Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_KB2987114.NASL
HistorySep 10, 2014 - 12:00 a.m.

MS KB2987114: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

2014-09-1000:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
44

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

The remote host is missing KB2987114. It is, therefore, affected by the following vulnerabilities :

  • Unspecified memory corruption issues exist that allow arbitrary code execution. (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555)

  • An unspecified error exists that allows cross-origin policy violations. (CVE-2014-0548)

  • A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0553)

  • An unspecified error exists that allows an unspecified security bypass. (CVE-2014-0554)

  • Unspecified errors exist that allow memory leaks leading to easier defeat of memory address randomization.
    (CVE-2014-0557)

  • Heap-based buffer overflow errors exist that allow arbitrary code execution. (CVE-2014-0556, CVE-2014-0559)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77580);
  script_version("1.15");
  script_cvs_date("Date: 2019/11/25");

  script_cve_id(
    "CVE-2014-0547",
    "CVE-2014-0548",
    "CVE-2014-0549",
    "CVE-2014-0550",
    "CVE-2014-0551",
    "CVE-2014-0552",
    "CVE-2014-0553",
    "CVE-2014-0554",
    "CVE-2014-0555",
    "CVE-2014-0556",
    "CVE-2014-0557",
    "CVE-2014-0559"
  );
  script_bugtraq_id(
    69695,
    69696,
    69697,
    69699,
    69700,
    69701,
    69702,
    69703,
    69704,
    69705,
    69706,
    69707
  );
  script_xref(name:"MSKB", value:"2987114");

  script_name(english:"MS KB2987114: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer");
  script_summary(english:"Checks version of ActiveX control.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an ActiveX control installed that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote host is missing KB2987114. It is, therefore, affected by
the following vulnerabilities :

  - Unspecified memory corruption issues exist that allow
    arbitrary code execution. (CVE-2014-0547, CVE-2014-0549,
    CVE-2014-0550, CVE-2014-0551, CVE-2014-0552,
    CVE-2014-0555)

  - An unspecified error exists that allows cross-origin
    policy violations. (CVE-2014-0548)

  - A use-after-free error exists that allows arbitrary
    code execution. (CVE-2014-0553)

  - An unspecified error exists that allows an unspecified
    security bypass. (CVE-2014-0554)

  - Unspecified errors exist that allow memory leaks leading
    to easier defeat of memory address randomization.
    (CVE-2014-0557)

  - Heap-based buffer overflow errors exist that allow
    arbitrary code execution. (CVE-2014-0556, CVE-2014-0559)");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb14-21.html");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/2987114/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash");
  script_set_attribute(attribute:"solution", value:
"Install Microsoft KB2987114.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0559");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player copyPixelsToByteArray Method Integer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_keys("SMB/Registry/Enumerated", "SMB/WindowsVersion");
  script_require_ports(139, 445);

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_activex_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

if (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, "activex_init()");

# Adobe Flash Player CLSID
clsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';

file = activex_get_filename(clsid:clsid);
if (isnull(file))
{
  activex_end();
  audit(AUDIT_FN_FAIL, "activex_get_filename", "NULL");
}
if (!file)
{
  activex_end();
  audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);
}

# Get its version.
version = activex_get_fileversion(clsid:clsid);
if (!version)
{
  activex_end();
  audit(AUDIT_VER_FAIL, file);
}

info = '';

iver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(iver); i++)
 iver[i] = int(iver[i]);

# < 15.0.0.152
if (
  (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&
  (
    iver[0] < 15 ||
    (
      iver[0] == 15 &&
      (
        (iver[1] == 0 && iver[2] == 0 && iver[3] < 152)
      )
    )
  )
)
{
  info = '\n  Path              : ' + file +
         '\n  Installed version : ' + version +
         '\n  Fixed version     : 15.0.0.152\n';
}

port = kb_smb_transport();

if (info != '')
{
  if (report_verbosity > 0)
  {
    if (report_paranoia > 1)
    {
      report = info +
        '\n' +
        'Note, though, that Nessus did not check whether the kill bit was\n' +
        "set for the control's CLSID because of the Report Paranoia setting" + '\n' +
        'in effect when this scan was run.\n';
    }
    else
    {
      report = info +
        '\n' +
        'Moreover, its kill bit is not set so it is accessible via Internet\n' +
        'Explorer.\n';
    }
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_HOST_NOT, 'affected');
VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player
microsoftwindowscpe:/o:microsoft:windows

References

Related

nessus 14
redhat 1
mageia 1
suse 3
gentoo 1
openvas 9
freebsd 1
cvelist 12
cve 12
ubuntucve 12
prion 12
nvd 12
checkpoint_advisories 12
canvas 1
packetstorm 2
zdt 2
hackerone 3
metasploit 1
googleprojectzero 6
exploitdb 1
threatpost 1
nessus
nessus
Flash Player for Mac <= 14.0.0.179 Multiple Vulnerabilities (APSB14-21)
2014-09-10 00:00:00
Flash Player < 15.0.0.152 Multiple Vulnerabilities (APSB14-21)
2014-09-10 00:00:00
Adobe AIR < 15.0.0.249 Multiple Vulnerabilities (APSB14-21)
2014-09-10 00:00:00
redhat
redhat
(RHSA-2014:1173) Critical: flash-plugin security update
2014-09-10 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix multiple security vulnerabilities
2014-09-22 12:31:24
suse
suse
update flash-player to 11.2.202.40 (important)
2014-09-16 01:04:20
flash-player to 11.2.202.40 (important)
2014-09-10 17:04:13
Security update for flash-player (important)
2014-09-13 01:04:17
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2014-09-19 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities-01 (Sep 2014) - Windows
2014-09-12 00:00:00
Adobe AIR Multiple Vulnerabilities-01 (Sep 2014) - Windows
2014-09-12 00:00:00
openSUSE: Security Advisory for update (openSUSE-SU-2014:1130-1)
2014-09-16 00:00:00
freebsd
freebsd
Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11
2014-09-09 00:00:00
cvelist
cvelist
CVE-2014-0547
2014-09-10 01:00:00
CVE-2014-0549
2014-09-10 01:00:00
CVE-2014-0555
2014-09-10 01:00:00
cve
cve
CVE-2014-0552
2014-09-10 01:55:08
CVE-2014-0549
2014-09-10 01:55:07
CVE-2014-0555
2014-09-10 01:55:08
ubuntucve
ubuntucve
CVE-2014-0550
2014-09-10 00:00:00
CVE-2014-0552
2014-09-10 00:00:00
CVE-2014-0547
2014-09-10 00:00:00
prion
prion
Memory corruption
2014-09-10 01:55:00
Memory corruption
2014-09-10 01:55:00
Memory corruption
2014-09-10 01:55:00
nvd
nvd
CVE-2014-0550
2014-09-10 01:55:07
CVE-2014-0549
2014-09-10 01:55:07
CVE-2014-0552
2014-09-10 01:55:08
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player and AIR String Concatenation Integer Overflow (CVE-2014-0550)
2014-10-14 00:00:00
Adobe Flash Player Memory Corruption (APSB14-21: CVE-2014-0552)
2014-09-21 00:00:00
Adobe Flash Player Same Origin Policy Bypass (APSB14-21: CVE-2014-0548)
2015-05-11 00:00:00
canvas
canvas
Immunity Canvas: ADOBE_FLASH_COPYPIXELSTOBYTEARRAY
2014-09-10 01:55:00
packetstorm
packetstorm
Adobe Flash Player copyPixelsToByteArray Integer Overflow
2015-04-19 00:00:00
Adobe Flash 14.0.0.145 copyPixelsToByteArray() Heap Overflow
2014-09-30 00:00:00
zdt
zdt
Adobe Flash 14.0.0.145 copyPixelsToByteArray() Heap Overflow
2014-10-01 00:00:00
Adobe Flash Player copyPixelsToByteArray Integer Overflow Exploit
2015-04-19 00:00:00
hackerone
hackerone
Internet Bug Bounty: Flash Local Sandbox Bypass
2014-09-09 20:51:19
Internet Bug Bounty: Adobe Flash Player MP4 Use-After-Free Vulnerability
2014-10-08 02:03:48
Internet Bug Bounty: Adobe Flash Player Out-of-Bound Access Vulnerability
2015-02-07 14:50:18
metasploit
metasploit
Adobe Flash Player copyPixelsToByteArray Method Integer Overflow
2015-04-15 19:08:16
googleprojectzero
googleprojectzero
Exploiting CVE-2014-0556 in Flash
2014-09-23 00:00:00
The poisoned NUL byte, 2014 edition
2014-08-25 00:00:00
Significant Flash exploit mitigations are live in v18.0.0.209
2015-07-16 00:00:00
exploitdb
exploitdb
Adobe Flash Player - copyPixelsToByteArray Integer Overflow (Metasploit)
2015-04-21 00:00:00
threatpost
threatpost
Microsoft Warns of Crowti Ransomware
2014-10-29 14:20:49

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for SMB_KB2987114.NASL
nessus14redhat1mageia1suse3gentoo1openvas9freebsd1cvelist12cve12ubuntucve12prion12nvd12checkpoint_advisories12canvas1packetstorm2zdt2hackerone3metasploit1googleprojectzero6exploitdb1threatpost1