { vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*"); files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*"); if(isnull(vers) || isnull(files)) continue; foreach key (keys(vers)) { ver = vers[key]; if(isnull(ver)) continue; vuln = FALSE; # Chrome Flash <= 21.0.0.216 if(variant == "Chrome_Pepper" && ver_compare(ver:ver,fix:"21.0.0.216",strict:FALSE) <= 0 ) vuln = TRUE; # <= 18.0.0.343 if(variant != "Chrome_Pepper" && ver_compare(ver:ver,fix:"18.0.0.343",strict:FALSE) <= 0 ) vuln = TRUE; # 19 <= 21.0.0.241 else if(variant != "Chrome_Pepper" && ver =~ "^(?:19|[2-9]\d)\.") { if (variant == "ActiveX" && ver_compare(ver:ver,fix:"21.0.0.241",strict:FALSE) <= 0) vuln = TRUE; else if (ver_compare(ver:ver,fix:"21.0.0.226",strict:FALSE) <= 0) vuln = TRUE; } if(vuln) { num = key - ("SMB/Flash_Player/"+variant+"/Version/"); file = files["SMB/Flash_Player/"+variant+"/File/"+num]; if (variant == "Plugin") { info += '\n Product : Browser Plugin (for Firefox / Netscape / Opera)'; fix = "21.0.0.242 / 18.0.0.352"; } else if (variant == "ActiveX") { info += '\n Product : ActiveX control (for Internet Explorer)'; fix = "21.0.0.242 / 18.0.0.352"; } else if ("Chrome" >< variant) { info += '\n Product : Browser Plugin (for Google Chrome)'; if(variant == "Chrome") fix = "Upgrade to a version of Google Chrome running Flash Player 21.0.0.242"; } info += '\n Path : ' + file + '\n Installed version : ' + ver; if (variant == "Chrome_Pepper") info += '\n Fixed version : 21.0.0.242 (Chrome PepperFlash)'; else if(!isnull(fix)) info += '\n Fixed version : '+fix; info += '\n'; } } } if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) security_hole(port:port, extra:info); else security_hole(port); } else { if (thorough_tests) exit(0, 'No vulnerable versions of Adobe Flash Player were found.'); else exit(1, 'Google Chrome\'s built-in Flash Player may not have been detected because the \'Perform thorough tests\' setting was not enabled.'); }
NASL family Windows NASL id ADOBE_AIR_APSB16-15.NASL description The version of Adobe AIR installed on the remote Windows host is prior or equal to version 21.0.0.198. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116) last seen 2020-06-01 modified 2020-06-02 plugin id 91162 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91162 title Adobe AIR <= 21.0.0.198 Multiple Vulnerabilities (APSB16-15) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91162); script_version("1.14"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163" ); script_bugtraq_id(90505); script_name(english:"Adobe AIR <= 21.0.0.198 Multiple Vulnerabilities (APSB16-15)"); script_summary(english:"Checks the version of AIR."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Adobe AIR installed on the remote Windows host is prior or equal to version 21.0.0.198. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe AIR version 21.0.0.215 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4117"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("adobe_air_installed.nasl"); script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Adobe_AIR/Version"); path = get_kb_item_or_exit("SMB/Adobe_AIR/Path"); version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui + ' (' + version + ')'; cutoff_version = '21.0.0.198'; fix = '21.0.0.215'; fix_ui = '21.0'; if (ver_compare(ver:version, fix:cutoff_version) <= 0) { port = get_kb_item("SMB/transport"); if (!port) port = 445; report = '\n Path : ' + path + '\n Installed version : ' + version_report + '\n Fixed version : ' + fix_ui + " (" + fix + ')' + '\n'; security_report_v4(severity:SECURITY_HOLE, port:port, extra:report); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version_report, path);
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0C6B008D35C411E68E82002590263BF5.NASL description Adobe reports : These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-1105, CVE-2016-4117). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121). These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-1101). These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2016-1103). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163). These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4116). last seen 2020-06-01 modified 2020-06-02 plugin id 91697 published 2016-06-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91697 title FreeBSD : flash -- multiple vulnerabilities (0c6b008d-35c4-11e6-8e82-002590263bf5) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2019 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(91697); script_version("2.7"); script_cvs_date("Date: 2019/07/10 16:04:13"); script_cve_id("CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163"); script_name(english:"FreeBSD : flash -- multiple vulnerabilities (0c6b008d-35c4-11e6-8e82-002590263bf5)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Adobe reports : These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2016-1105, CVE-2016-4117). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121). These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2016-1101). These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2016-1103). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163). These updates resolve a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4116)." ); script_set_attribute( attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" ); # https://vuxml.freebsd.org/freebsd/0c6b008d-35c4-11e6-8e82-002590263bf5.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ddc0f2e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"linux-c6-flashplugin<11.2r202.621")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-c6_64-flashplugin<11.2r202.621")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-f10-flashplugin<11.2r202.621")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201606-08.NASL description The remote host is affected by the vulnerability described in GLSA-201606-08 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 91702 published 2016-06-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91702 title GLSA-201606-08 : Adobe Flash Player: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201606-08. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(91702); script_version("2.7"); script_cvs_date("Date: 2019/04/11 17:23:06"); script_cve_id("CVE-2016-1019", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163", "CVE-2016-4171"); script_xref(name:"GLSA", value:"201606-08"); script_name(english:"GLSA-201606-08 : Adobe Flash Player: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201606-08 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201606-08" ); script_set_attribute( attribute:"solution", value: "All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose 'www-plugins/adobe-flash-11.2.202.626'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:adobe-flash"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-plugins/adobe-flash", unaffected:make_list("ge 11.2.202.626"), vulnerable:make_list("lt 11.2.202.626"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Flash Player"); }
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS16-064.NASL description The remote Windows host is missing KB3163207. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116) Note: KB3163207 replaces KB3157993 which did not address CVE-2016-4117. last seen 2020-06-01 modified 2020-06-02 plugin id 91013 published 2016-05-10 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91013 title MS16-064: Security Update for Adobe Flash Player (3163207) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91013); script_version("1.21"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163" ); script_bugtraq_id(90505); script_xref(name:"MSFT", value:"MS16-064"); script_xref(name:"MSKB", value:"3163207"); script_name(english:"MS16-064: Security Update for Adobe Flash Player (3163207)"); script_summary(english:"Checks the version of the ActiveX control."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing KB3163207. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116) Note: KB3163207 replaces KB3157993 which did not address CVE-2016-4117."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-064"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1, 2012 R2, and 10."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4117"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/10"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_activex_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = "MS16-064"; kbs = make_list("3163207"); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); if (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, "activex_init()"); # Adobe Flash Player CLSID clsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}'; file = activex_get_filename(clsid:clsid); if (isnull(file)) { activex_end(); audit(AUDIT_FN_FAIL, "activex_get_filename", "NULL"); } if (!file) { activex_end(); audit(AUDIT_ACTIVEX_NOT_FOUND, clsid); } # Get its version. version = activex_get_fileversion(clsid:clsid); if (!version) { activex_end(); audit(AUDIT_VER_FAIL, file); } info = ''; iver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(iver); i++) iver[i] = int(iver[i]); iver = join(iver, sep:"."); # all <= 18.0.0.343 or 19 < 21.0.0.213 fix = FALSE; if(iver =~ "^(19|2[01])\." && ver_compare(ver:iver, fix:"21.0.0.241", strict:FALSE) <= 0) fix = "21.0.0.242"; else if(ver_compare(ver:iver, fix:"18.0.0.343", strict:FALSE) <= 0) fix = "18.0.0.352"; if ( (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) && fix ) { info = '\n Path : ' + file + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; } port = kb_smb_transport(); if (info != '') { if (report_paranoia > 1) { report = info + '\n' + 'Note, though, that Nessus did not check whether the kill bit was\n' + "set for the control's CLSID because of the Report Paranoia setting" + '\n' + 'in effect when this scan was run.\n'; } else { report = info + '\n' + 'Moreover, its kill bit is not set so it is accessible via Internet\n' + 'Explorer.\n'; } set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_add_report(bulletin:'MS16-064', kb:'3163207', report); security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report()); } else audit(AUDIT_HOST_NOT, 'affected');
NASL family MacOS X Local Security Checks NASL id MACOSX_ADOBE_AIR_APSB16-15.NASL description The version of Adobe AIR installed on the remote Mac OS X host is prior or equal to version 21.0.0.198. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116) last seen 2020-06-01 modified 2020-06-02 plugin id 91164 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91164 title Adobe AIR for Mac <= 21.0.0.198 Multiple Vulnerabilities (APSB16-15) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91164); script_version("1.14"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163" ); script_bugtraq_id(90505); script_name(english:"Adobe AIR for Mac <= 21.0.0.198 Multiple Vulnerabilities (APSB16-15)"); script_summary(english:"Checks the version of AIR."); script_set_attribute(attribute:"synopsis", value: "The remote Mac OS X host has a browser plugin installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Adobe AIR installed on the remote Mac OS X host is prior or equal to version 21.0.0.198. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe AIR version 21.0.0.215 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4117"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_adobe_air_installed.nasl"); script_require_keys("MacOSX/Adobe_AIR/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); kb_base = "MacOSX/Adobe_AIR"; version = get_kb_item_or_exit(kb_base+"/Version"); path = get_kb_item_or_exit(kb_base+"/Path"); # nb: we're checking for versions less than *or equal to* the cutoff! cutoff_version = '21.0.0.198'; fixed_version_for_report = '21.0.0.215'; if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version_for_report + '\n'; security_report_v4(severity:SECURITY_HOLE, port:0, extra:report); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version, path);
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1079.NASL description An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.621. Security Fix(es) : * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117) last seen 2020-06-01 modified 2020-06-02 plugin id 91156 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91156 title RHEL 5 / 6 : flash-plugin (RHSA-2016:1079) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:1079. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(91156); script_version("2.25"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163"); script_xref(name:"RHSA", value:"2016:1079"); script_name(english:"RHEL 5 / 6 : flash-plugin (RHSA-2016:1079)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.621. Security Fix(es) : * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117)" ); script_set_attribute( attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html" ); script_set_attribute( attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsa16-02.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:1079" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4109" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1098" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1099" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1096" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1097" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1108" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1109" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1104" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1105" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1106" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1107" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1100" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1101" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1102" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1103" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4114" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4115" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4116" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4117" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4111" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4112" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4113" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4108" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4120" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4121" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4160" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4161" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4162" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-4163" ); script_set_attribute( attribute:"solution", value:"Update the affected flash-plugin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:flash-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:1079"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"flash-plugin-11.2.202.621-1.el5")) flag++; if (rpm_check(release:"RHEL6", reference:"flash-plugin-11.2.202.621-1.el6_8")) flag++; if (flag) { flash_plugin_caveat = '\n' + 'NOTE: This vulnerability check only applies to RedHat released\n' + 'versions of the flash-plugin package. This check does not apply to\n' + 'Adobe released versions of the flash-plugin package, which are\n' + 'versioned similarly and cause collisions in detection.\n\n' + 'If you are certain you are running the Adobe released package of\n' + 'flash-plugin and are running a version of it equal or higher to the\n' + 'RedHat version listed above then you can consider this a false\n' + 'positive.\n'; security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-plugin"); } }
NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_50_0_2661_102.NASL description The version of Google Chrome installed on the remote Mac OS X host is prior to 50.0.2661.102. It is, therefore, affected by multiple vulnerabilities : - A same-origin bypass vulnerability exists in DOM due to scripts being permitted run while a node is being adopted. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1667) - A same-origin bypass vulnerability exists due to a flaw in the Blink V8 bindings. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1668) - An overflow condition exists in V8 due to improper validation of user-supplied input. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1669) - A race condition exists in the loader related to the use of ids. An attacker can exploit this to have an unspecified impact. (CVE-2016-1670) - Multiple type confusion errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists in the bundled version of Adobe Flash when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116) last seen 2020-06-01 modified 2020-06-02 plugin id 91129 published 2016-05-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91129 title Google Chrome < 50.0.2661.102 Multiple Vulnerabilities (Mac OS X) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91129); script_version("1.15"); script_cvs_date("Date: 2019/11/20"); script_cve_id( "CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-1667", "CVE-2016-1668", "CVE-2016-1669", "CVE-2016-1670", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163" ); script_bugtraq_id(90505); script_name(english:"Google Chrome < 50.0.2661.102 Multiple Vulnerabilities (Mac OS X)"); script_summary(english:"Checks the version of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Mac OS X host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Mac OS X host is prior to 50.0.2661.102. It is, therefore, affected by multiple vulnerabilities : - A same-origin bypass vulnerability exists in DOM due to scripts being permitted run while a node is being adopted. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1667) - A same-origin bypass vulnerability exists due to a flaw in the Blink V8 bindings. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1668) - An overflow condition exists in V8 due to improper validation of user-supplied input. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1669) - A race condition exists in the loader related to the use of ids. An attacker can exploit this to have an unspecified impact. (CVE-2016-1670) - Multiple type confusion errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists in the bundled version of Adobe Flash when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)"); # http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddef1fa8"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 50.0.2661.102 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4117"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_google_chrome_installed.nbin"); script_require_keys("MacOSX/Google Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("MacOSX/Google Chrome/Installed"); google_chrome_check_version(fix:'50.0.2661.102', severity:SECURITY_HOLE);
NASL family Windows NASL id GOOGLE_CHROME_50_0_2661_102.NASL description The version of Google Chrome installed on the remote Windows host is prior to 50.0.2661.102. It is, therefore, affected by multiple vulnerabilities : - A same-origin bypass vulnerability exists in DOM due to scripts being permitted run while a node is being adopted. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1667) - A same-origin bypass vulnerability exists due to a flaw in the Blink V8 bindings. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1668) - An overflow condition exists in V8 due to improper validation of user-supplied input. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1669) - A race condition exists in the loader related to the use of ids. An attacker can exploit this to have an unspecified impact. (CVE-2016-1670) - Multiple type confusion errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists in the bundled version of Adobe Flash when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116) last seen 2020-06-01 modified 2020-06-02 plugin id 91128 published 2016-05-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91128 title Google Chrome < 50.0.2661.102 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(91128); script_version("1.15"); script_cvs_date("Date: 2019/11/20"); script_cve_id( "CVE-2016-1096", "CVE-2016-1097", "CVE-2016-1098", "CVE-2016-1099", "CVE-2016-1100", "CVE-2016-1101", "CVE-2016-1102", "CVE-2016-1103", "CVE-2016-1104", "CVE-2016-1105", "CVE-2016-1106", "CVE-2016-1107", "CVE-2016-1108", "CVE-2016-1109", "CVE-2016-1110", "CVE-2016-1667", "CVE-2016-1668", "CVE-2016-1669", "CVE-2016-1670", "CVE-2016-4108", "CVE-2016-4109", "CVE-2016-4110", "CVE-2016-4111", "CVE-2016-4112", "CVE-2016-4113", "CVE-2016-4114", "CVE-2016-4115", "CVE-2016-4116", "CVE-2016-4117", "CVE-2016-4120", "CVE-2016-4121", "CVE-2016-4160", "CVE-2016-4161", "CVE-2016-4162", "CVE-2016-4163" ); script_bugtraq_id(90505); script_name(english:"Google Chrome < 50.0.2661.102 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "A web browser installed on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Windows host is prior to 50.0.2661.102. It is, therefore, affected by multiple vulnerabilities : - A same-origin bypass vulnerability exists in DOM due to scripts being permitted run while a node is being adopted. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1667) - A same-origin bypass vulnerability exists due to a flaw in the Blink V8 bindings. A context-dependent attacker can exploit this to bypass the same-origin policy. (CVE-2016-1668) - An overflow condition exists in V8 due to improper validation of user-supplied input. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1669) - A race condition exists in the loader related to the use of ids. An attacker can exploit this to have an unspecified impact. (CVE-2016-1670) - Multiple type confusion errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1105, CVE-2016-4117) - Multiple use-after-free errors exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4110, CVE-2016-4121) - A heap buffer overflow condition exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1101) - An unspecified buffer overflow exists in the bundled version of Adobe Flash that allows an attacker to execute arbitrary code. (CVE-2016-1103) - Multiple memory corruption issues exist in the bundled version of Adobe Flash that allow an attacker to execute arbitrary code. (CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, CVE-2016-4163) - A flaw exists in the bundled version of Adobe Flash when loading dynamic-link libraries. An attacker can exploit this, via a specially crafted .dll file, to execute arbitrary code. (CVE-2016-4116)"); # http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddef1fa8"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb16-15.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome version 50.0.2661.102 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4117"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'50.0.2661.102', severity:SECURITY_HOLE);
Redhat
advisories |
| ||||
rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2016-1079.html
- http://rhn.redhat.com/errata/RHSA-2016-1079.html
- http://www.securityfocus.com/bid/90797
- http://www.securityfocus.com/bid/90797
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
- https://security.gentoo.org/glsa/201606-08
- https://security.gentoo.org/glsa/201606-08