CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.5%
The remote Windows host contains a version of Adobe Flash Player earlier than 10.2.159.1. Such versions are reportedly affected by a memory corruption vulnerability.
By tricking a user on the affected system into opening a specially crafted document with Flash content, such as a SWF file embedded in a Microsoft Word document, an attacker can potentially leverage this issue to execute arbitrary code remotely on the system subject to the userβs privileges.
Note that there are reports that this issue is being exploited in the wild as of April 2011.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(53472);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2011-0611");
script_bugtraq_id(47314);
script_xref(name:"CERT", value:"230057");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
script_xref(name:"SECUNIA", value:"44119");
script_name(english:"Flash Player < 10.2.159.1 ActionScript Predefined Class Prototype Addition Remote Code Execution (APSB11-07)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains a browser plug-in that allows
arbitrary code execution.");
script_set_attribute(attribute:"description", value:
"The remote Windows host contains a version of Adobe Flash Player
earlier than 10.2.159.1. Such versions are reportedly affected by a
memory corruption vulnerability.
By tricking a user on the affected system into opening a specially
crafted document with Flash content, such as a SWF file embedded in a
Microsoft Word document, an attacker can potentially leverage this
issue to execute arbitrary code remotely on the system subject to the
user's privileges.
Note that there are reports that this issue is being exploited in the
wild as of April 2011.");
# http://blogs.technet.com/b/mmpc/archive/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player-vulnerability-exploitation.aspx
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ee82b34");
script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb11-07.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Flash Player 10.2.159.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-0611");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/11");
script_set_attribute(attribute:"patch_publication_date", value:"2011/04/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2011-2022 Tenable Network Security, Inc.");
script_dependencies("flash_player_installed.nasl");
script_require_keys("SMB/Flash_Player/installed");
exit(0);
}
include('global_settings.inc');
include('misc_func.inc');
get_kb_item_or_exit('SMB/Flash_Player/installed');
# Identify vulnerable versions.
info = '';
foreach variant (make_list("Plugin", "ActiveX", "Chrome"))
{
vers = get_kb_list("SMB/Flash_Player/"+variant+"/Version/*");
files = get_kb_list("SMB/Flash_Player/"+variant+"/File/*");
if (!isnull(vers) && !isnull(files))
{
foreach key (keys(vers))
{
ver = vers[key];
if (ver)
{
iver = split(ver, sep:'.', keep:FALSE);
for (i=0; i<max_index(iver); i++)
iver[i] = int(iver[i]);
if (
("Plugin" >< variant || "ActiveX" >< variant) && (
iver[0] < 10 ||
(
iver[0] == 10 &&
(
iver[1] < 2 ||
(
iver[1] == 2 &&
(
iver[2] < 159 ||
(iver[2] == 159 && iver[3] < 1)
)
)
)
)
)
)
{
num = key - ("SMB/Flash_Player/"+variant+"/Version/");
file = files["SMB/Flash_Player/"+variant+"/File/"+num];
if (variant == "Plugin")
{
info += '\n Product : Browser Plugin (for Firefox / Netscape / Opera)';
}
else if (variant == "ActiveX")
{
info += '\n Product : ActiveX control (for Internet Explorer)';
}
info += '\n Path : ' + file +
'\n Installed version : ' + ver +
'\n Fixed version : 10.2.159.1\n';
}
# Chrome
else if (
("Chrome" >< variant) && (
iver[0] < 10 ||
(
iver[0] == 10 &&
(
iver[1] < 2 ||
(
iver[1] == 2 &&
(
iver[2] < 154 ||
(iver[2] == 154 && iver[3] < 27)
)
)
)
)
)
)
{
num = key - ("SMB/Flash_Player/"+variant+"/Version/");
file = files["SMB/Flash_Player/"+variant+"/File/"+num];
info += '\n Product: Browser Plugin (for Google Chrome)';
info += '\n Path : ' + file +
'\n Installed version : ' + ver ;
info += '\n Fixed version : 10.2.154.27 (as included with Google Chrome 10.0.648.205)\n';
}
}
}
}
}
if (info)
{
if (report_verbosity > 0) security_hole(port:get_kb_item("SMB/transport"), extra:info);
else security_hole(get_kb_item("SMB/transport"));
}
else exit(0, 'The host is not affected.');
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
99.5%