Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_KB3044132.NASL
HistoryMar 13, 2015 - 12:00 a.m.

MS KB3044132: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

2015-03-1300:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

The remote Windows host is missing KB3044132. It is, therefore, affected by the following vulnerabilities :

  • Multiple memory corruption issues exist due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)

  • Multiple type confusions flaws exist, which an attacker can exploit to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)

  • An unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)

  • An integer overflow condition exists due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0338)

  • An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
    (CVE-2015-0340)

  • Multiple use-after-free errors exist that can allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(81732);
  script_version("1.17");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id(
    "CVE-2015-0332",
    "CVE-2015-0333",
    "CVE-2015-0334",
    "CVE-2015-0335",
    "CVE-2015-0336",
    "CVE-2015-0337",
    "CVE-2015-0338",
    "CVE-2015-0339",
    "CVE-2015-0340",
    "CVE-2015-0341",
    "CVE-2015-0342"
  );
  script_bugtraq_id(
    73080,
    73081,
    73082,
    73083,
    73084,
    73085,
    73086,
    73087,
    73088,
    73089,
    73091
  );
  script_xref(name:"EDB-ID", value:"36962");
  script_xref(name:"MSKB", value:"3044132");

  script_name(english:"MS KB3044132: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer");
  script_summary(english:"Checks the version of the ActiveX control.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a browser plugin that is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing KB3044132. It is, therefore,
affected by the following vulnerabilities :

  - Multiple memory corruption issues exist due to not
    properly validating user input, which an attacker can
    exploit to execute arbitrary code. (CVE-2015-0332,
    CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)

  - Multiple type confusions flaws exist, which an attacker
    can exploit to execute arbitrary code. (CVE-2015-0334,
    CVE-2015-0336)

  - An unspecified flaw exists that allows an attacker to
    bypass cross-domain policy. (CVE-2015-0337)

  - An integer overflow condition exists due to not properly
    validating user input, which an attacker can exploit to
    execute arbitrary code. (CVE-2015-0338)

  - An unspecified flaw exists that allows an attacker to
    bypass restrictions and upload arbitrary files.
    (CVE-2015-0340)

  - Multiple use-after-free errors exist that can allow an
    attacker to deference already freed memory and execute
    arbitrary code. (CVE-2015-0341, CVE-2015-0342)");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/2755801");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/3044132/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash");
  script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-05.html");
  script_set_attribute(attribute:"solution", value:
"Install Microsoft KB3044132.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0342");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player NetConnection Type Confusion');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_keys("SMB/Registry/Enumerated", "SMB/WindowsVersion");
  script_require_ports(139, 445);

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_activex_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

if (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, "activex_init()");

# Adobe Flash Player CLSID
clsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';

file = activex_get_filename(clsid:clsid);
if (isnull(file))
{
  activex_end();
  audit(AUDIT_FN_FAIL, "activex_get_filename", "NULL");
}
if (!file)
{
  activex_end();
  audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);
}

# Get its version.
version = activex_get_fileversion(clsid:clsid);
if (!version)
{
  activex_end();
  audit(AUDIT_VER_FAIL, file);
}

info = '';

iver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(iver); i++)
 iver[i] = int(iver[i]);

# < 17.0.0.134
if (
  (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&
  (
    iver[0] < 17 ||
    (
      iver[0] == 17 &&
      (
        (iver[1] == 0 && iver[2] == 0 && iver[3] < 134)
      )
    )
  )
)
{
  info = '\n  Path              : ' + file +
         '\n  Installed version : ' + version +
         '\n  Fixed version     : 17.0.0.134' +
         '\n';
}

port = kb_smb_transport();

if (info != '')
{
  if (report_verbosity > 0)
  {
    if (report_paranoia > 1)
    {
      report = info +
        '\n' +
        'Note, though, that Nessus did not check whether the kill bit was\n' +
        "set for the control's CLSID because of the Report Paranoia setting" + '\n' +
        'in effect when this scan was run.\n';
    }
    else
    {
      report = info +
        '\n' +
        'Moreover, its kill bit is not set so it is accessible via Internet\n' +
        'Explorer.\n';
    }
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
}
else audit(AUDIT_HOST_NOT, 'affected');
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
adobeflash_playercpe:/a:adobe:flash_player

References

Related

altlinux 2
nessus 13
openvas 7
archlinux 1
suse 5
mageia 1
kaspersky 1
gentoo 1
freebsd 1
redhat 1
thn 3
cvelist 11
prion 11
nvd 11
ubuntucve 11
cve 11
googleprojectzero 1
checkpoint_advisories 11
symantec 3
hackerone 1
zdt 2
packetstorm 1
zdi 1
metasploit 1
exploitdb 1
threatpost 5
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt42
2015-03-13 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt42
2015-03-13 00:00:00
nessus
nessus
Adobe AIR < 17.0.0.144 Multiple Vulnerabilities (APSB15-05)
2015-07-24 00:00:00
openSUSE Security Update : flash-player (openSUSE-2015-225)
2015-03-17 00:00:00
Flash Player < 17.0 Multiple Vulnerabilities (APSB15-05)
2015-03-27 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities - 01 (Mar 2015) - Mac OS X
2015-03-17 00:00:00
Gentoo Security Advisory GLSA 201503-09
2015-09-29 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 (Mar 2015) - Linux
2015-03-17 00:00:00
archlinux
archlinux
flashplugin: multiple issues
2015-03-16 00:00:00
suse
suse
Security update for flash-player (critical)
2015-03-13 18:04:51
flashplayer to version 11.2.202.451 (important)
2015-03-14 11:04:48
Security update for flash-player (critical)
2015-03-13 12:05:10
mageia
mageia
Updated flash-player-plugin package fixes security vulnerabilities
2015-03-14 21:44:24
kaspersky
kaspersky
KLA10462 Multiple vulnerabilities in Adobe Flash Player
2015-03-12 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-03-16 00:00:00
freebsd
freebsd
Adobe Flash Player -- critical vulnerabilities
2015-03-12 00:00:00
redhat
redhat
(RHSA-2015:0697) Critical: flash-plugin security update
2015-03-17 00:00:00
thn
thn
Adobe Flash Player Update Patches 11 Critical Vulnerabilities
2015-03-12 21:28:00
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
2024-05-16 03:01:00
Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024
2024-05-24 10:10:00
cvelist
cvelist
CVE-2015-0333
2015-03-13 17:00:00
CVE-2015-0339
2015-03-13 17:00:00
CVE-2015-0332
2015-03-13 17:00:00
prion
prion
Memory corruption
2015-03-13 17:59:00
Memory corruption
2015-03-13 17:59:00
Memory corruption
2015-03-13 17:59:00
nvd
nvd
CVE-2015-0335
2015-03-13 17:59:03
CVE-2015-0333
2015-03-13 17:59:01
CVE-2015-0339
2015-03-13 17:59:06
ubuntucve
ubuntucve
CVE-2015-0332
2015-03-13 00:00:00
CVE-2015-0335
2015-03-13 00:00:00
CVE-2015-0339
2015-03-13 00:00:00
cve
cve
CVE-2015-0339
2015-03-13 17:59:06
CVE-2015-0333
2015-03-13 17:59:01
CVE-2015-0332
2015-03-13 17:59:00
googleprojectzero
googleprojectzero
A Tale of Two Exploits
2015-04-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB15-05: CVE-2015-0337)
2015-03-23 00:00:00
Adobe Flash Player Integer Overflow Remote Code Execution (APSB15-05: CVE-2015-0338)
2015-03-23 00:00:00
Adobe Flash Player Use After Free Remote Code Execution (APSB15-05: CVE-2015-0341)
2015-03-24 00:00:00
symantec
symantec
Adobe Flash Player CVE-2015-0339 Unspecified Memory Corruption Vulnerability
2015-03-12 00:00:00
Adobe Flash Player CVE-2015-0338 Remote Integer Overflow Vulnerability
2015-03-12 00:00:00
Adobe Flash Player CVE-2015-0336 Type Confusion Remote Code Execution Vulnerability
2015-03-12 00:00:00
hackerone
hackerone
Internet Bug Bounty: Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome
2015-03-12 23:35:49
zdt
zdt
Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability
2015-03-16 00:00:00
Adobe Flash Player NetConnection Type Confusion Exploit
2015-05-08 00:00:00
packetstorm
packetstorm
Adobe Flash Player NetConnection Type Confusion
2015-05-07 00:00:00
zdi
zdi
Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability
2015-03-12 00:00:00
metasploit
metasploit
Adobe Flash Player NetConnection Type Confusion
2015-05-27 22:05:10
exploitdb
exploitdb
Adobe Flash Player - NetConnection Type Confusion (Metasploit)
2015-05-08 00:00:00
threatpost
threatpost
Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0
2015-05-28 13:57:47
Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS
2018-11-20 20:49:30
Chrome Browser Bug Under Active Attack
2021-06-10 20:07:53

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON
Related for SMB_KB3044132.NASL
altlinux2nessus13openvas7archlinux1suse5mageia1kaspersky1gentoo1freebsd1redhat1thn3cvelist11prion11nvd11ubuntucve11cve11googleprojectzero1checkpoint_advisories11symantec3hackerone1zdt2packetstorm1zdi1metasploit1exploitdb1threatpost5