Vulnerabilities > CVE-2019-8075

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
adobe
google
debian
fedoraproject
nessus
NVD
Published: 2019-09-27
Updated: 2023-11-07

Summary

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

Vulnerable Configurations

Part Description Count
Application
Adobe
164
Application
Google
5643
OS
Apple
1
OS
Linux
1
OS
Microsoft
3
OS
Google
1
OS
Debian
1
OS
Fedoraproject
2

Nessus

  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB19-30.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.192. It is therefore affected by the following vulnerabilities : - An unspecified flaw exists that allows an unspecified use-after-free to occur. An unauthenticated, remote attacker could exploit this to execute arbitrary code (CVE-2019-7845) - An unspecified flaw exists that allows same origin policy bypass leading to information disclosure. (CVE-2019-8075)
    last seen2020-06-01
    modified2020-06-02
    plugin id125815
    published2019-06-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125815
    titleAdobe Flash Player <= 32.0.0.192 (APSB19-30)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125815);
  script_version("1.5");
  script_cvs_date("Date: 2019/10/24  4:14:44");

  script_cve_id("CVE-2019-7845", "CVE-2019-8075");
  script_bugtraq_id(108716);
  script_xref(name:"IAVA", value:"2019-A-0321");

  script_name(english:"Adobe Flash Player <= 32.0.0.192 (APSB19-30)");
  script_summary(english:"Checks the version of the Flash Player.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a browser plugin installed that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Flash Player installed on the remote Windows
host is equal or prior to version 32.0.0.192. It is therefore
affected by the following vulnerabilities :

  - An unspecified flaw exists that allows an unspecified
    use-after-free to occur. An unauthenticated, remote
    attacker could exploit this to execute arbitrary code
    (CVE-2019-7845)

  - An unspecified flaw exists that allows same origin
    policy bypass leading to information disclosure.
    (CVE-2019-8075)");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb19-30.html");
  # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash Player version 32.0.0.207 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7845");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/11");

  script_set_attribute(attribute:"plugin_type",value:"local");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:adobe:flash_player");
  script_set_attribute(attribute:"stig_severity",value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("flash_player_installed.nasl");
  script_require_keys("SMB/Flash_Player/installed");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/Flash_Player/installed");

# Identify vulnerable versions.
info = "";
variants = make_list(
  "Plugin",
  "ActiveX",
  "Chrome",
  "Chrome_Pepper"
);

# we're checking for versions less than *or equal to* the cutoff!
foreach variant (variants)
{
  vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*");
  files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*");

  if (isnull(vers) || isnull(files))
    continue;

  foreach key (keys(vers))
  {
    ver = vers[key];
    if (isnull(ver))
      continue;

    # <= 32.0.0.192
    if (ver_compare(ver:ver,fix:"32.0.0.192",strict:FALSE) <= 0)
    {
      num = key - ("SMB/Flash_Player/"+variant+"/Version/");
      file = files["SMB/Flash_Player/"+variant+"/File/"+num];
      if (variant == "Plugin")
      {
        info += '\n  Product           : Browser Plugin (for Firefox / Netscape / Opera)';
        fix = "32.0.0.207";
      }
      else if (variant == "ActiveX")
      {
        info += '\n  Product           : ActiveX control (for Internet Explorer)';
        fix = "32.0.0.207";
      }
      else if ("Chrome" >< variant)
      {
        info += '\n  Product           : Browser Plugin (for Google Chrome)';
        if (variant == "Chrome")
          fix = "Upgrade to a version of Google Chrome running Flash Player 32.0.0.207";
      }
      info += '\n  Path              : ' + file +
              '\n  Installed version : ' + ver;
      if (variant == "Chrome_Pepper")
        info += '\n  Fixed version     : 32.0.0.207 (Chrome PepperFlash)';
      else if (!isnull(fix))
        info += '\n  Fixed version     : '+fix;
      info += '\n';
    }
  }
}

if (info)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  security_report_v4(port:port, extra:info, severity:SECURITY_WARNING);
}
else
{
  if (thorough_tests)
    exit(0, 'No vulnerable versions of Adobe Flash Player were found.');
  else
    exit(1, 'Google Chrome\'s built-in Flash Player may not have been detected because the \'Perform thorough tests\' setting was not enabled.');
}
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSB19-30.NASL
    descriptionThe version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 32.0.0.192. It is therefore affected by the following vulnerabilities : - An unspecified flaw exists that allows an unspecified use-after-free to occur. An unauthenticated, remote attacker could exploit this to execute arbitrary code (CVE-2019-7845) - An unspecified flaw exists that allows same origin policy bypass leading to information disclosure. (CVE-2019-8075)
    last seen2020-06-01
    modified2020-06-02
    plugin id125814
    published2019-06-11
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125814
    titleAdobe Flash Player for Mac <= 32.0.0.192 (APSB19-30)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125814);
  script_version("1.5");
  script_cvs_date("Date: 2019/10/24  4:14:44");

  script_cve_id("CVE-2019-7845", "CVE-2019-8075");
  script_bugtraq_id(108716);
  script_xref(name:"IAVA", value:"2019-A-0321");

  script_name(english:"Adobe Flash Player for Mac <= 32.0.0.192 (APSB19-30)");
  script_summary(english:"Checks the version of the ActiveX control.");

  script_set_attribute(attribute:"synopsis", value:
"The remote macOS or Mac OSX host has a browser plugin installed that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Adobe Flash Player installed on the remote macOS or Mac
OS X host is equal or prior to version 32.0.0.192. It is therefore
affected by the following vulnerabilities :

  - An unspecified flaw exists that allows an unspecified
    use-after-free to occur. An unauthenticated, remote
    attacker could exploit this to execute arbitrary code
    (CVE-2019-7845)

  - An unspecified flaw exists that allows same origin
    policy bypass leading to information disclosure.
    (CVE-2019-8075)");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb19-30.html");
  # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash Player version 32.0.0.207 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7845");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/11");

  script_set_attribute(attribute:"plugin_type",value:"local");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:adobe:flash_player");
  script_set_attribute(attribute:"stig_severity",value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_flash_player_installed.nasl");
  script_require_keys("MacOSX/Flash_Player/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");
path = get_kb_item_or_exit("MacOSX/Flash_Player/Path");

cutoff_version = "32.0.0.192";
fix = "32.0.0.207";
# We're checking for versions less than or equal to the cutoff!
if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)
{
  report =
    '\n  Path              : ' + path +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix +
    '\n';
    security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);

References