Vulnerabilities > CVE-2017-11305
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
Vulnerable Configurations
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_DEC_4053577.NASL description The remote Windows host is missing security update KB4053577. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file. last seen 2020-06-01 modified 2020-06-02 plugin id 105178 published 2017-12-12 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105178 title KB4053577: Security update for Adobe Flash Player (December 2017) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105178); script_version("1.11"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2017-11305"); script_bugtraq_id(102139); script_xref(name:"MSKB", value:"4053577"); script_xref(name:"MSFT", value:"MS17-4053577"); script_name(english:"KB4053577: Security update for Adobe Flash Player (December 2017)"); script_summary(english:"Checks the version of the ActiveX control."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Windows host is missing security update KB4053577. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"); # https://support.microsoft.com/en-us/help/4053577/security-update-for-adobe-flash-player-december-12-2017 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e94655ce"); script_set_attribute(attribute:"solution", value: "Microsoft has released KB4053577 to address this issue."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11305"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows : Microsoft Bulletins"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, "Host/patch_management_checks"); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_activex_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = "MS17-12"; kbs = make_list('4053577'); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN); if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE); productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1); if ("Windows 8" >< productname && "Windows 8.1" >!< productname) audit(AUDIT_OS_SP_NOT_VULN); if (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, "activex_init"); # Adobe Flash Player CLSID clsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}'; file = activex_get_filename(clsid:clsid); if (isnull(file)) { activex_end(); audit(AUDIT_FN_FAIL, "activex_get_filename", "NULL"); } if (!file) { activex_end(); audit(AUDIT_ACTIVEX_NOT_FOUND, clsid); } # Get its version. version = activex_get_fileversion(clsid:clsid); if (!version) { activex_end(); audit(AUDIT_VER_FAIL, file); } info = ''; iver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(iver); i++) iver[i] = int(iver[i]); iver = join(iver, sep:"."); # all <= 27.0.0.187 fix = FALSE; if(ver_compare(ver:iver, fix:"27.0.0.187", strict:FALSE) <= 0) fix = "28.0.0.126"; if ( (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) && fix ) { info = '\n Path : ' + file + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; } port = kb_smb_transport(); if (info != '') { if (report_paranoia > 1) { report = info + '\n' + 'Note, though, that Nessus did not check whether the kill bit was\n' + "set for the control's CLSID because of the Report Paranoia setting" + '\n' + 'in effect when this scan was run.\n'; } else { report = info + '\n' + 'Moreover, its kill bit is not set so it is accessible via Internet\n' + 'Explorer.\n'; } replace_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_add_report(bulletin:'MS17-12', kb:'4053577', report); security_report_v4(severity:SECURITY_WARNING, port:port, extra:hotfix_get_report()); } else audit(AUDIT_HOST_NOT, 'affected');
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-0081.NASL description An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix(es) : * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871) last seen 2020-06-01 modified 2020-06-02 plugin id 105743 published 2018-01-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105743 title RHEL 6 : flash-plugin (RHSA-2018:0081) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:0081. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(105743); script_version("3.8"); script_cvs_date("Date: 2019/10/24 15:35:44"); script_cve_id("CVE-2017-11305", "CVE-2018-4871"); script_xref(name:"RHSA", value:"2018:0081"); script_name(english:"RHEL 6 : flash-plugin (RHSA-2018:0081)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix(es) : * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to disclose sensitive information or modify its settings when the victim loaded a page containing the malicious SWF content. (CVE-2017-11305, CVE-2018-4871)" ); script_set_attribute( attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html" ); script_set_attribute( attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb18-01.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:0081" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-11305" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-4871" ); script_set_attribute( attribute:"solution", value:"Update the affected flash-plugin package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:flash-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/13"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:0081"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"flash-plugin-28.0.0.137-1.el6_9")) flag++; if (flag) { flash_plugin_caveat = '\n' + 'NOTE: This vulnerability check only applies to RedHat released\n' + 'versions of the flash-plugin package. This check does not apply to\n' + 'Adobe released versions of the flash-plugin package, which are\n' + 'versioned similarly and cause collisions in detection.\n\n' + 'If you are certain you are running the Adobe released package of\n' + 'flash-plugin and are running a version of it equal or higher to the\n' + 'RedHat version listed above then you can consider this a false\n' + 'positive.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-plugin"); } }
NASL family MacOS X Local Security Checks NASL id MACOSX_FLASH_PLAYER_APSB17-42.NASL description The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 27.0.0.187. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file. last seen 2020-06-01 modified 2020-06-02 plugin id 105176 published 2017-12-12 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105176 title Adobe Flash Player for Mac <= 27.0.0.187 (APSB17-42) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105176); script_version("1.7"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2017-11305"); script_bugtraq_id(102139); script_name(english:"Adobe Flash Player for Mac <= 27.0.0.187 (APSB17-42)"); script_summary(english:"Checks the version of the ActiveX control."); script_set_attribute(attribute:"synopsis", value: "The remote macOS or Mac OSX host has a browser plugin installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 27.0.0.187. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"); # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Flash Player version 28.0.0.126 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11305"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_flash_player_installed.nasl"); script_require_keys("MacOSX/Flash_Player/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("MacOSX/Flash_Player/Version"); path = get_kb_item_or_exit("MacOSX/Flash_Player/Path"); cutoff_version = "27.0.0.187"; fix = "28.0.0.126"; # We're checking for versions less than or equal to the cutoff! if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(severity:SECURITY_WARNING, port:0, extra:report); } else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
NASL family Windows NASL id FLASH_PLAYER_APSB17-42.NASL description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 27.0.0.187. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file. last seen 2020-06-01 modified 2020-06-02 plugin id 105175 published 2017-12-12 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105175 title Adobe Flash Player <= 27.0.0.187 (APSB17-42) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105175); script_version("1.7"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2017-11305"); script_bugtraq_id(102139); script_name(english:"Adobe Flash Player <= 27.0.0.187 (APSB17-42)"); script_summary(english:"Checks the version of the ActiveX control."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a browser plugin installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 27.0.0.187. It is, therefore, affected by a vulnerability which may allow an attacker to reset the global settings preference file."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"); # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Flash Player version 28.0.0.126 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11305"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("flash_player_installed.nasl"); script_require_keys("SMB/Flash_Player/installed"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Flash_Player/installed"); # Identify vulnerable versions. info = ""; variants = make_list( "Plugin", "ActiveX", "Chrome", "Chrome_Pepper" ); # we're checking for versions less than *or equal to* the cutoff! foreach variant (variants) { vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*"); files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*"); if (isnull(vers) || isnull(files)) continue; foreach key (keys(vers)) { ver = vers[key]; if (isnull(ver)) continue; # <= 27.0.0.187 if (ver_compare(ver:ver,fix:"27.0.0.187",strict:FALSE) <= 0) { num = key - ("SMB/Flash_Player/"+variant+"/Version/"); file = files["SMB/Flash_Player/"+variant+"/File/"+num]; if (variant == "Plugin") { info += '\n Product : Browser Plugin (for Firefox / Netscape / Opera)'; fix = "28.0.0.126"; } else if (variant == "ActiveX") { info += '\n Product : ActiveX control (for Internet Explorer)'; fix = "28.0.0.126"; } else if ("Chrome" >< variant) { info += '\n Product : Browser Plugin (for Google Chrome)'; if (variant == "Chrome") fix = "Upgrade to a version of Google Chrome running Flash Player 28.0.0.126"; } info += '\n Path : ' + file + '\n Installed version : ' + ver; if (variant == "Chrome_Pepper") info += '\n Fixed version : 28.0.0.126 (Chrome PepperFlash)'; else if (!isnull(fix)) info += '\n Fixed version : '+fix; info += '\n'; } } } if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; security_report_v4(severity:SECURITY_WARNING, port:port, extra:info); } else { if (thorough_tests) exit(0, 'No vulnerable versions of Adobe Flash Player were found.'); else exit(1, 'Google Chrome\'s built-in Flash Player may not have been detected because the \'Perform thorough tests\' setting was not enabled.'); }
Redhat
advisories |
| ||||
rpms | flash-plugin-0:28.0.0.137-1.el6_9 |
References
- http://www.securityfocus.com/bid/102139
- http://www.securityfocus.com/bid/102139
- http://www.securitytracker.com/id/1039986
- http://www.securitytracker.com/id/1039986
- https://access.redhat.com/errata/RHSA-2018:0081
- https://access.redhat.com/errata/RHSA-2018:0081
- https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
- https://helpx.adobe.com/security/products/flash-player/apsb17-42.html