| VID |
50073 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.194. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097)
- Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118)
- Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431)
- Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429)
- A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114)
- Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433)
- Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015- 428, CVE-2015-4430, CVE-2015-5119)
- Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116)
- A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
* Platforms Affected:
Adobe Flash Player equal or prior to 18.0.0.194
Apple Mac OS X Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Adobe Flash Player (18.0.0.194 later), available from the Adobe Web site at http://get.adobe.com/flashplayer/ |
| Related URL |
CVE-2015-4429,CVE-2015-4430,CVE-2015-4431,CVE-2015-4432,CVE-2015-4433,CVE-2015-5116,CVE-2015-5117,CVE-2015-5118,CVE-2015-5119,CVE-2015-5124 (CVE) |
| Related URL |
75090,75568,75590,75591,75592,75593,75594,75595,75596 (SecurityFocus) |
| Related URL |
(ISS) |
|
