Flash Player < 16.0.0.306 (inferred) Multiple Vulnerabilities (APSB15-01 through 05)

High Nessus Network Monitor Plugin ID 8655

Synopsis

The remote host is running a browser plugin that is affected by multiple vulnerabilities.

Description

Versions of Adobe Flash player equal or prior to 16.0.0.305 are outdated and thus unpatched for the following vulnerabilities :

- Multiple memory corruption vulnerabilities exist due to improper input validation. A remote attacker could exploit these to execute arbitrary code (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339).
- Multiple type confusion flaws exist, which an attacker could exploit to execute arbitrary code (CVE-2015-0334, CVE-2015-0336).
- An unspecified flaw exists that allows an attacker to bypass cross-domain policy (CVE-2015-0337).
- An integer overflow vulnerability exists due to improper input validation, which an attacker can exploit to execute arbitrary code (CVE-2015-0338).
- An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files (CVE-2015-0340).
- Multiple use-after-free vulnerabilities exist that can allow an attacker to dereference memory which has already been freed and execute arbitrary code (CVE-2015-0341, CVE-2015-0342).
- An unspecified improper file validation issue (CVE-2015-0301).
- An unspecified information disclosure vulnerability, which can be exploited to capture keystrokes (CVE-2015-0302).
- Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code (CVE-2015-0303, CVE-2015-0306).
- Multiple heap-based buffer overflow vulnerabilities that can be exploited to execute arbitrary code (CVE-2015-0304, CVE-2015-0309).
- An unspecified type confusion vulnerability that can lead to code execution (CVE-2015-0305).
- An out-of-bounds read vulnerability that can be exploited to leak memory addresses (CVE-2015-0307).
- A use-after-free vulnerability that results in arbitrary code execution (CVE-2015-0308).
- An information disclosure vulnerability exists due to a flaw that can allow bypassing of memory randomization mitigations, aiding in further attacks (CVE-2015-0310).
- A use-after-free error exists that allows an attacker to crash the application or execute arbitrary code (CVE-2015-0311).
- A double-free error exists that allows an attacker to crash the application or possibly execute arbitrary code (CVE-2015-0312).
- Several use-after-free errors exist that allow arbitrary code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322).
- Several memory corruption errors exist that allow arbitrary code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330).
- Several type confusion errors exist that allow arbitrary code execution (CVE-2015-0317, CVE-2015-0319).
- Several heap-based buffer overflow errors exist that allow arbitrary code execution (CVE-2015-0323, CVE-2015-0327).
- A buffer overflow error exists that allows arbitrary code execution (CVE-2015-0324).
- Several NULL pointer dereference errors exist that have unspecified impacts (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328).
- A use-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code (CVE-2015-0331).

Solution

Upgrade to Adobe Flash Player version 17.0.0.134 or later. Alternatively, Adobe has made version 13.0.0.277 available for those installs that cannot be upgraded to 17.x.

See Also

http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

http://helpx.adobe.com/security/products/flash-player/apsb15-04.html

http://helpx.adobe.com/security/products/flash-player/apsb15-05.html

http://www.nessus.org/u?0cb17c10

Plugin Details

Severity: High

ID: 8655

Family: Web Clients

Published: 2015/03/27

Modified: 2018/09/16

Dependencies: 6245

Nessus ID: 81819, 80484, 80946, 80998, 81127

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Patch Publication Date: 2015/03/12

Vulnerability Publication Date: 2015/03/12

Exploitable With

CANVAS (CANVAS)

Metasploit (windows/browser/adobe_flash_pcre.rb)

Reference Information

CVE: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309, CVE-2015-0311, CVE-2015-0312, CVE-2015-0313, CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330, CVE-2015-0331, CVE-2015-0332, CVE-2015-0333, CVE-2015-0334, CVE-2015-0335, CVE-2015-0336, CVE-2015-0337, CVE-2015-0338, CVE-2015-0339, CVE-2015-0340, CVE-2015-0341, CVE-2015-0342

BID: 72039, 72038, 72037, 72036, 72035, 72034, 72033, 72032, 72031, 72261, 72283, 72343, 72429, 72514, 72698, 73080, 73081, 73082, 73083, 73084, 73085, 73086, 73087, 73088, 73089, 73091

IAVA: 2015-A-0057