Executive Summary
Summary | |
---|---|
Title | flash-plugin security update |
Informations | |||
---|---|---|---|
Name | RHSA-2015:0697 | First vendor Publication | 2015-03-17 |
Vendor | RedHat | Last vendor Modification | 2015-03-17 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339, CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342) This update also fixes a cross-domain policy bypass flaw and a file upload restriction bypass flaw. (CVE-2015-0337, CVE-2015-0340) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.451. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1201636 - flash-plugin: multiple code execution issues fixed in APSB15-05 1201649 - CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05) 1201651 - CVE-2015-0340 flash-plugin: file upload restriction bypass (APSB15-05) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2015-0697.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
75 % | CWE-399 | Resource Management Errors |
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:28575 | |||
Oval ID: | oval:org.mitre.oval:def:28575 | ||
Title: | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 could allow attackers to execute arbitrary code on Windows | ||
Description: | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | APSB15-05 CVE-2015-0336 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | ActiveX Control Adobe Flash Player |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 36146 - Revision : 2 - Type : FILE-FLASH |
2016-03-14 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 36145 - Revision : 3 - Type : FILE-FLASH |
2016-03-14 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 36144 - Revision : 3 - Type : FILE-FLASH |
2016-03-14 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 36143 - Revision : 3 - Type : FILE-FLASH |
2015-06-23 | Adobe Flash Player object type confusion attempt RuleID : 34478 - Revision : 2 - Type : FILE-FLASH |
2015-06-23 | Adobe Flash Player object type confusion attempt RuleID : 34477 - Revision : 3 - Type : FILE-FLASH |
2015-06-09 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 34357 - Revision : 2 - Type : FILE-FLASH |
2015-06-09 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 34356 - Revision : 2 - Type : FILE-FLASH |
2015-06-09 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 34355 - Revision : 2 - Type : FILE-FLASH |
2015-06-09 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 34354 - Revision : 3 - Type : FILE-FLASH |
2015-05-05 | Adobe Flash Player mp4 trex tag heap corruption attempt RuleID : 34021 - Revision : 2 - Type : FILE-FLASH |
2015-05-05 | Adobe Flash Player mp4 trex tag heap corruption attempt RuleID : 34020 - Revision : 2 - Type : FILE-FLASH |
2015-05-05 | Adobe Flash Player malformed mp4 tag memory corruption attempt RuleID : 33999 - Revision : 3 - Type : FILE-FLASH |
2015-05-05 | Adobe Flash Player malformed mp4 tag memory corruption attempt RuleID : 33998 - Revision : 2 - Type : FILE-FLASH |
2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
2015-04-30 | Nuclear exploit kit flash file download RuleID : 33981 - Revision : 4 - Type : EXPLOIT-KIT |
2015-04-30 | Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sand... RuleID : 33978 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player BrokerExtTextOutW invalid string and length parameter sand... RuleID : 33977 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player SWF object type mismatch attempt RuleID : 33976 - Revision : 2 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player SWF object type mismatch attempt RuleID : 33975 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player compressed file cross domain policy bypass attempt RuleID : 33974 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player compressed file cross domain policy bypass attempt RuleID : 33973 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player cross domain policy bypass attempt RuleID : 33972 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player cross domain policy bypass attempt RuleID : 33971 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 33970 - Revision : 2 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 33969 - Revision : 2 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 33968 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Adobe Flash Player NetConnection AS2 arbitrary code execution attempt RuleID : 33967 - Revision : 2 - Type : FILE-FLASH |
2015-04-30 | Google Chrome Pepper Flash same-origin-policy bypass attempt RuleID : 33962 - Revision : 2 - Type : BROWSER-CHROME |
2015-04-28 | Adobe Flash Player paletteMap integer overflow attempt RuleID : 33926 - Revision : 3 - Type : FILE-FLASH |
2015-04-28 | Adobe Flash Player paletteMap integer overflow attempt RuleID : 33925 - Revision : 3 - Type : FILE-FLASH |
2015-04-28 | Adobe Flash Player paletteMap integer overflow attempt RuleID : 33924 - Revision : 2 - Type : FILE-FLASH |
2015-04-28 | Adobe Flash Player paletteMap integer overflow attempt RuleID : 33923 - Revision : 2 - Type : FILE-FLASH |
2015-04-28 | Adobe Flash Player AVSegmentedSource caption unlink use-after-free attempt RuleID : 33921 - Revision : 2 - Type : FILE-FLASH |
2015-04-28 | Adobe Flash Player AVSegmentedSource caption unlink use-after-free attempt RuleID : 33920 - Revision : 3 - Type : FILE-FLASH |
2015-04-28 | Adobe Flash Player AVSegmentedSource caption unlink use-after-free attempt RuleID : 33919 - Revision : 2 - Type : FILE-FLASH |
2015-04-28 | Adobe Flash Player AVSegmentedSource caption unlink use-after-free attempt RuleID : 33918 - Revision : 3 - Type : FILE-FLASH |
2015-04-23 | Adobe Flash Player ActionScript memory corruption attempt RuleID : 33902 - Revision : 2 - Type : FILE-FLASH |
2015-04-23 | Adobe Flash Player ActionScript memory corruption attempt RuleID : 33901 - Revision : 3 - Type : FILE-FLASH |
2015-04-23 | Adobe Flash Player ActionScript memory corruption attempt RuleID : 33900 - Revision : 2 - Type : FILE-FLASH |
2015-04-23 | Adobe Flash Player ActionScript memory corruption attempt RuleID : 33899 - Revision : 2 - Type : FILE-FLASH |
2015-03-24 | Adobe Flash Player object type confusion attempt RuleID : 33540 - Revision : 4 - Type : FILE-FLASH |
2015-03-24 | Adobe Flash Player object type confusion attempt RuleID : 33539 - Revision : 4 - Type : FILE-FLASH |
2014-11-16 | Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt RuleID : 31286 - Revision : 6 - Type : FILE-FLASH |
2014-11-16 | Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt RuleID : 31284 - Revision : 6 - Type : FILE-FLASH |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-06-12 | Name : The remote Windows host has a version of Adobe AIR installed that is affected... File : adobe_air_apsb15-05.nasl - Type : ACT_GATHER_INFO |
2015-06-12 | Name : The remote Mac OS X host has a version of Adobe AIR installed that is affecte... File : macosx_adobe_air_apsb15-05.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0491-1.nasl - Type : ACT_GATHER_INFO |
2015-03-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201503-09.nasl - Type : ACT_GATHER_INFO |
2015-03-18 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2015-0697.nasl - Type : ACT_GATHER_INFO |
2015-03-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8b3ecff5c9b211e4b71f00bd5af88c00.nasl - Type : ACT_GATHER_INFO |
2015-03-17 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-225.nasl - Type : ACT_GATHER_INFO |
2015-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_flash-player-150313.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Windows host has a browser plugin that is affected by multiple vul... File : smb_kb3044132.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Windows host has a browser plugin that is affected by multiple vul... File : flash_player_apsb15-05.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Mac OS X host has a browser plugin that is affected by multiple vu... File : macosx_flash_player_apsa15-05.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-03-19 13:28:30 |
|
2015-03-17 21:25:31 |
|