top of page

​

I Summary
=========

This document reports on the results of an automatic security scan.
The report first summarises the results found.
Then, for each host, the report describes every issue found.
Please consider the advice given in each description, in order to rectify
the issue.

All dates are displayed using the timezone "Coordinated Universal Time",
which is abbreviated "UTC".

Vendor security updates are not trusted.

Overrides are on.  When a result has an override, this report uses the
threat of the override.

Notes are included in the report.Information on overrides is included in the report.

This report might not show details of all issues that were found.

This report contains all 871 results selected by the
filtering described above.  Before filtering there were 871 results.

Scan started: Fri May 26 13:20:06 2017 UTC
Scan ended:   Fri May 26 14:06:43 2017 UTC
Task:         DVL

Host Summary
************

Host            High  Medium  Low  Log  False Positive
192.168.27.45    490     273   24   84               0
Total: 1         490     273   24   84               0


II Results per Host
===================

Host 192.168.27.45
******************

Scanning of this host started at: Fri May 26 13:20:22 2017 UTC
Number of results: 871

Port Summary for Host 192.168.27.45
-----------------------------------

Service (Port)          Threat Level
general/tcp             High
6001/tcp                Log
69/udp                  Log
22/tcp                  High
5801/tcp                Log
3306/tcp                Log
5901/tcp                Log
general/icmp            Log
631/tcp                 Log
5001/tcp                Log
80/tcp                  High
6000/tcp                Log
general/CPE-T           Log
5432/tcp                Medium

Security Issues for Host 192.168.27.45
--------------------------------------

Issue
-----
NVT:    12Planet Chat Server one2planet.infolet.InfoServlet XSS
OID:    1.3.6.1.4.1.25623.1.0.12299
Threat: Medium (CVSS: 4.3)
Port:   80/tcp

Summary:
The remote host contains the 12Planet Chat Server CGI which is
  vulnerable to a cross-site scripting issue.
  There is a bug in this software which makes it vulnerable to cross site script!
ing attacks.

Vulnerability Detection Result:
Vulnerable url: http://192.168.27.45/info/servlet/one2planet.infolet.InfoServlet!
?page=<script>foo</script>

Impact:
An attacker may use this bug to steal the credentials of the legitimate users
  of this site.

Solution:
Solution type: VendorFix
Upgrade to the newest version of this software

Vulnerability Detection Method:
Details:
12Planet Chat Server one2planet.infolet.InfoServlet XSS
(OID: 1.3.6.1.4.1.25623.1.0.12299)
Version used: $Revision: 6046 $

References:
CVE: CVE-2004-0678
BID: 10659


Issue
-----
NVT:    Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.902129
Threat: High (CVSS: 9.3)
Port:   general/tcp

Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)

Summary:
This host is installed with Adobe Reader and is prone to remote code
execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to execute arbitrary code by tricking
a user into opening a PDF file embedding a malicious Flash animation and bypass
intended sandbox restrictions allowing cross-domain requests.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Upgrade to Adobe Reader version 9.3.1 or 8.2.1 or later. For updates
refer to http://www.adobe.com

Affected Software/OS:
Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1 on Linux.

Vulnerability Insight:
Flaw is caused by a memory corruption error in the 'authplay.dll' module
when processing malformed Flash data within a PDF document and some unspecified
error.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.902129)
Version used: $Revision: 5394 $

Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5

Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)

References:
CVE: CVE-2010-0188, CVE-2010-0186
BID: 38195,  38198
CERT: DFN-CERT-2010-0348
, DFN-CERT-2010-0247
, DFN-CERT-2010-0233
, DFN-CERT-2010-0218
, DFN-CERT-2010-0210
, DFN-CERT-2010-0209

Other:
    http://xforce.iss.net/xforce/xfdb/56297
    http://www.vupen.com/english/advisories/2010/0399
    http://securitytracker.com/alerts/2010/Feb/1023601.html
    http://www.adobe.com/support/security/bulletins/apsb10-07.html


Issue
-----
NVT:    Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
OID:    1.3.6.1.4.1.25623.1.0.804267
Threat: High (CVSS: 9.3)
Port:   general/tcp

Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)

Summary:
This host is installed with Adobe Reader/Acrobat and is prone to remote code
execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to execute arbitrary code by tricking
a user into opening a PDF file embedding a malicious Flash animation and bypass
intended sandbox restrictions allowing cross-domain requests.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Upgrade to Adobe Reader/Acrobat version 9.3.1 or 8.2.1 or later. For updates
refer to http://www.adobe.com

Affected Software/OS:
Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1 on Mac OS X.
  Adobe Acrobat version 8.x before 8.2.1 and 9.x before 9.3.1 on Mac OS X

Vulnerability Insight:
Flaw is caused by a memory corruption error in the 'authplay.dll' module
when processing malformed Flash data within a PDF document and some unspecified
error.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
(OID: 1.3.6.1.4.1.25623.1.0.804267)
Version used: $Revision: 2482 $

Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5

Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)

References:
CVE: CVE-2010-0188, CVE-2010-0186
BID: 38195,  38198
CERT: DFN-CERT-2010-0348
, DFN-CERT-2010-0247
, DFN-CERT-2010-0233
, DFN-CERT-2010-0218
, DFN-CERT-2010-0210
, DFN-CERT-2010-0209

Other:
    http://xforce.iss.net/xforce/xfdb/56297
    http://www.vupen.com/english/advisories/2010/0399
    http://securitytracker.com/alerts/2010/Feb/1023601.html
    http://www.adobe.com/support/security/bulletins/apsb10-07.html


Issue
-----
NVT:    Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
OID:    1.3.6.1.4.1.25623.1.0.902128
Threat: High (CVSS: 9.3)
Port:   general/tcp

Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)

Summary:
This host is installed with Adobe Reader/Acrobat and is prone to remote code
execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to execute arbitrary code by tricking
a user into opening a PDF file embedding a malicious Flash animation and bypass
intended sandbox restrictions allowing cross-domain requests.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Upgrade to Adobe Reader/Acrobat version 9.3.1 or 8.2.1 or later. For updates
refer to http://www.adobe.com

Affected Software/OS:
Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1
  Adobe Acrobat version 8.x before 8.2.1 and 9.x before 9.3.1

Vulnerability Insight:
Flaw is caused by a memory corruption error in the 'authplay.dll' module
when processing malformed Flash data within a PDF document and some unspecified
error.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.902128)
Version used: $Revision: 5394 $

Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5

Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)

References:
CVE: CVE-2010-0188, CVE-2010-0186
BID: 38195,  38198
CERT: DFN-CERT-2010-0348
, DFN-CERT-2010-0247
, DFN-CERT-2010-0233
, DFN-CERT-2010-0218
, DFN-CERT-2010-0210
, DFN-CERT-2010-0209

Other:
    http://xforce.iss.net/xforce/xfdb/56297
    http://www.vupen.com/english/advisories/2010/0399
    http://securitytracker.com/alerts/2010/Feb/1023601.html
    http://www.adobe.com/support/security/bulletins/apsb10-07.html


Issue
-----
NVT:    Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.801516
Threat: High (CVSS: 9.3)
Port:   general/tcp

Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)

Summary:
This host is installed with Adobe Reader and is prone to buffer overflow
vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to crash an affected application or
execute arbitrary code by tricking a user into opening a specially crafted PDF
document.
Impact Level: Application

Solution:
Solution type: VendorFix
Upgrade to Adobe Reader version 9.4,
For updates refer to http://www.adobe.com

Affected Software/OS:
Adobe Reader version 9.3.4 and prior.

Vulnerability Insight:
The flaw is due to a boundary error within 'CoolType.dll' when processing the
'uniqueName' entry of SING tables in fonts.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Li...
(OID: 1.3.6.1.4.1.25623.1.0.801516)
Version used: $Revision: 5263 $

Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5

Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)

References:
CVE: CVE-2010-2883
BID: 43057
CERT: DFN-CERT-2010-1424
, DFN-CERT-2010-1338
, DFN-CERT-2010-1313
, DFN-CERT-2010-1308
, DFN-CERT-2010-1179

Other:
    http://secunia.com/advisories/41340
    http://www.adobe.com/support/security/advisories/apsa10-02.html
    http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html


Issue
-----
NVT:    Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Windows)
OID:    1.3.6.1.4.1.25623.1.0.801515
Threat: High (CVSS: 9.3)
Port:   general/tcp

Product detection result: cpe:/a:adobe:acrobat_reader:7.0.5
Detected by: Adobe products version detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800108)

Summary:
This host is installed with Adobe Reader/Acrobat and is prone to buffer
overflow vulnerability

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to crash an affected application
or execute arbitrary code by tricking a user into opening a specially crafted
PDF document.
Impact Level: Application

Solution:
Solution type: VendorFix
Upgrade to Adobe Reader/Adobe Acrobat version 9.4 or later.
For updates refer http://www.adobe.com/downloads/

Affected Software/OS:
Adobe Reader version 9.3.4 and prior.
Adobe Acrobat version 9.3.4 and prior on windows.

Vulnerability Insight:
The flaw is due to a boundary error within 'CoolType.dll' when processing the
'uniqueName' entry of SING tables in fonts.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Wi...
(OID: 1.3.6.1.4.1.25623.1.0.801515)
Version used: $Revision: 5263 $

Product Detection Result:
Product:cpe:/a:adobe:acrobat_reader:7.0.5

Method:Adobe products version detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800108)

References:
CVE: CVE-2010-2883
BID: 43057
CERT: DFN-CERT-2010-1424
, DFN-CERT-2010-1338
, DFN-CERT-2010-1313
, DFN-CERT-2010-1308
, DFN-CERT-2010-1179

Other:
    http://secunia.com/advisories/41340
    http://www.adobe.com/support/security/advisories/apsa10-02.html
    http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html


Issue
-----
NVT:    Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.90018
Threat: High (CVSS: 9.3)
Port:   general/tcp

Summary:
The remote host is probably affected by the vulnerabilities
  described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,
  CVE-2008-1654, CVE-2008-1655

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
CVE 2007-5275
    The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause
    a victim machine to establish TCP sessions with arbitrary hosts via a
    Flash (SWF) movie, related to lack of pinning of a hostname to a single
    IP address after receiving an allow-access-from element in a
    cross-domain-policy XML document, and the availability of a Flash Socket
    class that does not use the browser's DNS pins, aka DNS rebinding attacks,
    a different issue than CVE-2002-1467 and CVE-2007-4324.
  CVE 2007-6019
    Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier,
    allows remote attackers to execute arbitrary code via an SWF file with
    a modified DeclareFunction2 Actionscript tag, which prevents an object
    from being instantiated properly.
  CVE 2007-6243
    Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x
    up to 7.0.70.0 does not sufficiently restrict the interpretation and
    usage of cross-domain policy files, which makes it easier for remote
    attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
  CVE 2007-6637
    Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash
    Player allow remote attackers to inject arbitrary web script or HTML
    via a crafted SWF file, related to 'pre-generated SWF files' and Adobe
    Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector
    is already covered by CVE-2007-6244.1.
  CVE 2008-1654
    Interaction error between Adobe Flash and multiple Universal Plug and Play
    (UPnP) services allow remote attackers to perform Cross-Site Request
    Forgery (CSRF) style attacks by using the Flash navigateToURL function
    to send a SOAP message to a UPnP control point, as demonstrated by changing
    the primary DNS server.
  CVE 2008-1655
    Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier,
    and 8.0.39.0 and earlier, makes it easier for remote attackers to
    conduct DNS rebinding attacks via unknown vectors.

Solution:
All Adobe Flash Player users should upgrade to the latest version:

Vulnerability Detection Method:
Details:
Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.90018)
Version used: $Revision: 5661 $

References:
CVE: CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637, CVE-2008-1654, CVE-2008-1655
BID: 28697,  28696,  27034,  26966,  28694,  26930


Issue
-----
NVT:    Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.801922
Threat: High (CVSS: 9.3)
Port:   general/tcp

Summary:
This host has Adobe flash Player installed, and is prone to code
execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to corrupt memory
and execute arbitrary code on the system with elevated privileges.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Upgrade adobe flash player to version 10.2.159.1 or later,
Update Adobe Reader/Acrobat to version 9.4.4 or 10.0.3 or later,
For updates refer to http://www.adobe.com

Affected Software/OS:
Adobe Flash Player version 10.2.153.1 and prior on Linux

Vulnerability Insight:
The flaw is due to an error in handling 'SWF' file in adobe flash
player, which allows attackers to execute arbitrary code or cause a denial
of service via crafted flash content.

Vulnerability Detection Method:
Details:
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.801922)
Version used: $Revision: 5424 $

References:
CVE: CVE-2011-0611
BID: 47314
CERT: DFN-CERT-2012-0828
, DFN-CERT-2011-0662
, DFN-CERT-2011-0604
, DFN-CERT-2011-0602
, DFN-CERT-2011-0548

Other:
    https://www.kb.cert.org/vuls/id/230057
    http://www.adobe.com/support/security/advisories/apsa11-02.html
    http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html


Issue
-----
NVT:    Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.801922
Threat: High (CVSS: 9.3)
Port:   general/tcp

Summary:
This host has Adobe flash Player installed, and is prone to code
execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to corrupt memory
and execute arbitrary code on the system with elevated privileges.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Upgrade adobe flash player to version 10.2.159.1 or later,
Update Adobe Reader/Acrobat to version 9.4.4 or 10.0.3 or later,
For updates refer to http://www.adobe.com

Affected Software/OS:
Adobe Flash Player version 10.2.153.1 and prior on Linux

Vulnerability Insight:
The flaw is due to an error in handling 'SWF' file in adobe flash
player, which allows attackers to execute arbitrary code or cause a denial
of service via crafted flash content.

Vulnerability Detection Method:
Details:
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.801922)
Version used: $Revision: 5424 $

References:
CVE: CVE-2011-0611
BID: 47314
CERT: DFN-CERT-2012-0828
, DFN-CERT-2011-0662
, DFN-CERT-2011-0604
, DFN-CERT-2011-0602
, DFN-CERT-2011-0548

Other:
    https://www.kb.cert.org/vuls/id/230057
    http://www.adobe.com/support/security/advisories/apsa11-02.html
    http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html


Issue
-----
NVT:    Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.804087
Threat: High (CVSS: 10.0)
Port:   general/tcp

Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)

Summary:
This host is installed with Adobe Flash Player and is prone to arbitrary
code execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attackers to, execute arbitrary code and
cause buffer overflow.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.336 or later,
For updates refer to  http://get.adobe.com/flashplayer

Affected Software/OS:
Adobe Flash Player versions before 11.2.202.336 on Linux

Vulnerability Insight:
Flaw is due to an integer underflow condition that is triggered as unspecified
user-supplied input is not properly validated.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804087)
Version used: $Revision: 3521 $

Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0

Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)

References:
CVE: CVE-2014-0497
BID: 65327
CERT: CB-K14/0138
, DFN-CERT-2014-0142

Other:
    http://secunia.com/advisories/56737
    http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
    http://krebsonsecurity.com/2014/02/adobe-pushes-fix-for-flash-zero-day-attack


Issue
-----
NVT:    Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.804087
Threat: High (CVSS: 10.0)
Port:   general/tcp

Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)

Summary:
This host is installed with Adobe Flash Player and is prone to arbitrary
code execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attackers to, execute arbitrary code and
cause buffer overflow.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.336 or later,
For updates refer to  http://get.adobe.com/flashplayer

Affected Software/OS:
Adobe Flash Player versions before 11.2.202.336 on Linux

Vulnerability Insight:
Flaw is due to an integer underflow condition that is triggered as unspecified
user-supplied input is not properly validated.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804087)
Version used: $Revision: 3521 $

Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0

Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)

References:
CVE: CVE-2014-0497
BID: 65327
CERT: CB-K14/0138
, DFN-CERT-2014-0142

Other:
    http://secunia.com/advisories/56737
    http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
    http://krebsonsecurity.com/2014/02/adobe-pushes-fix-for-flash-zero-day-attack


Issue
-----
NVT:    Adobe Flash Player Buffer Overflow Vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.803154
Threat: High (CVSS: 10.0)
Port:   general/tcp

Summary:
This host is installed with Adobe Flash Player and is prone to
  buffer overflow vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
  code or cause denial of service condition.
  Impact Level: System/Application

Solution:
Solution type: VendorFix

Affected Software/OS:
Adobe Flash Player version before 10.3.183.50, 11.x before 11.2.202.261 on Linux
  Update to Adobe Flash Player version 10.3.183.50 or 11.2.202.261 or later,
  For updates refer to http://get.adobe.com/flashplayer

Vulnerability Insight:
An integer overflow error within 'flash.display.BitmapData()', which can be
  exploited to cause a heap-based buffer overflow.

Vulnerability Detection Method:
Details:
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.803154)
Version used: $Revision: 3556 $

References:
CVE: CVE-2013-0630
BID: 57184
CERT: DFN-CERT-2013-0439
, DFN-CERT-2013-0133
, DFN-CERT-2013-0116
, DFN-CERT-2013-0063
, DFN-CERT-2013-0057
, DFN-CERT-2013-0047

Other:
    http://secunia.com/advisories/51771
    http://securitytracker.com/id?1027950
    http://www.adobe.com/support/security/bulletins/apsb13-01.html


Issue
-----
NVT:    Adobe Flash Player Buffer Overflow Vulnerability (Linux)
OID:    1.3.6.1.4.1.25623.1.0.803154
Threat: High (CVSS: 10.0)
Port:   general/tcp

Summary:
This host is installed with Adobe Flash Player and is prone to
  buffer overflow vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
  code or cause denial of service condition.
  Impact Level: System/Application

Solution:
Solution type: VendorFix

Affected Software/OS:
Adobe Flash Player version before 10.3.183.50, 11.x before 11.2.202.261 on Linux
  Update to Adobe Flash Player version 10.3.183.50 or 11.2.202.261 or later,
  For updates refer to http://get.adobe.com/flashplayer

Vulnerability Insight:
An integer overflow error within 'flash.display.BitmapData()', which can be
  exploited to cause a heap-based buffer overflow.

Vulnerability Detection Method:
Details:
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.803154)
Version used: $Revision: 3556 $

References:
CVE: CVE-2013-0630
BID: 57184
CERT: DFN-CERT-2013-0439
, DFN-CERT-2013-0133
, DFN-CERT-2013-0116
, DFN-CERT-2013-0063
, DFN-CERT-2013-0057
, DFN-CERT-2013-0047

Other:
    http://secunia.com/advisories/51771
    http://securitytracker.com/id?1027950
    http://www.adobe.com/support/security/bulletins/apsb13-01.html


Issue
-----
NVT:    Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.804561
Threat: High (CVSS: 10.0)
Port:   general/tcp

Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)

Summary:
This host is installed with Adobe Flash Player and is prone to buffer
overflow vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attackers to execute arbitrary code and
cause a buffer overflow, resulting in a denial of service condition.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.356 or later,
For updates refer to  http://get.adobe.com/flashplayer

Affected Software/OS:
Adobe Flash Player version before 11.2.202.356 on Linux

Vulnerability Insight:
Flaw is due to an improper validation of user-supplied input to the pixel
bender component.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804561)
Version used: $Revision: 3521 $

Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0

Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)

References:
CVE: CVE-2014-0515
BID: 67092
CERT: CB-K14/0490
, DFN-CERT-2014-0510

Other:
    http://secpod.org/blog/?p=2577
    http://www.securelist.com/en/blog/8212
    http://helpx.adobe.com/security/products/flash-player/apsb14-13.html


Issue
-----
NVT:    Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.804561
Threat: High (CVSS: 10.0)
Port:   general/tcp

Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)

Summary:
This host is installed with Adobe Flash Player and is prone to buffer
overflow vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attackers to execute arbitrary code and
cause a buffer overflow, resulting in a denial of service condition.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.356 or later,
For updates refer to  http://get.adobe.com/flashplayer

Affected Software/OS:
Adobe Flash Player version before 11.2.202.356 on Linux

Vulnerability Insight:
Flaw is due to an improper validation of user-supplied input to the pixel
bender component.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804561)
Version used: $Revision: 3521 $

Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0

Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)

References:
CVE: CVE-2014-0515
BID: 67092
CERT: CB-K14/0490
, DFN-CERT-2014-0510

Other:
    http://secpod.org/blog/?p=2577
    http://www.securelist.com/en/blog/8212
    http://helpx.adobe.com/security/products/flash-player/apsb14-13.html


Issue
-----
NVT:    Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
OID:    1.3.6.1.4.1.25623.1.0.903015
Threat: High (CVSS: 10.0)
Port:   general/tcp

Summary:
This host is installed with Adobe Flash Player and is prone to
  code execution and denial of service vulnerabilities.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
  code or cause a denial of service (memory corruption) via unknown vectors.
  Impact Level: System/Application

Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 10.3.183.18 or 11.2.202.228 or later,
  For updates refer to http://get.adobe.com/flashplayer/

Affected Software/OS:
Adobe Flash Player version prior to 10.3.183.18 and 11.x to 11.1.102.63 on Linux

Vulnerability Insight:
The flaws are due to an unspecified error within the NetStream class.

Vulnerability Detection Method:
Details:
Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.903015)
Version used: $Revision: 5950 $

References:
CVE: CVE-2012-0772, CVE-2012-0773, CVE-2012-0724, CVE-2012-0725
BID: 52748,  52916,  52914
CERT: DFN-CERT-2012-2056
, DFN-CERT-2012-0985
, DFN-CERT-2012-0594
, DFN-CERT-2012-0590
, DFN-CERT-2012-0577
, DFN-CERT-2012-0573

Other:
    http://secunia.com/advisories/48623/
    http://www.securitytracker.com/id/1026859
    http://www.adobe.com/support/security/bulletins/apsb12-07.html


Issue
-----
NVT:    Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
OID:    1.3.6.1.4.1.25623.1.0.903015
Threat: High (CVSS: 10.0)
Port:   general/tcp

Summary:
This host is installed with Adobe Flash Player and is prone to
  code execution and denial of service vulnerabilities.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
  code or cause a denial of service (memory corruption) via unknown vectors.
  Impact Level: System/Application

Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 10.3.183.18 or 11.2.202.228 or later,
  For updates refer to http://get.adobe.com/flashplayer/

Affected Software/OS:
Adobe Flash Player version prior to 10.3.183.18 and 11.x to 11.1.102.63 on Linux

Vulnerability Insight:
The flaws are due to an unspecified error within the NetStream class.

Vulnerability Detection Method:
Details:
Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.903015)
Version used: $Revision: 5950 $

References:
CVE: CVE-2012-0772, CVE-2012-0773, CVE-2012-0724, CVE-2012-0725
BID: 52748,  52916,  52914
CERT: DFN-CERT-2012-2056
, DFN-CERT-2012-0985
, DFN-CERT-2012-0594
, DFN-CERT-2012-0590
, DFN-CERT-2012-0577
, DFN-CERT-2012-0573

Other:
    http://secunia.com/advisories/48623/
    http://www.securitytracker.com/id/1026859
    http://www.adobe.com/support/security/bulletins/apsb12-07.html


Issue
-----
NVT:    Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.804147
Threat: High (CVSS: 10.0)
Port:   general/tcp

Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)

Summary:
This host is installed with Adobe Flash Player and is prone to remote code
execution and denial of service vulnerabilities.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attackers to execute arbitrary code, cause
denial of service (memory corruption) and compromise a user's system.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.327 or later.
For updates refer to  http://get.adobe.com/flashplayer

Affected Software/OS:
Adobe Flash Player before version 11.2.202.327 on Linux

Vulnerability Insight:
Flaws are due to unspecified errors.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804147)
Version used: $Revision: 3556 $

Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0

Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)

References:
CVE: CVE-2013-5329, CVE-2013-5330
BID: 63680,  63680
CERT: CB-K13/0910
, DFN-CERT-2013-1930

Other:
    http://secunia.com/advisories/55527
    http://www.adobe.com/support/security/bulletins/apsb13-26.html


Issue
-----
NVT:    Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux)
OID:    1.3.6.1.4.1.25623.1.0.804147
Threat: High (CVSS: 10.0)
Port:   general/tcp

Product detection result: cpe:/a:adobe:flash_player:9.0.31.0
Detected by: Adobe Flash Player/AIR Version Detection (Linux) (OID: 1.3.6.1.4.1.25623.1.0.800032)

Summary:
This host is installed with Adobe Flash Player and is prone to remote code
execution and denial of service vulnerabilities.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will allow attackers to execute arbitrary code, cause
denial of service (memory corruption) and compromise a user's system.
Impact Level: System/Application

Solution:
Solution type: VendorFix
Update to Adobe Flash Player version 11.2.202.327 or later.
For updates refer to  http://get.adobe.com/flashplayer

Affected Software/OS:
Adobe Flash Player before version 11.2.202.327 on Linux

Vulnerability Insight:
Flaws are due to unspecified errors.

Vulnerability Detection Method:
Get the installed version with the help of detect NVT and check the version
is vulnerable or not.
Details:
Adobe Flash Player Code Execution and DoS Vulnerabilities Nov13 (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.804147)
Version used: $Revision: 3556 $

Product Detection Result:
Product:cpe:/a:adobe:flash_player:9.0.31.0

Method:Adobe Flash Player/AIR Version Detection (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.800032)

References:
CVE: CVE-2013-5329, CVE-2013-5330
BID: 63680,  63680
CERT: CB-K13/0910
, DFN-CERT-2013-1930

Other:
    http://secunia.com/advisories/55527
    http://www.adobe.com/support/security/bulletins/apsb13-26.html


Issue
-----
NVT:    Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux)
OID:    1.3.6.1.4.1.25623.1.0.802941
Threat: High (CVSS: 9.3)
Port:   general/tcp

Summary:
This host is installed with Adobe Flash Player and is prone to
  unspecified code execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to execute arbitrary code or
  cause the application to crash and take control of the affected system.
  Impact Level: System/Application

Solution:
Solution type: VendorFix
Upgrade to Adobe Flash Player version 11.2.202.238 or later,
  For details refer, http://www.adobe.com/downloads/

Affected Software/OS:
Adobe Flash Player version 11.2.202.236 and prior on Linux

Vulnerability Insight:
An unspecified error occurs when handling SWF content in a word document.
  This may allow a context-dependent attacker to execute arbitrary code.

Vulnerability Detection Method:
Details:
Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.802941)
Version used: $Revision: 5940 $

References:
CVE: CVE-2012-1535
BID: 55009
CERT: DFN-CERT-2013-0433
, DFN-CERT-2012-1652
, DFN-CERT-2012-1609
, DFN-CERT-2012-1599
, DFN-CERT-2012-1592
, DFN-CERT-2012-1576

Other:
    http://secunia.com/advisories/50285/
    http://www.adobe.com/support/security/bulletins/apsb12-18.html


Issue
-----
NVT:    Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux)
OID:    1.3.6.1.4.1.25623.1.0.802941
Threat: High (CVSS: 9.3)
Port:   general/tcp

Summary:
This host is installed with Adobe Flash Player and is prone to
  unspecified code execution vulnerability.

Vulnerability Detection Result:
Vulnerability was detected according to the Vulnerability Detection Method.

Impact:
Successful exploitation will let attackers to execute arbitrary code or
  cause the application to crash and take control of the affected system.
  Impact Level: System/Application

Solution:
Solution type: VendorFix
Upgrade to Adobe Flash Player version 11.2.202.238 or later,
  For details refer, http://www.adobe.com/downloads/

Affected Software/OS:
Adobe Flash Player version 11.2.202.236 and prior on Linux

Vulnerability Insight:
An unspecified error occurs when handling SWF content in a word document.
  This may allow a context-dependent attacker to execute arbitrary code.

Vulnerability Detection Method:
Details:
Adobe Flash Player Font Parsing Code Execution Vulnerability - (Linux)
(OID: 1.3.6.1.4.1.25623.1.0.802941)
Version used: $Revision: 5940 $

References:
CVE: CVE-2012-1535
BID: 55009
CERT: DFN-CERT-2013-0433
, DFN-CERT-2012-1652
, DFN-CERT-2012-1609
, DFN-CERT-2012-1599
, DFN-CERT-2012-1592
, DFN-CERT-2012-1576

Other:
    http://secunia.com/advisories/50285/
    http://www.adobe.com/support/security/bulletins/apsb12-18.html

bottom of page