Executive Summary

Informations
Name TA15-195A First vendor Publication 2015-07-14
Vendor US-CERT Last vendor Modification 2015-07-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Overview

Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges. Since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive techniques.


Description


The following vulnerabilities illustrate the need for ongoing mitigation techniques and prioritization of updates for highly targeted software:



  • Adobe Flash use-after-free and memory corruption vulnerabilities (CVE-2015-5119, CVE-2015-5122, CVE-2015-5123) Adobe Flash Player contains critical vulnerabilities within the ActionScript 3 ByteArray, opaqueBackground and BitmapData classes. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system.

  • Microsoft Windows Adobe Type Manager privilege escalation vulnerability (CVE-2015-2387)
    The Adobe Type Manager module contains a memory corruption vulnerability, which can allow an attacker to obtain system privileges on an affected Windows system. The Adobe Type Manager is a Microsoft Windows component present in every version since NT 4.0. The primary impact of exploiting this vulnerability is local privilege escalation.


Vulnerability Chaining


By convincing a user to visit a website or open a file containing specially crafted Flash content, an attacker could combine any one of the three Adobe Flash vulnerabilities with the Microsoft Windows vulnerability to take full control of an affected system.


A common attack vector for exploiting a Flash vulnerability is to entice a user to load Flash content in a web browser, and most web browsers have Flash installed and enabled. A second attack vector for Flash vulnerabilities is through a file (such as an email attachment) that embeds Flash content. Another technique leverages Object Linking and Embedding (OLE) capabilities in Microsoft Office documents to automatically download Flash content from a remote server.


An attacker who is able to execute arbitrary code through the Flash vulnerability could exploit the Adobe Type Manager vulnerability to gain elevated system privileges. The Adobe Type Manager vulnerability allows the attacker to bypass sandbox defenses (such as those found in Adobe Reader and Google Chrome) and low integrity protections (such as Protected Mode Internet Explorer and Protected View for Microsoft Office).


Impact


The Adobe Flash vulnerabilities can allow a remote attacker to execute arbitrary code. Exploitation of the Adobe Type Manager vulnerability could then allow the attacker to execute code with system https://www.microsoft.com/en-us/download/details.aspx?id=46366privileges.


Solution


Since attackers regularly target widely deployed, Internet-accessible software such as Adobe Flash and Microsoft Windows, it is important to prioritize updates for these products to defend against known vulnerabilities.


Since attackers regularly discover new vulnerabilities for which updates do not exist, it is important to enable exploit mitigation and other defensive techniques.


Apply Security Updates


The Adobe Flash vulnerabilities (CVE-2015-5119, CVE-2015-5122, CVE-2015-5123) are addressed in Adobe Security Bulletins APSB15-16 and APSB15-18. Users are encouraged to review the Bulletins and apply the necessary updates.


The Microsoft Windows Adobe Type Manager vulnerability (CVE-2015-2387) is addressed in Microsoft security Bulletin MS15-077. Users are encouraged to review the Bulletin and apply the necessary updates.


Additional information regarding the vulnerabilities can be found in Vulnerability Notes VU#561288, VU#338736, VU#918568, and VU#103336.


Limit Flash Content


Do not run untrusted Flash content. Most web browsers have Flash enabled by default, however, it may be possible to enable click-to-play features. For information see  http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/


Use the Microsoft Enhanced Mitigation Experience Toolkit (EMET)


EMET can be used to help prevent exploitation of the Flash vulnerabilities. In particular, Attack Surface Reduction (ASR) can be configured to help restrict Microsoft Office and Internet Explorer from loading the Flash ActiveX control. See the following link for additional information: http://www.microsoft.com/en-us/download/details.aspx?id=46366


Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA15-195A.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-416 Use After Free
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:29332
 
Oval ID: oval:org.mitre.oval:def:29332
Title: ATMFD.DLL Memory corruption vulnerability - CVE-2015-2387 (MS15-077)
Description: ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2387
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 365
Application 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 4
Os 1
Os 1
Os 2
Os 2
Os 1
Os 2
Os 3
Os 1

Snort® IPS/IDS

Date Description
2017-03-02 Adobe Flash Player remote code execution attempt
RuleID : 41482 - Revision : 1 - Type : FILE-FLASH
2017-03-02 Adobe Flash Player remote code execution attempt
RuleID : 41481 - Revision : 1 - Type : FILE-FLASH
2017-03-02 Adobe Flash Player remote code execution attempt
RuleID : 41480 - Revision : 1 - Type : FILE-FLASH
2017-03-02 Adobe Flash Player remote code execution attempt
RuleID : 41479 - Revision : 1 - Type : FILE-FLASH
2016-03-22 Adobe Flash Player remote code execution attempt
RuleID : 37689 - Revision : 1 - Type : FILE-FLASH
2016-03-22 Adobe Flash Player remote code execution attempt
RuleID : 37688 - Revision : 1 - Type : FILE-FLASH
2016-03-15 Adobe Flash Player remote code execution attempt
RuleID : 37641 - Revision : 1 - Type : FILE-FLASH
2016-03-15 Adobe Flash Player remote code execution attempt
RuleID : 37640 - Revision : 1 - Type : FILE-FLASH
2016-03-15 Adobe Flash Player remote code execution attempt
RuleID : 37639 - Revision : 1 - Type : FILE-FLASH
2016-03-15 Adobe Flash Player remote code execution attempt
RuleID : 37638 - Revision : 1 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36822 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36821 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36820 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36819 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player Exploit Kit decryption key detected
RuleID : 36193 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36152 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36151 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36150 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36149 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36142 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36141 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36140 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36139 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36138 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36137 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36136 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player remote code execution attempt
RuleID : 36135 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36129 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36128 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36127 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36126 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36125 - Revision : 2 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 36124 - Revision : 2 - Type : FILE-FLASH
2015-09-08 Adobe flash player BitmapData.paletteMap use after free attempt
RuleID : 35466 - Revision : 2 - Type : FILE-FLASH
2015-09-08 Adobe flash player BitmapData.paletteMap use after free attempt
RuleID : 35465 - Revision : 2 - Type : FILE-FLASH
2015-09-08 Adobe flash player BitmapData.paletteMap use after free attempt
RuleID : 35464 - Revision : 2 - Type : FILE-FLASH
2015-09-08 Adobe flash player BitmapData.paletteMap use after free attempt
RuleID : 35463 - Revision : 2 - Type : FILE-FLASH
2015-09-08 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 35454 - Revision : 3 - Type : FILE-FLASH
2015-09-08 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 35453 - Revision : 3 - Type : FILE-FLASH
2015-09-08 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 35452 - Revision : 3 - Type : FILE-FLASH
2015-09-08 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 35451 - Revision : 2 - Type : FILE-FLASH
2015-09-08 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 35450 - Revision : 3 - Type : FILE-FLASH
2015-09-08 Adobe Flash Player AS3 opaqueBackground use-after-free attempt
RuleID : 35449 - Revision : 2 - Type : FILE-FLASH
2015-08-18 Adobe Flash Player remote code execution attempt
RuleID : 35266 - Revision : 2 - Type : FILE-FLASH
2015-08-18 Adobe Flash Player remote code execution attempt
RuleID : 35265 - Revision : 3 - Type : FILE-FLASH
2015-08-18 Adobe Flash Player remote code execution attempt
RuleID : 35264 - Revision : 3 - Type : FILE-FLASH
2015-08-18 Adobe Flash Player remote code execution attempt
RuleID : 35263 - Revision : 2 - Type : FILE-FLASH
2015-08-18 Adobe Flash Player remote code execution attempt
RuleID : 35262 - Revision : 3 - Type : FILE-FLASH
2015-08-18 Adobe Flash Player remote code execution attempt
RuleID : 35261 - Revision : 3 - Type : FILE-FLASH
2015-08-14 Adobe Flash Player BitmapData use-after-free attempt
RuleID : 35220 - Revision : 2 - Type : FILE-FLASH
2015-08-14 Adobe Flash Player BitmapData use-after-free attempt
RuleID : 35219 - Revision : 2 - Type : FILE-FLASH
2015-08-14 Adobe Flash Player BitmapData use-after-free attempt
RuleID : 35218 - Revision : 2 - Type : FILE-FLASH
2015-08-14 Adobe Flash Player BitmapData use-after-free attempt
RuleID : 35217 - Revision : 2 - Type : FILE-FLASH
2015-08-11 Microsoft Windows ATMFD.dll open font type privilege escalation attempt
RuleID : 35108 - Revision : 3 - Type : OS-WINDOWS
2015-08-11 Microsoft Windows ATMFD.dll open font type privilege escalation attempt
RuleID : 35107 - Revision : 3 - Type : OS-WINDOWS
2015-08-11 Microsoft Windows ATMFD.dll open font type privilege escalation attempt
RuleID : 35106 - Revision : 3 - Type : OS-WINDOWS
2015-08-11 Microsoft Windows ATMFD.dll open font type privilege escalation attempt
RuleID : 35105 - Revision : 3 - Type : OS-WINDOWS
2015-08-11 Adobe Flash Player remote code execution attempt
RuleID : 35096 - Revision : 2 - Type : FILE-FLASH
2015-08-11 Adobe Flash Player remote code execution attempt
RuleID : 35095 - Revision : 2 - Type : FILE-FLASH
2015-08-09 Adobe Flash Player remote code execution attempt
RuleID : 35089 - Revision : 3 - Type : FILE-FLASH
2015-08-09 Adobe Flash Player remote code execution attempt
RuleID : 35088 - Revision : 3 - Type : FILE-FLASH
2015-08-09 Adobe Flash Player remote code execution attempt
RuleID : 35087 - Revision : 3 - Type : FILE-FLASH
2015-08-09 Adobe Flash Player remote code execution attempt
RuleID : 35086 - Revision : 3 - Type : FILE-FLASH

Nessus® Vulnerability Scanner

Date Description
2015-09-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201508-01.nasl - Type : ACT_GATHER_INFO
2015-09-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201507-13.nasl - Type : ACT_GATHER_INFO
2015-07-20 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-496.nasl - Type : ACT_GATHER_INFO
2015-07-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1258-1.nasl - Type : ACT_GATHER_INFO
2015-07-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1255-1.nasl - Type : ACT_GATHER_INFO
2015-07-17 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2015-1235.nasl - Type : ACT_GATHER_INFO
2015-07-16 Name : The remote Windows host has a browser plugin installed that is affected by mu...
File : smb_kb3079777.nasl - Type : ACT_GATHER_INFO
2015-07-14 Name : The Adobe Font driver on the remote host is affected by a privilege escalatio...
File : smb_nt_ms15-077.nasl - Type : ACT_GATHER_INFO
2015-07-14 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_43_0_2357_134.nasl - Type : ACT_GATHER_INFO
2015-07-14 Name : The remote Mac OS X host has a browser plugin installed that is affected by m...
File : macosx_flash_player_apsb15-18.nasl - Type : ACT_GATHER_INFO
2015-07-14 Name : The remote Windows host contains a web browser that is affected by multiple r...
File : google_chrome_43_0_2357_134.nasl - Type : ACT_GATHER_INFO
2015-07-14 Name : The remote Windows host has a browser plugin installed that is affected by mu...
File : flash_player_apsb15-18.nasl - Type : ACT_GATHER_INFO
2015-07-13 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1214-1.nasl - Type : ACT_GATHER_INFO
2015-07-13 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1211-1.nasl - Type : ACT_GATHER_INFO
2015-07-10 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_43_0_2357_132.nasl - Type : ACT_GATHER_INFO
2015-07-10 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : google_chrome_43_0_2357_132.nasl - Type : ACT_GATHER_INFO
2015-07-09 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2015-1214.nasl - Type : ACT_GATHER_INFO
2015-07-09 Name : The remote Windows host has a browser plugin installed that is affected by mu...
File : smb_kb3065823.nasl - Type : ACT_GATHER_INFO
2015-07-09 Name : The remote Windows host has a version of Adobe AIR installed that is affected...
File : adobe_air_apsb15-16.nasl - Type : ACT_GATHER_INFO
2015-07-09 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-473.nasl - Type : ACT_GATHER_INFO
2015-07-09 Name : The remote Mac OS X host has a browser plugin installed that is affected by m...
File : macosx_flash_player_apsb15-16.nasl - Type : ACT_GATHER_INFO
2015-07-09 Name : The remote Mac OS X host has a version of Adobe AIR installed that is affecte...
File : macosx_adobe_air_apsb15-16.nasl - Type : ACT_GATHER_INFO
2015-07-09 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_348bfa6925a211e5ade10011d823eebd.nasl - Type : ACT_GATHER_INFO
2015-07-09 Name : The remote Windows host has a browser plugin installed that is affected by mu...
File : flash_player_apsb15-16.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-07-15 05:31:39
  • Multiple Updates
2015-07-15 05:26:45
  • First insertion