Flash Player < 17.0.0.189 (inferred) Multiple Vulnerabilities (APSB15-06 through 11)

High Nessus Network Monitor Plugin ID 8814

Synopsis

The remote host is running a browser plugin that is affected by multiple vulnerabilities.

Description

Versions of Adobe Flash Player equal or prior to 17.0.0.188 are outdated and thus unpatched for the following vulnerabilities :

- Multiple double-free errors exist that allow an attacker to execute arbitrary code (CVE-2015-0346, CVE-2015-0359).
- Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093, CVE-2015-3105).
- An unspecified buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code (CVE-2015-0348).
- Multiple unspecified use-after-free errors exist that allow an attacker to execute arbitrary code (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039, CVE-2015-3080, CVE-2015-3103, CVE-2015-3106, CVE-2015-3107).
- Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature (CVE-2015-0357, CVE-2015-3040, CVE-2015-3091, CVE-2015-3092, CVE-2015-3108).
- Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086, CVE-2015-0356).
- Multiple unspecified security bypass flaws exist that allow a context-dependent attacker to disclose sensitive information (CVE-2015-3079, CVE-2015-3044).
- An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer (CVE-2015-3081).
- Multiple validation bypass vulnerabilities exists that allow an attacker to read or write arbitrary data to the file system (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).
- Multiple integer overflow conditions exist due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code (CVE-2015-3087, CVE-2015-3104).
- A heap-based buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code (CVE-2015-3088).
- An unspecified vulnerability exists that allows an attacker to bypass the fix for CVE-2014-5333 (CVE-2015-3096).
- An unspecified memory address randomization flaw exists on Windows 7 64-bit (CVE-2015-3097).
- Multiple unspecified flaws exist that allow a remote attacker to bypass the same-origin-policy, resulting in the disclosure of sensitive information (CVE-2015-3098, CVE-2015-3099, CVE-2015-3102).
- A remote code execution vulnerability exists due to an unspecified stack overflow flaw (CVE-2015-3100).

Solution

Upgrade to Adobe Flash Player version 18.0.0.160 or later. Alternatively, Adobe has made version 13.0.0.292 available for those installs that cannot be upgraded to 17.x.

See Also

http://helpx.adobe.com/security/products/flash-player/apsb15-06.html

http://helpx.adobe.com/security/products/flash-player/apsb15-09.html

http://helpx.adobe.com/security/products/flash-player/apsb15-11.html

http://www.nessus.org/u?0cb17c10

Plugin Details

Severity: High

ID: 8814

File Name: 8814.prm

Family: Web Clients

Published: 2015/07/24

Modified: 2016/12/10

Dependencies: 6245

Nessus ID: 82781, 82782, 83365, 83367, 84048, 84050

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:flash_player

Patch Publication Date: 2015/06/09

Vulnerability Publication Date: 2015/06/09

Exploitable With

Core Impact

Metasploit (Adobe Flash Player Drawing Fill Shader Memory Corruption,Adobe Flash Player ShaderJob Buffer Overflow,Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow)

Reference Information

CVE: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093, CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108, CVE-2015-5120

BID: 74062, 74064, 74065, 74067, 74069, 74066, 74068, 74605, 74608, 74609, 74610, 74612, 74613, 74614, 74616, 74617, 75080, 75081, 75084, 75085, 75086, 75087, 75088, 75089, 75090

IAVA: 2015-A-0132