Exploit Frameworks TENABLE NETWORK SECURITY,...

SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

TENABLE NETWORK SECURITY, INC.

Exploit FrameworksMay 9, 2012 at 9:56pm CDTDave Breslin [dbreslin6]Confidential: The following report contains confidential information. Do not distribute, email, fax,or transfer via any electronic mechanism unless it has been approved by the recipient company'ssecurity policy. All copies and backups of this document should be saved on protected storage at alltimes. Do not share any of the information contained within this report with anyone unless they areauthorized to view the information. Violating any of the previous instructions is grounds for termination.

http://www.tenablesecurity.com

Exploit Frameworks SecurityCenter 4TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012

Table of Contents

Tenable Network Security i

Table of ContentsNotice ......................................................................................................................................................................................................................................... 1

Exploit Framework Summary ........................................................................................................................................................................2

Core Impact ........................................................................................................................................................................................................................ 710.0.0.41 ............................................................................................................................................................................................................................................1110.0.0.54 ............................................................................................................................................................................................................................................2910.0.100.40 ........................................................................................................................................................................................................................................33

Canvas ...................................................................................................................................................................................................................................3710.0.0.41 ............................................................................................................................................................................................................................................4110.0.0.54 ............................................................................................................................................................................................................................................5110.0.100.40 ........................................................................................................................................................................................................................................58

Metasploit ...........................................................................................................................................................................................................................6210.0.0.41 ............................................................................................................................................................................................................................................6610.0.0.54 ............................................................................................................................................................................................................................................7510.0.100.40 ........................................................................................................................................................................................................................................82


Notice

Tenable Network Security 1

Notice

This is an example report produced by scanning hosts in a lab. It is not intended for use in competitve analysis of exploit frameworks.


Exploit Framework Summary



5 Day Trend




Core Impact Exploitable Vulnerabilities

Plugin Total Severity Plugin Name

57948 1 HighMS12-014: Vulnerability in Indeo CodecCould Allow Remote Code Execution(2661637)

55421 1 HighAdobe Reader < 10.1 / 9.4.5 / 8.3 MultipleVulnerabilities (APSB11-16) (Mac OS X)

55141 1 HighFlash Player for Mac < 10.3.181.26 RemoteMemory Corruption (APSB11-18)

55140 1 HighFlash Player < 10.3.181.26 MultipleVulnerabilities (APSB11-18)

53473 1 HighWireshark < 1.2.16 / 1.4.5 MultipleVulnerabilities

53472 1 HighFlash Player < 10.2.159.1 ActionScriptPredefined Class Prototype AdditionRemote Code Execution (APSB11-07)

52673 1 HighFlash Player < 10.2.153.1 UnspecifiedMemory Corruption (APSB11-05)

49950 1 HighMS10-073: Vulnerabilities in WindowsKernel-Mode Drivers Could Allow Elevationof Privilege (981957)

48297 1 High

MS10-060: Vulnerabilities in theMicrosoft .NET Common LanguageRuntime and in Microsoft Silverlight CouldAllow Remote Code Execution (2265906)



42439 1 HighMS09-065: Vulnerabilities in WindowsKernel-Mode Drivers Could Allow RemoteCode Execution (969947)

40434 1 HighFlash Player < 9.0.246.0 / 10.0.32.18Multiple Vulnerabilities (APSB09-10)





39347 1 HighMS09-025: Vulnerabilities in WindowsKernel Could Allow Elevation of Privilege(968537)

35822 1 HighMS09-006: Vulnerabilities in WindowsKernel Could Allow Remote Code Execution(958690)

Canvas Exploitable Vulnerabilities


57044 1 HighAdobe Reader <= 10.1.1 / 9.4.6 U3DMemory Corruption (APSA11-04) (Mac OSX)

56163 1 MediumWireshark 1.4.x < 1.4.9 MultipleVulnerabilities

55141 1 HighFlash Player for Mac < 10.3.181.26 RemoteMemory Corruption (APSB11-18)

55140 1 HighFlash Player < 10.3.181.26 MultipleVulnerabilities (APSB11-18)



48297 1 High

MS10-060: Vulnerabilities in theMicrosoft .NET Common LanguageRuntime and in Microsoft Silverlight CouldAllow Remote Code Execution (2265906)







45509 1 HighMS10-022: Vulnerability in VBScriptScripting Engine Could Allow Remote CodeExecution (981169)

40434 1 HighFlash Player < 9.0.246.0 / 10.0.32.18Multiple Vulnerabilities (APSB09-10)

27599 1 HighFLEXnet Connect Update ServiceActiveX Control Multiple Code ExecutionVulnerabilities

Metasploit Exploitable Vulnerabilities


58659 1 HighMS12-027: Vulnerability in WindowsCommon Controls Could Allow RemoteCode Execution (2664258)

58002 1 HighFlash Player for Mac <= 10.3.183.14 /11.1.102.62 Multiple Vulnerabilities(APSB12-03)

58001 1 HighFlash Player <= 10.3.183.14 / 11.1.102.55Multiple Vulnerabilities (APSB12-03)

57044 1 HighAdobe Reader <= 10.1.1 / 9.4.6 U3DMemory Corruption (APSA11-04) (Mac OSX)

56199 1 HighAdobe Reader < 10.1.1 / 9.4.6 / 8.3.1Multiple Vulnerabilities (APSB11-21,APSB11-24) (Mac OS X)

56163 1 MediumWireshark 1.4.x < 1.4.9 MultipleVulnerabilities

55804 1 HighFlash Player for Mac <= 10.3.181.36Multiple Vulnerabilities (APSB11-21)

55803 1 HighFlash Player <= 10.3.181.36 MultipleVulnerabilities (APSB11-21)






53472 1 HighFlash Player < 10.2.159.1 ActionScriptPredefined Class Prototype AdditionRemote Code Execution (APSB11-07)

52673 1 HighFlash Player < 10.2.153.1 UnspecifiedMemory Corruption (APSB11-05)

45509 1 HighMS10-022: Vulnerability in VBScriptScripting Engine Could Allow Remote CodeExecution (981169)

27599 1 HighFLEXnet Connect Update ServiceActiveX Control Multiple Code ExecutionVulnerabilities


Core Impact


Core Impact

5 Day Trend


Core Impact


Core Impact Exploitable Hosts

IP Address NetBIOS Name DNS Name MAC Address Total Low Med. High Crit.

10.0.0.41 ITSDEPT\DT0008 dt8001.itsdept.com 52:54:00:fc:14:86 11 0 0 11 0

10.0.0.54 ITSDEPT\DT0007 dt0007.itsdept.com 00:10:60:df:1e:2b 2 0 0 2 0

10.0.100.40 UNKNOWN\MAC0001 mac0001.itsdept.com 60:c5:47:10:a7:1b 2 0 0 2 0

Core Impact Exploitable Vulnerability Totals by Plugin Family

Family Total Low Med. High Crit.

Windows : Microsoft Bulletins 8 0 0 8 0

Windows 5 0 0 5 0

MacOS X Local Security Checks 2 0 0 2 0

Core Impact Exploitable Vulnerability Totals by MS Bulletin

MS Bulletin Total Severity

MS12-014 1 High

MS10-073 1 High

MS10-060 1 High

MS10-048 1 High

MS10-032 1 High

MS09-065 1 High

MS09-025 1 High

MS09-006 1 High


Core Impact


Core Impact Exploitable Vulnerability Totals by CVE

CVE Total Severity

CVE-2011-2110 2 High

CVE-2011-2106 1 High

CVE-2011-2105 1 High

CVE-2011-2104 1 High

CVE-2011-2103 1 High

CVE-2011-2102 1 High

CVE-2011-2101 1 High

CVE-2011-2100 1 High

CVE-2011-2099 1 High

CVE-2011-2098 1 High

CVE-2011-2097 1 High

CVE-2011-2096 1 High

CVE-2011-2095 1 High

CVE-2011-2094 1 High

CVE-2011-1592 1 High

CVE-2011-1591 1 High

CVE-2011-1590 1 High

CVE-2011-0611 1 High

CVE-2011-0609 1 High

CVE-2010-3138 1 High

CVE-2010-2744 1 High

CVE-2010-2743 1 High

CVE-2010-2549 1 High

CVE-2010-1898 1 High

CVE-2010-1897 1 High

CVE-2010-1896 1 High

CVE-2010-1895 1 High

CVE-2010-1894 1 High

CVE-2010-1887 1 High


Core Impact


CVE Total Severity

CVE-2010-1255 1 High

CVE-2010-0485 1 High

CVE-2010-0484 1 High

CVE-2010-0019 1 High

CVE-2009-2514 1 High

CVE-2009-2513 1 High

CVE-2009-2493 1 High

CVE-2009-1870 1 High

CVE-2009-1869 1 High

CVE-2009-1868 1 High

CVE-2009-1867 1 High

CVE-2009-1866 1 High

CVE-2009-1865 1 High

CVE-2009-1864 1 High

CVE-2009-1863 1 High

CVE-2009-1862 1 High

CVE-2009-1127 1 High

CVE-2009-1126 1 High

CVE-2009-1125 1 High

CVE-2009-1124 1 High

CVE-2009-1123 1 High

CVE-2009-0901 1 High

CVE-2009-0083 1 High

CVE-2009-0082 1 High

CVE-2009-0081 1 High


Core Impact


10.0.0.41

NetBIOS Name: ITSDEPT\DT0008

IP Address: 10.0.0.41

Vulnerabilities: Critical: 0, High: 42, Medium: 8, Low: 4, Info: 86

MAC Address: 52:54:00:fc:14:86

DNS Name: dt8001.itsdept.com

Repository: repo

Last Scan: May 9, 2012 @ 8:25PM

Core Impact Exploitable Vulnerability Details:

Plugin Plugin Name Severity Port Protocol Family Exploit?

35822

MS09-006:Vulnerabilities inWindows KernelCould Allow RemoteCode Execution(958690)

High 445 TCP Windows : Microsoft Bulletins Yes

Synopsis: It is possible to execute arbitrary code on the remote host.

Description: The remote host contains a version of the Windows kernel that is affected by vulnerabilities :

- A remote code execution vulnerability exists due to improper validation of input passed from user mode through the kernel component of GDI. Successful exploitation requiresthat a user on the affected host view a specially crafted EMF or WMF image file, perhaps by being tricked into visiting a malicious web site, and could lead to a complete systemcompromise.(CVE-2009-0081)

- A local privilege escalation vulnerability exists due to the way the kernel validates handles. (CVE-2009-0082)

- A local privilege escalation vulnerability exists due to improper handling of a specially crafted invalid pointer.(CVE-2009-0083)

Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 :


Core Impact


http://technet.microsoft.com/en-us/security/bulletin/ms09-006

Risk Factor: High

STIG Severity: I

CVSS Base Score: 9.3

CVSS Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Temporal Score: 7.7

CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Plugin Output:- C:\WINDOWS\system32\Win32k.sys has not been patchedRemote version : 5.1.2600.5512Should be : 5.1.2600.5756

CPE: cpe:/o:microsoft:windows

CVE: CVE-2009-0081, CVE-2009-0082, CVE-2009-0083

BID: 34012, 34025, 34027

Crossref: OSVDB #52522, OSVDB #52523, OSVDB #52524, IAVA #2009-A-0020, MSFT #MS09-006, CWE #20

Plugin Publication Date: 2009/03/11

Plugin Modification Date: 2011/12/12

Exploit Available: true

Exploitability Ease: Exploits are available

Plugin Type: local

Source File: smb_nt_ms09-006.nasl

Exploit Frameworks: Core Impact


Core Impact



39347

MS09-025:Vulnerabilities inWindows KernelCould AllowElevation of Privilege(968537)


Synopsis: The remote Windows kernel is affected by local privilege escalation vulnerabilities.

Description: The remote host contains a version of the Windows kernel that is affected by multiple vulnerabilities :

- A failure of the Windows kernel to properly validate changes in certain kernel objects allows a local user to run arbitrary code in kernel mode. (CVE-2009-1123)

- Insufficient validation of certain pointers passed from user mode allows a local user to run arbitrary code in kernel mode. (CVE-2009-1124)

- A failure to properly validate an argument passed to a Windows kernel system call allows a local user to run arbitrary code in kernel mode. (CVE-2009-1125)

- Improper validation of input passed from user mode to the kernel when editing a specific desktop parameter allows a local user to run arbitrary code in kernel mode.(CVE-2009-1126)


http://technet.microsoft.com/en-us/security/bulletin/MS09-025

Risk Factor: High


CVSS Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C






Core Impact


CVE: CVE-2009-1123, CVE-2009-1124, CVE-2009-1125, CVE-2009-1126

BID: 35120, 35121, 35238, 35240

Crossref: CWE #20, OSVDB #54940, OSVDB #54941, OSVDB #54942, OSVDB #54943, MSFT #MS09-025





Plugin Type: local




40434

Flash Player< 9.0.246.0 /10.0.32.18 MultipleVulnerabilities(APSB09-10)

High 445 TCP Windows Yes

Synopsis: The remote Windows host contains a browser plugin that is affected by multiple vulnerabilities.

Description: The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.246.0 / 10.0.32.18. Such versions are reportedly affected by multiplevulnerabilities :

- A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-1862)

- A vulnerability in the Microsoft Active Template Library (ATL) which could allow an attacker who successfully exploits the vulnerability to take control of the affected system.(CVE-2009-0901, CVE-2009-2395, CVE-2009-2493)

- A privilege escalation vulnerability that could potentially lead to code execution. (CVE-2009-1863)

- A heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1864)

- A null pointer vulnerability that could potentially lead to code execution. (CVE-2009-1865)

- A stack overflow vulnerability that could potentially lead to code execution. (CVE-2009-1866)


Core Impact


- A clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. (CVE-2009-1867

- A URL parsing heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1868)

- An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-1869)

- A local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive. CVE-2009-1870)

Solution: Upgrade to version 10.0.32.18 or later. If you are unable to upgrade to version 10, upgrade to version 9.0.246.0 or later.

See Also: http://www.adobe.com/support/security/bulletins/apsb09-10.html

Risk Factor: High

STIG Severity: I





Plugin Output:Nessus has identified the following vulnerable instance of FlashPlayer installed on the remote host :

- ActiveX control (for Internet Explorer) :C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, 6.0.88.0

CPE: cpe:/a:adobe:flash_player

CVE: CVE-2009-1862, CVE-2009-0901, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869,CVE-2009-1870

BID: 35759, 35832, 35846, 35900, 35901, 35902, 35903, 35904, 35905, 35906, 35907, 35908

Crossref: OSVDB #56282, OSVDB #56696, OSVDB #56698, OSVDB #56771, OSVDB #56772, OSVDB #56773, OSVDB #56774, OSVDB #56775, OSVDB #56776, OSVDB#56777, OSVDB #56778, IAVA #2009-A-0061, IAVA #2009-A-0062, IAVA #2009-A-0063, IAVA #2009-A-0067, IAVA #2009-A-0094, IAVA #2009-A-0097, IAVA #2009-A-0127, CWE#200

Vulnerability Publication Date: 2009/07/28


Core Impact


Patch Publication Date: 2009/07/30





Plugin Type: local

Source File: flash_player_apsb09_10.nasl

Exploit Frameworks: Canvas (CANVAS), Core Impact


42439

MS09-065:Vulnerabilities inWindows Kernel-Mode Drivers CouldAllow Remote CodeExecution (969947)


Synopsis: The remote Windows kernel is affected by remote privilege escalation vulnerabilities.

Description: The remote host contains a version of the Windows kernel that is affected by multiple vulnerabilities :

- A NULL pointer dereferencing vulnerability allowing a local user to elevate his privileges (CVE-2009-1127)

- Insufficient validation of certain input passed to GDI from user mode allows a local user to run arbitrary code in kernel mode. (CVE-2009-2513)

- A parsing vulnerability when decoding a specially crafted Embedded OpenType (EOT) font may allow a remote user to execute arbitrary code on the remote host by luring a user ofthe remote host into viewing a web page containing such a malformed font. (CVE-2009-2514)



Risk Factor: High

STIG Severity: II



Core Impact




CVSS Temporal Vector: CVSS2#E:POC/RL:OF/RC:C



CVE: CVE-2009-1127, CVE-2009-2513, CVE-2009-2514

BID: 36029, 36939, 36941

Crossref: OSVDB #59867, OSVDB #59868, OSVDB #59869, IAVA #2009-A-0117, MSFT #MS09-065, CWE #94







Plugin Type: local




46839

MS10-032:Vulnerabilities inWindows Kernel-Mode Drivers Could



Core Impact


Allow Elevation ofPrivilege (979559)

Synopsis: The Windows kernel is affected by several vulnerabilities that could allow escalation of privileges.

Description: The remote Windows host is running a version of the Windows kernel that is affected by one or more of the following vulnerabilities :

- Improper validation of changes in certain kernel objects may allow a local attacker to execute arbitrary code in kernel mode and take complete control of the affected system.(CVE-2010-0484)

- Improper validation of parameters when creating a new window may allow a local attacker to execute arbitrary code in kernel mode and take complete control of the affectedsystem. (CVE-2010-0485)

- A vulnerability that arises in the way Windows provides glyph outline information to applications may allow a local attacker to execute arbitrary code in kernel mode and takecomplete control of the affected system. (CVE-2010-1255)

Solution: Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista, 2008, 7, and 2008 R2 :


Risk Factor: High

STIG Severity: II







CVE: CVE-2010-0484, CVE-2010-0485, CVE-2010-1255

BID: 40508, 40569, 40570


Core Impact


Crossref: OSVDB #65223, OSVDB #65224, OSVDB #65225, IAVA #2010-A-0077, MSFT #MS10-032







Plugin Type: local




48285

MS10-048:Vulnerabilities inWindows Kernel-Mode Drivers CouldAllow Elevation ofPrivilege (2160329)




- Improper valiation of an argument passed to a system call can result in a denial of service. (CVE-2010-1887)

- Certain unspecified exceptions are not properly handled which could result in arbitrary code execution in the kernel. (CVE-2010-1894)

- Memory is not properly allocated when making a copy from user mode, which could result in an elevation of privileges. (CVE-2010-1895)

- Unspecified input from user mode is not properly validated, which could result in arbitrary code execution in the kernel. (CVE-2010-1896)

- Unspecified parameters are not properly validated when creating a new window, which could result in arbitrary code execution in the kernel.(CVE-2010-1897)

Solution: Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 :


Core Impact



Risk Factor: High

STIG Severity: II







CVE: CVE-2010-1887, CVE-2010-1894, CVE-2010-1895, CVE-2010-1896, CVE-2010-1897

BID: 39630, 42206, 42210, 42245, 42250

Crossref: OSVDB #66979, OSVDB #66980, OSVDB #66981, OSVDB #66982, OSVDB #66983, IAVA #2010-A-0106, MSFT #MS10-048







Plugin Type: local



Core Impact




49950



Synopsis: The Windows kernel is affected by multiple vulnerabilities that could allow escalation of privileges.

Description: The remote Windows host is running a version of the Windows kernel that is affected by the following vulnerabilities :

- A reference count leak, which could result in arbitrary code execution in the kernel.(CVE-2010-2549)

- Kernel-mode drivers load unspecified keyboard layers improperly, which could result in arbitrary code execution in the kernel. (CVE-2010-2743)

- Kernel-mode drivers do not properly validate unspecified window class data, which could result in arbitrary code execution in the kernel.(CVE-2010-2744)

Solution: Microsoft has released a set of patches for Windows 2003, XP, Vista, 2008, 7, and 2008 R2 :


See Also: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0003.html

Risk Factor: High

STIG Severity: II







Core Impact



CVE: CVE-2010-2549, CVE-2010-2743, CVE-2010-2744

BID: 41280, 43773, 43774

Crossref: OSVDB #66003, OSVDB #68551, OSVDB #68552, EDB-ID #15985, IAVA #2010-A-0138, MSFT #MS10-073







Plugin Type: local




52673

Flash Player< 10.2.153.1UnspecifiedMemory Corruption(APSB11-05)


Synopsis: The remote Windows host contains a browser plug-in that is affected by a memory corruption vulnerability.

Description: The remote Windows host contains a version of Adobe Flash Player earlier than 10.2.153.1. Such versions are affected by an unspecified memory corruptionvulnerability.

A remote attacker could exploit this by tricking a user into viewing maliciously crafted SWF content, resulting in arbitrary code execution.

This bug is currently being exploited in the wild.


Core Impact


Solution: Upgrade to Flash Player 10.2.153.1 or later.

See Also: http://www.nessus.org/u?82775d9ehttp://www.adobe.com/support/security/advisories/apsa11-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-05.html

Risk Factor: High

STIG Severity: II





Plugin Output:Product : ActiveX control (for Internet Explorer)Path : C:\WINDOWS\system32\Macromed\Flash\Flash6.ocxInstalled version : 6.0.88.0Fixed version : 10.2.153.1


CVE: CVE-2011-0609

BID: 46860

Crossref: OSVDB #71254, CERT #192052, EDB-ID #17027, IAVA #2011-A-0035, IAVA #2011-A-0036, Secunia #43751, Secunia #43757








Core Impact


Plugin Type: local

Source File: flash_player_apsa11-01.nasl

Exploit Frameworks: Metasploit (Adobe Flash Player AVM Bytecode Verification), Core Impact


53472

Flash Player< 10.2.159.1ActionScriptPredefinedClass PrototypeAddition RemoteCode Execution(APSB11-07)


Synopsis: The remote Windows host contains a browser plug-in that allows arbitrary code execution.

Description: The remote Windows host contains a version of Adobe Flash Player earlier than 10.2.159.1. Such versions are reportedly affected by a memory corruption vulnerability.

By tricking a user on the affected system into opening a specially crafted document with Flash content, such as a SWF file embedded in a Microsoft Word document, an attacker canpotentially leverage this issue to execute arbitrary code remotely on the system subject to the user's privileges.

Note that there are reports that this issue is being exploited in the wild as of April 2011.

Solution: Upgrade to Adobe Flash Player 10.2.159.1 or later.

See Also: http://www.nessus.org/u?9ee82b34http://www.adobe.com/support/security/bulletins/apsb11-07.html

Risk Factor: High

STIG Severity: II





Plugin Output:Product : ActiveX control (for Internet Explorer)Path : C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx


Core Impact


Installed version : 6.0.88.0Fixed version : 10.2.159.1


CVE: CVE-2011-0611

BID: 47314

Crossref: OSVDB #71686, CERT #230057, IAVA #2011-A-0053, Secunia #44119







Plugin Type: local

Source File: flash_player_apsb11-07.nasl

Exploit Frameworks: Metasploit (windows/browser/adobe_flashplayer_flash10o.rb), Core Impact


55140

Flash Player <10.3.181.26 MultipleVulnerabilities(APSB11-18)


Synopsis: A browser plugin is affected by a memory corruption vulnerability.

Description: According to its version, the instance of Flash Player installed on the remote Windows host is earlier than 10.3.181.26. This version of Flash Player has a criticalvulnerability. By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage the vulnerability to execute arbitrarycode remotely on the system subject to the user's privileges.

This issue is reportedly being exploited in the wild in targeted attacks as of June 2011.

Solution: Upgrade to Adobe Flash version 10.3.181.26 or later.


Core Impact



Risk Factor: High







CVE: CVE-2011-2110

BID: 48268

Crossref: OSVDB #73007







Plugin Type: local




Core Impact



57948

MS12-014:Vulnerability inIndeo Codec CouldAllow Remote CodeExecution (2661637)


Synopsis: Arbitrary code can be executed on the remote Windows host through the Indeo codec.

Description: The remote Windows XP host contains a version of the Indeo codec that is affected by an insecure library loading vulnerability.

A remote attacker could exploit this by tricking a user into opening a legitimate file (e.g., an .avi file) located in the same directory as a maliciously crafted dynamic link library (DLL)file, resulting in arbitrary code execution.

Solution: Microsoft has released a patch for Windows XP :


See Also: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php

Risk Factor: High





Plugin Output:

The following file was not found :

C:\WINDOWS\system32\Iacenc.dll

This indicates KB2661637 is missing.

CPE: cpe:/o:microsoft:windows_xp

CVE: CVE-2010-3138


Core Impact


BID: 42730

Crossref: OSVDB #67551, EDB-ID #14765, EDB-ID #14788, MSFT #MS12-014, Secunia #41114







Plugin Type: local




Core Impact


10.0.0.54




MAC Address: 00:10:60:df:1e:2b


Repository: repo




48297

MS10-060:Vulnerabilities inthe Microsoft .NETCommon LanguageRuntime and inMicrosoft SilverlightCould Allow RemoteCode Execution(2265906)


Synopsis: The Microsoft .NET Common Language Runtime and/or Microsoft Silverlight have multiple vulnerabilities.

Description: The remote Windows host is running a version of the Microsoft .NET Framework and/or Microsoft Silverlight affected by multiple vulnerabilities :

- Silverlight improperly handles pointers in an unspecified manner. A remote attacker could exploit this by tricking a user into viewing a web page with maliciously crafted Silverlightcontent. (CVE-2010-0019)

- An unspecified vulnerability in the .NET framework can allow a specially crafted .NET or Silverlight application to access memory, resulting in arbitrary unmanaged code execution.(CVE-2010-1898)

Solution: Microsoft has released a set of patches for .NET Framework 2.0, 3.5, and Silverlight :


Core Impact



Risk Factor: High

STIG Severity: II





Plugin Output:

Product : Microsoft SilverlightPath : c:\Program Files\Microsoft Silverlight\3.0.40624.0Installed version : 3.0.40624.0Fix : 3.0.50611.0

CPE: cpe:/a:microsoft:silverlightcpe:/o:microsoft:windows

CVE: CVE-2010-0019, CVE-2010-1898

BID: 42138, 42295

Crossref: OSVDB #66992, OSVDB #66993, IAVA #2010-A-0109, MSFT #MS10-060







Plugin Type: local


Core Impact





53473Wireshark < 1.2.16 /1.4.5 MultipleVulnerabilities


Synopsis: The remote Windows host contains an application that is affected by multiple vulnerabilities.

Description: The installed version of Wireshark is 1.2.x less than 1.2.16 or 1.4.x less than 1.4.5. Such versions are affected by the following vulnerabilities :

- A data type mismatch error exists in the function 'dissect_nfs_clientaddr4' in the file 'packet-nfs.c' of the NFS dissector and could lead to application crashes while decoding'SETCLIENTID' calls. (5209)- A use-after-free error exists in the file 'asn1/x509if/x509if.cnf' of the X.509if dissector that could lead to application crashes. (5754, 5793)- An buffer overflow vulnerability exists in the file 'packet-dect.c' of the DECT dissector that could allow arbitrary code execution. (5836)

Solution: Upgrade to Wireshark version 1.2.16 / 1.4.5 or later.

See Also: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5209https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5793https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5836http://www.wireshark.org/security/wnpa-sec-2011-05.htmlhttp://www.wireshark.org/security/wnpa-sec-2011-06.htmlhttp://www.wireshark.org/docs/relnotes/wireshark-1.2.16.htmlhttp://www.wireshark.org/docs/relnotes/wireshark-1.4.5.html

Risk Factor: High





Plugin Output:The following vulnerable instance of Wireshark is installed :

Path : C:\Program Files\Wireshark


Core Impact


Installed version : 1.4.4Fixed version : 1.2.16 / 1.4.5

CPE: cpe:/a:wireshark:wireshark

CVE: CVE-2011-1590, CVE-2011-1591, CVE-2011-1592

BID: 47392

Crossref: OSVDB #71846, OSVDB #71847, OSVDB #71848, EDB-ID #17185, EDB-ID #18145, Secunia #44172







Plugin Type: local

Source File: wireshark_1_4_5.nasl

Exploit Frameworks: Canvas (CANVAS), Metasploit (Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow), Core Impact


Core Impact


10.0.100.40

NetBIOS Name: UNKNOWN\MAC0001

IP Address: 10.0.100.40


MAC Address: 60:c5:47:10:a7:1b

DNS Name: mac0001.itsdept.com

Repository: repo




55141

Flash Player forMac < 10.3.181.26Remote MemoryCorruption(APSB11-18)

High 0 TCP MacOS X Local Security Checks Yes

Synopsis: The remote Mac OS X host has a browser plugin that is affected by a remote memory corruption vulnerability.

Description: According to its version, the instance of Flash Player installed on the remote Mac OS X host is earlier than 10.3.181.26. This version of Flash Player has a criticalvulnerability. By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage the vulnerability to execute arbitrarycode remotely on the system subject to the user's privileges.


Solution: Upgrade to Adobe Flash for Mac version 10.3.181.26 or later.


Risk Factor: High



Core Impact





Plugin Output:Installed version : 10.2.159.1Fixed version : 10.3.181.26


CVE: CVE-2011-2110

BID: 48268








Plugin Type: local

Source File: macosx_flash_player_10_3_181_26.nasl



55421

Adobe Reader< 10.1 / 9.4.5 /8.3 MultipleVulnerabilities(APSB11-16) (MacOS X)



Core Impact


Synopsis: The version of Adobe Reader on the remote Mac OS X host is affected by multiple vulnerabilities.

Description: The version of Adobe Reader installed on the remote Mac OS X host is earlier than 10.1 / 9.4.5 / 8.3. As such, it is potentially affected by the following vulnerabilities :

- Multiple buffer overflow vulnerabilities exist that could lead to code execution. (CVE-2011-2094, CVE-2011-2095, CVE-2011-2097)

- A heap overflow vulnerability exists that could lead to code execution. (CVE-2011-2096)

- Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-2098, CVE-2011-2099, CVE-2011-2103, CVE-2011-2105, CVE-2011-2106)

- Multiple memory corruption vulnerabilities exist that could cause the application to crash. (CVE-2011-2104, CVE-2011-2105)

- A DLL loading vulnerability exists that could lead to code execution. (CVE-2011-2100)

- A cross document script execution vulnerability exists that could lead to code execution. (CVE-2011-2101)

- A security bypass vulnerability exists that could lead to bypassing security restrictions. (CVE-2011-2102)

Solution: Upgrade to Adobe Reader 8.3 / 9.4.5 / 10.1 or later.

See Also: http://www.zerodayinitiative.com/advisories/ZDI-11-218http://www.zerodayinitiative.com/advisories/ZDI-11-219http://www.adobe.com/support/security/bulletins/apsb11-16.html

Risk Factor: High





Plugin Output:The following vulnerable instance of Adobe Reader is installed on theremote host :

Path : /Applications/Adobe Reader.appInstalled version : 10.0.0Fixed version : 8.3 / 9.4.5 / 10.1

CPE: cpe:/a:adobe:reader


Core Impact


CVE: CVE-2011-2094, CVE-2011-2095, CVE-2011-2096, CVE-2011-2097, CVE-2011-2098, CVE-2011-2099, CVE-2011-2100, CVE-2011-2101, CVE-2011-2102, CVE-2011-2103,CVE-2011-2104, CVE-2011-2105, CVE-2011-2106

BID: 48240, 48242, 48243, 48244, 48245, 48246, 48247, 48248, 48249, 48251, 48252, 48253, 48255

Crossref: OSVDB #73055, OSVDB #73056, OSVDB #73057, OSVDB #73058, OSVDB #73059, OSVDB #73061, OSVDB #73062, OSVDB #73063, OSVDB #73064, OSVDB#73065, OSVDB #73066, OSVDB #73067, OSVDB #73068, CERT #264729







Plugin Type: local

Source File: macosx_adobe_reader_apsb11-16.nasl



Canvas


Canvas

5 Day Trend


Canvas


Canvas Exploitable Hosts





Canvas Exploitable Vulnerability Totals by Plugin Family


Windows 5 0 1 4 0



Canvas Exploitable Vulnerability Totals by MS Bulletin


MS10-073 1 High

MS10-060 1 High

MS10-048 1 High

MS10-032 1 High

MS10-022 1 High

Canvas Exploitable Vulnerability Totals by CVE

CVE Total Severity

CVE-2011-3360 1 Medium


Canvas


CVE Total Severity


CVE-2011-2462 1 High

CVE-2011-2110 2 High

CVE-2011-1592 1 High

CVE-2011-1591 1 High

CVE-2011-1590 1 High

CVE-2010-2744 1 High

CVE-2010-2743 1 High

CVE-2010-2549 1 High

CVE-2010-1898 1 High

CVE-2010-1897 1 High

CVE-2010-1896 1 High

CVE-2010-1895 1 High

CVE-2010-1894 1 High

CVE-2010-1887 1 High

CVE-2010-1255 1 High

CVE-2010-0485 1 High

CVE-2010-0484 1 High

CVE-2010-0483 1 High

CVE-2010-0019 1 High

CVE-2009-2493 1 High

CVE-2009-1870 1 High

CVE-2009-1869 1 High

CVE-2009-1868 1 High

CVE-2009-1867 1 High

CVE-2009-1866 1 High

CVE-2009-1865 1 High

CVE-2009-1864 1 High

CVE-2009-1863 1 High

CVE-2009-1862 1 High


Canvas


CVE Total Severity

CVE-2009-0901 1 High

CVE-2007-6654 1 High

CVE-2007-5660 1 High


Canvas


10.0.0.41






Repository: repo


Canvas Exploitable Vulnerability Details:


40434

Flash Player< 9.0.246.0 /10.0.32.18 MultipleVulnerabilities(APSB09-10)


Synopsis: The remote Windows host contains a browser plugin that is affected by multiple vulnerabilities.

Description: The remote Windows host contains a version of Adobe Flash Player that is earlier than 9.0.246.0 / 10.0.32.18. Such versions are reportedly affected by multiplevulnerabilities :

- A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-1862)

- A vulnerability in the Microsoft Active Template Library (ATL) which could allow an attacker who successfully exploits the vulnerability to take control of the affected system.(CVE-2009-0901, CVE-2009-2395, CVE-2009-2493)

- A privilege escalation vulnerability that could potentially lead to code execution. (CVE-2009-1863)

- A heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1864)

- A null pointer vulnerability that could potentially lead to code execution. (CVE-2009-1865)


Canvas


- A stack overflow vulnerability that could potentially lead to code execution. (CVE-2009-1866)

- A clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. (CVE-2009-1867

- A URL parsing heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1868)

- An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-1869)

- A local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive. CVE-2009-1870)

Solution: Upgrade to version 10.0.32.18 or later. If you are unable to upgrade to version 10, upgrade to version 9.0.246.0 or later.


Risk Factor: High

STIG Severity: I





Plugin Output:Nessus has identified the following vulnerable instance of FlashPlayer installed on the remote host :

- ActiveX control (for Internet Explorer) :C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, 6.0.88.0


CVE: CVE-2009-1862, CVE-2009-0901, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869,CVE-2009-1870

BID: 35759, 35832, 35846, 35900, 35901, 35902, 35903, 35904, 35905, 35906, 35907, 35908

Crossref: OSVDB #56282, OSVDB #56696, OSVDB #56698, OSVDB #56771, OSVDB #56772, OSVDB #56773, OSVDB #56774, OSVDB #56775, OSVDB #56776, OSVDB#56777, OSVDB #56778, IAVA #2009-A-0061, IAVA #2009-A-0062, IAVA #2009-A-0063, IAVA #2009-A-0067, IAVA #2009-A-0094, IAVA #2009-A-0097, IAVA #2009-A-0127, CWE#200


Canvas








Plugin Type: local

Source File: flash_player_apsb09_10.nasl



45509

MS10-022:Vulnerability inVBScript ScriptingEngine Could AllowRemote CodeExecution (981169)


Synopsis: Arbitrary code can be executed on the remote host through the installed VBScript Scripting Engine.

Description: The installed version of the VBScript Scripting Engine allows an attacker to specify a Help file location when displaying a dialog box on a web page. If a user can betricked into pressing the F1 key while such a dialog box is being displayed, an attacker can leverage this to cause the Windows Help System to load a specially crafted Help file,resulting in execution of arbitrary code subject to the user's privileges.



Risk Factor: High

STIG Severity: II


CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C



Canvas



Plugin Output:- C:\WINDOWS\system32\Vbscript.dll has not been patchedRemote version : 5.8.6001.18702Should be : 5.8.6001.23000


CVE: CVE-2010-0483

BID: 38463

Crossref: OSVDB #62632, IAVA #2010-A-0056, MSFT #MS10-022, CWE #94







Plugin Type: local


Exploit Frameworks: Canvas (CANVAS), Metasploit (Internet Explorer Winhlp32.exe MsgBox Code Execution)


46839





Canvas



- Improper validation of changes in certain kernel objects may allow a local attacker to execute arbitrary code in kernel mode and take complete control of the affected system.(CVE-2010-0484)

- Improper validation of parameters when creating a new window may allow a local attacker to execute arbitrary code in kernel mode and take complete control of the affectedsystem. (CVE-2010-0485)

- A vulnerability that arises in the way Windows provides glyph outline information to applications may allow a local attacker to execute arbitrary code in kernel mode and takecomplete control of the affected system. (CVE-2010-1255)



Risk Factor: High

STIG Severity: II







CVE: CVE-2010-0484, CVE-2010-0485, CVE-2010-1255

BID: 40508, 40569, 40570

Crossref: OSVDB #65223, OSVDB #65224, OSVDB #65225, IAVA #2010-A-0077, MSFT #MS10-032



Canvas







Plugin Type: local




48285





- Improper valiation of an argument passed to a system call can result in a denial of service. (CVE-2010-1887)

- Certain unspecified exceptions are not properly handled which could result in arbitrary code execution in the kernel. (CVE-2010-1894)

- Memory is not properly allocated when making a copy from user mode, which could result in an elevation of privileges. (CVE-2010-1895)

- Unspecified input from user mode is not properly validated, which could result in arbitrary code execution in the kernel. (CVE-2010-1896)

- Unspecified parameters are not properly validated when creating a new window, which could result in arbitrary code execution in the kernel.(CVE-2010-1897)

Solution: Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2 :


Risk Factor: High


Canvas


STIG Severity: II







CVE: CVE-2010-1887, CVE-2010-1894, CVE-2010-1895, CVE-2010-1896, CVE-2010-1897

BID: 39630, 42206, 42210, 42245, 42250

Crossref: OSVDB #66979, OSVDB #66980, OSVDB #66981, OSVDB #66982, OSVDB #66983, IAVA #2010-A-0106, MSFT #MS10-048







Plugin Type: local




Canvas



49950



Synopsis: The Windows kernel is affected by multiple vulnerabilities that could allow escalation of privileges.

Description: The remote Windows host is running a version of the Windows kernel that is affected by the following vulnerabilities :

- A reference count leak, which could result in arbitrary code execution in the kernel.(CVE-2010-2549)

- Kernel-mode drivers load unspecified keyboard layers improperly, which could result in arbitrary code execution in the kernel. (CVE-2010-2743)

- Kernel-mode drivers do not properly validate unspecified window class data, which could result in arbitrary code execution in the kernel.(CVE-2010-2744)

Solution: Microsoft has released a set of patches for Windows 2003, XP, Vista, 2008, 7, and 2008 R2 :


See Also: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0003.html

Risk Factor: High

STIG Severity: II







Canvas



CVE: CVE-2010-2549, CVE-2010-2743, CVE-2010-2744

BID: 41280, 43773, 43774

Crossref: OSVDB #66003, OSVDB #68551, OSVDB #68552, EDB-ID #15985, IAVA #2010-A-0138, MSFT #MS10-073







Plugin Type: local




55140

Flash Player <10.3.181.26 MultipleVulnerabilities(APSB11-18)


Synopsis: A browser plugin is affected by a memory corruption vulnerability.

Description: According to its version, the instance of Flash Player installed on the remote Windows host is earlier than 10.3.181.26. This version of Flash Player has a criticalvulnerability. By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage the vulnerability to execute arbitrarycode remotely on the system subject to the user's privileges.





Canvas


Risk Factor: High







CVE: CVE-2011-2110

BID: 48268








Plugin Type: local




Canvas


10.0.0.54






Repository: repo




27599

FLEXnet ConnectUpdate ServiceActiveX ControlMultiple CodeExecutionVulnerabilities


Synopsis: The remote Windows host has an ActiveX control that allows execution of arbitrary code.

Description: Macrovision FLEXnet Connect, formerly known as InstallShield Update Service, is installed on the remote host. It is a software management solution for internally-developed and third-party applications, and may have been installed as part of the FLEXnet Connect SDK, other InstallShield software, or by running FLEXnet Connect-enabledWindows software.

The version of the FLEXnet Connect client on the remote host includes an ActiveX control -- the InstallShield Update Service Agent -- that is marked as 'safe for scripting' andcontains several methods that allow for downloading and launching arbitrary programs. If a remote attacker can trick a user on the affected host into visiting a specially crafted webpage, he may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.

Additionally, it is reportedly affected by a buffer overflow that can be triggered by passing a long argument for 'ProductCode' to the 'DownloadAndExecute()' method.

Solution: Upgrade to version 6.0.100.65101 or later of the FLEXnet Connect client.

See Also: http://www.nessus.org/u?85aedec1


Canvas


http://www.securityfocus.com/archive/1/483062/30/0/threadedhttp://archives.neohapsis.com/archives/fulldisclosure/2007-12/0553.htmlhttp://support.installshield.com/kb/view.asp?articleid=Q113602http://support.installshield.com/kb/view.asp?articleid=Q113020

Risk Factor: High




CVSS Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Plugin Output: Version 2.20.100.1166 of the vulnerable control is installed as :

C:\WINDOWS\Downloaded Program Files\isusweb.dll

Moreover, its 'kill' bit is not set so it is accessible via InternetExplorer.

CVE: CVE-2007-5660, CVE-2007-6654

BID: 26280, 27013

Crossref: OSVDB #38347, OSVDB #39980, CWE #119






Plugin Type: local

Source File: flexnet_connect_isusweb_activex.nasl

Exploit Frameworks: Canvas (CANVAS), Metasploit (Macrovision InstallShield Update Service Buffer Overflow)


Canvas



48297

MS10-060:Vulnerabilities inthe Microsoft .NETCommon LanguageRuntime and inMicrosoft SilverlightCould Allow RemoteCode Execution(2265906)


Synopsis: The Microsoft .NET Common Language Runtime and/or Microsoft Silverlight have multiple vulnerabilities.

Description: The remote Windows host is running a version of the Microsoft .NET Framework and/or Microsoft Silverlight affected by multiple vulnerabilities :

- Silverlight improperly handles pointers in an unspecified manner. A remote attacker could exploit this by tricking a user into viewing a web page with maliciously crafted Silverlightcontent. (CVE-2010-0019)

- An unspecified vulnerability in the .NET framework can allow a specially crafted .NET or Silverlight application to access memory, resulting in arbitrary unmanaged code execution.(CVE-2010-1898)

Solution: Microsoft has released a set of patches for .NET Framework 2.0, 3.5, and Silverlight :


Risk Factor: High

STIG Severity: II





Plugin Output:

Product : Microsoft SilverlightPath : c:\Program Files\Microsoft Silverlight\3.0.40624.0Installed version : 3.0.40624.0Fix : 3.0.50611.0


Canvas


CPE: cpe:/a:microsoft:silverlightcpe:/o:microsoft:windows

CVE: CVE-2010-0019, CVE-2010-1898

BID: 42138, 42295

Crossref: OSVDB #66992, OSVDB #66993, IAVA #2010-A-0109, MSFT #MS10-060







Plugin Type: local











Canvas



Risk Factor: High






Path : C:\Program Files\WiresharkInstalled version : 1.4.4Fixed version : 1.2.16 / 1.4.5


CVE: CVE-2011-1590, CVE-2011-1591, CVE-2011-1592

BID: 47392








Canvas



Plugin Type: local




56163Wireshark 1.4.x< 1.4.9 MultipleVulnerabilities

Medium 445 TCP Windows Yes


Description: The installed version of Wireshark is 1.4.x before 1.4.9. This version is affected by the following vulnerabilities :

- An error exists in IKE dissector that can allow denial of service attacks when processing certain malformed packets. (CVE-2011-3266)

- A buffer exception handling vulnerability exists that can allow denial of service attacks when processing certain malformed packets. (Issue #6135)

- It may be possible to make Wireshark execute Lua scripts using a method similar to DLL hijacking. (Issue #6136)

Solution: Upgrade to Wireshark version 1.4.9 or later.

See Also: http://www.wireshark.org/security/wnpa-sec-2011-13.htmlhttp://www.wireshark.org/security/wnpa-sec-2011-14.htmlhttp://www.wireshark.org/security/wnpa-sec-2011-15.htmlhttp://www.wireshark.org/docs/relnotes/wireshark-1.4.9.html

Risk Factor: Medium


CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P


Path : C:\Program Files\WiresharkInstalled version : 1.4.4Fixed version : 1.4.9


Canvas



CVE: CVE-2011-3266, CVE-2011-3360

BID: 49377, 49521, 49528

Crossref: OSVDB #74732, OSVDB #75347







Plugin Type: local


Exploit Frameworks: Canvas (D2ExploitPack), Metasploit (windows/misc/wireshark_lua.rb)


Canvas


10.0.100.40


IP Address: 10.0.100.40




Repository: repo




55141

Flash Player forMac < 10.3.181.26Remote MemoryCorruption(APSB11-18)


Synopsis: The remote Mac OS X host has a browser plugin that is affected by a remote memory corruption vulnerability.

Description: According to its version, the instance of Flash Player installed on the remote Mac OS X host is earlier than 10.3.181.26. This version of Flash Player has a criticalvulnerability. By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage the vulnerability to execute arbitrarycode remotely on the system subject to the user's privileges.




Risk Factor: High



Canvas







CVE: CVE-2011-2110

BID: 48268








Plugin Type: local




57044

Adobe Reader <=10.1.1 / 9.4.6 U3DMemory Corruption(APSA11-04) (MacOS X)


Synopsis: The version of Adobe Reader on the remote Mac OS X host is affected by a memory corruption vulnerability.


Canvas


Description: The version of Adobe Reader installed on the remote Mac OS X host is earlier or equal to 10.1.1 / 9.4.6 and is affected by a memory corruption vulnerability related tothe 'Universal 3D' (U3D) file format.

A remote attacker could exploit this by tricking a user into viewing a maliciously crafted PDF file, causing application crashes and potentially resulting in arbitrary code execution.

Note that the Adobe Reader X user-specific option to use 'Protected Mode' prevents an exploit of this kind from executing and that Nessus cannot test for this configuration option.

Solution: At the time of this writing there is no vendor supplied patch. If the installed product is Reader X, then the user-specific option to use 'Protected Mode' should be enabled.

See Also: http://www.adobe.com/support/security/bulletins/apsa11-04.html

Risk Factor: High

STIG Severity: I





Plugin Output:Path : /Applications/Adobe Reader.appInstalled version : 10.0.0Fixed version : A workaround is available.


CVE: CVE-2011-2462

BID: 50922

Crossref: OSVDB #77529, IAVA #2011-A-0174, IAVA #2012-A-0008





Canvas




Plugin Type: local

Source File: macosx_adobe_reader_apsa11-04.nasl

Exploit Frameworks: Canvas (CANVAS), Metasploit (Adobe Reader U3D Memory Corruption Vulnerability)


Metasploit


Metasploit

5 Day Trend


Metasploit


Metasploit Exploitable Hosts





Metasploit Exploitable Vulnerability Totals by Plugin Family


Windows 7 0 1 6 0



Metasploit Exploitable Vulnerability Totals by MS Bulletin


MS12-027 1 High

MS10-022 1 High

Metasploit Exploitable Vulnerability Totals by CVE

CVE Total Severity

CVE-2012-0767 2 High

CVE-2012-0756 2 High

CVE-2012-0755 2 High

CVE-2012-0754 2 High


Metasploit


CVE Total Severity

CVE-2012-0753 2 High

CVE-2012-0752 2 High

CVE-2012-0751 1 High

CVE-2012-0158 1 High



CVE-2011-2462 1 High

CVE-2011-2442 1 High

CVE-2011-2441 1 High

CVE-2011-2440 1 High

CVE-2011-2439 1 High

CVE-2011-2438 1 High

CVE-2011-2437 1 High

CVE-2011-2436 1 High

CVE-2011-2435 1 High

CVE-2011-2434 1 High

CVE-2011-2433 1 High

CVE-2011-2432 1 High

CVE-2011-2431 1 High

CVE-2011-2425 3 High

CVE-2011-2424 3 High

CVE-2011-2417 3 High

CVE-2011-2416 3 High

CVE-2011-2415 3 High

CVE-2011-2414 3 High

CVE-2011-2140 3 High

CVE-2011-2139 3 High

CVE-2011-2138 3 High

CVE-2011-2137 3 High

CVE-2011-2136 3 High


Metasploit


CVE Total Severity

CVE-2011-2135 3 High

CVE-2011-2134 3 High

CVE-2011-2130 3 High

CVE-2011-1592 1 High

CVE-2011-1591 1 High

CVE-2011-1590 1 High

CVE-2011-0611 1 High

CVE-2011-0609 1 High

CVE-2010-0483 1 High

CVE-2007-6654 1 High

CVE-2007-5660 1 High


Metasploit


10.0.0.41






Repository: repo


Metasploit Exploitable Vulnerability Details:


45509

MS10-022:Vulnerability inVBScript ScriptingEngine Could AllowRemote CodeExecution (981169)


Synopsis: Arbitrary code can be executed on the remote host through the installed VBScript Scripting Engine.

Description: The installed version of the VBScript Scripting Engine allows an attacker to specify a Help file location when displaying a dialog box on a web page. If a user can betricked into pressing the F1 key while such a dialog box is being displayed, an attacker can leverage this to cause the Windows Help System to load a specially crafted Help file,resulting in execution of arbitrary code subject to the user's privileges.



Risk Factor: High

STIG Severity: II



Metasploit


CVSS Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C



Plugin Output:- C:\WINDOWS\system32\Vbscript.dll has not been patchedRemote version : 5.8.6001.18702Should be : 5.8.6001.23000


CVE: CVE-2010-0483

BID: 38463

Crossref: OSVDB #62632, IAVA #2010-A-0056, MSFT #MS10-022, CWE #94







Plugin Type: local


Exploit Frameworks: Canvas (CANVAS), Metasploit (Internet Explorer Winhlp32.exe MsgBox Code Execution)


52673Flash Player< 10.2.153.1Unspecified



Metasploit


Memory Corruption(APSB11-05)

Synopsis: The remote Windows host contains a browser plug-in that is affected by a memory corruption vulnerability.

Description: The remote Windows host contains a version of Adobe Flash Player earlier than 10.2.153.1. Such versions are affected by an unspecified memory corruptionvulnerability.

A remote attacker could exploit this by tricking a user into viewing maliciously crafted SWF content, resulting in arbitrary code execution.

This bug is currently being exploited in the wild.

Solution: Upgrade to Flash Player 10.2.153.1 or later.

See Also: http://www.nessus.org/u?82775d9ehttp://www.adobe.com/support/security/advisories/apsa11-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-05.html

Risk Factor: High

STIG Severity: II







CVE: CVE-2011-0609

BID: 46860

Crossref: OSVDB #71254, CERT #192052, EDB-ID #17027, IAVA #2011-A-0035, IAVA #2011-A-0036, Secunia #43751, Secunia #43757


Metasploit








Plugin Type: local

Source File: flash_player_apsa11-01.nasl

Exploit Frameworks: Metasploit (Adobe Flash Player AVM Bytecode Verification), Core Impact


53472

Flash Player< 10.2.159.1ActionScriptPredefinedClass PrototypeAddition RemoteCode Execution(APSB11-07)


Synopsis: The remote Windows host contains a browser plug-in that allows arbitrary code execution.

Description: The remote Windows host contains a version of Adobe Flash Player earlier than 10.2.159.1. Such versions are reportedly affected by a memory corruption vulnerability.

By tricking a user on the affected system into opening a specially crafted document with Flash content, such as a SWF file embedded in a Microsoft Word document, an attacker canpotentially leverage this issue to execute arbitrary code remotely on the system subject to the user's privileges.

Note that there are reports that this issue is being exploited in the wild as of April 2011.

Solution: Upgrade to Adobe Flash Player 10.2.159.1 or later.

See Also: http://www.nessus.org/u?9ee82b34http://www.adobe.com/support/security/bulletins/apsb11-07.html

Risk Factor: High

STIG Severity: II


Metasploit








CVE: CVE-2011-0611

BID: 47314

Crossref: OSVDB #71686, CERT #230057, IAVA #2011-A-0053, Secunia #44119







Plugin Type: local


Exploit Frameworks: Metasploit (windows/browser/adobe_flashplayer_flash10o.rb), Core Impact


Metasploit



55803

Flash Player <=10.3.181.36 MultipleVulnerabilities(APSB11-21)


Synopsis: A browser plugin is affected by multiple vulnerabilities.

Description: According to its version, the instance of Flash Player installed on the remote Windows host is 10.3.181.36 or earlier. As such, it is reportedly affected by several criticalvulnerabilities :

- Multiple buffer overflow vulnerabilities could lead to code execution. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, CVE-2011-2415)

- Multiple memory corruption vulnerabilities could lead to code execution. (CVE-2011-2135, CVE-2011-2140, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425)

- Multiple integer overflow vulnerabilities could lead to code execution. (CVE-2011-2136, CVE-2011-2138, CVE-2011-2416)

- A cross-site information disclosure vulnerability exists that could lead to code execution. (CVE-2011-2139)

By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage these vulnerabilities to execute arbitrary coderemotely on the system subject to the user's privileges.


See Also: http://www.nessus.org/u?18dbdb20http://www.nessus.org/u?0651458ahttp://www.nessus.org/u?46d1fce8http://www.zerodayinitiative.com/advisories/ZDI-11-253/http://www.adobe.com/support/security/bulletins/apsb11-21.html

Risk Factor: High

STIG Severity: II





Metasploit



CVE: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415,CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425

BID: 49073, 49074, 49075, 49076, 49077, 49079, 49080, 49081, 49082, 49083, 49084, 49085, 49086, 49186

Crossref: OSVDB #74432, OSVDB #74433, OSVDB #74434, OSVDB #74435, OSVDB #74436, OSVDB #74437, OSVDB #74438, OSVDB #74439, OSVDB #74440, OSVDB#74441, OSVDB #74442, OSVDB #74443, OSVDB #74444, OSVDB #75201, EDB-ID #18437, EDB-ID #18479, IAVA #2011-A-0110







Plugin Type: local


Exploit Frameworks: Metasploit (windows/browser/adobe_flash_sps.rb)


58001

Flash Player <=10.3.183.14 /11.1.102.55 MultipleVulnerabilities(APSB12-03)


Synopsis: The remote Windows host has a browser plugin that is affected by multiple vulnerabilities.

Description: According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.14 or 11.x equal to or earlier than11.1.102.55. It is, therefore, reportedly affected by several critical vulnerabilities :

- Multiple unspecified memory corruption issues exist that could lead to code execution. (CVE-2012-0751, CVE-2012-0754)

- An unspecified type confusion memory corruption vulnerability exists that could lead to code execution.(CVE-2012-0752)


Metasploit


- An MP4 parsing memory corruption issue exists that could lead to code execution. (CVE-2012-0753)

- Multiple unspecified security bypass vulnerabilities exist that could lead to code execution. (CVE-2012-0755, CVE-2012-0756)

- A universal cross-site scripting issue exists that could be used to take actions on a user's behalf on any website or webmail provider. (CVE-2012-0767)

Solution: Upgrade to Adobe Flash version 10.3.183.15 / 11.1.102.62 or later.

See Also: http://www.nessus.org/u?2bd088e6http://zerodayinitiative.com/advisories/ZDI-12-047/http://www.adobe.com/support/security/bulletins/apsb12-03.html

Risk Factor: High

STIG Severity: I



Plugin Output:Product : ActiveX control (for Internet Explorer)Path : C:\WINDOWS\system32\Macromed\Flash\Flash6.ocxInstalled version : 6.0.88.0Fixed version : 10.3.183.15 / 11.1.102.62


CVE: CVE-2012-0751, CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767

BID: 52032, 52033, 52034, 52035, 52036, 52037, 52040

Crossref: EDB-ID #18572, IAVA #2012-A-0029, OSVDB #79296, OSVDB #79297, OSVDB #79298, OSVDB #79299, OSVDB #79300, OSVDB #79301, OSVDB #79302







Metasploit



Plugin Type: local


Exploit Frameworks: Metasploit (windows/browser/adobe_flash_mp4_cprt.rb)


Metasploit


10.0.0.54






Repository: repo




27599

FLEXnet ConnectUpdate ServiceActiveX ControlMultiple CodeExecutionVulnerabilities


Synopsis: The remote Windows host has an ActiveX control that allows execution of arbitrary code.

Description: Macrovision FLEXnet Connect, formerly known as InstallShield Update Service, is installed on the remote host. It is a software management solution for internally-developed and third-party applications, and may have been installed as part of the FLEXnet Connect SDK, other InstallShield software, or by running FLEXnet Connect-enabledWindows software.

The version of the FLEXnet Connect client on the remote host includes an ActiveX control -- the InstallShield Update Service Agent -- that is marked as 'safe for scripting' andcontains several methods that allow for downloading and launching arbitrary programs. If a remote attacker can trick a user on the affected host into visiting a specially crafted webpage, he may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.

Additionally, it is reportedly affected by a buffer overflow that can be triggered by passing a long argument for 'ProductCode' to the 'DownloadAndExecute()' method.

Solution: Upgrade to version 6.0.100.65101 or later of the FLEXnet Connect client.

See Also: http://www.nessus.org/u?85aedec1


Metasploit


http://www.securityfocus.com/archive/1/483062/30/0/threadedhttp://archives.neohapsis.com/archives/fulldisclosure/2007-12/0553.htmlhttp://support.installshield.com/kb/view.asp?articleid=Q113602http://support.installshield.com/kb/view.asp?articleid=Q113020

Risk Factor: High




CVSS Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Plugin Output: Version 2.20.100.1166 of the vulnerable control is installed as :

C:\WINDOWS\Downloaded Program Files\isusweb.dll

Moreover, its 'kill' bit is not set so it is accessible via InternetExplorer.

CVE: CVE-2007-5660, CVE-2007-6654

BID: 26280, 27013

Crossref: OSVDB #38347, OSVDB #39980, CWE #119






Plugin Type: local

Source File: flexnet_connect_isusweb_activex.nasl

Exploit Frameworks: Canvas (CANVAS), Metasploit (Macrovision InstallShield Update Service Buffer Overflow)


Metasploit










Risk Factor: High






Path : C:\Program Files\WiresharkInstalled version : 1.4.4Fixed version : 1.2.16 / 1.4.5


Metasploit



CVE: CVE-2011-1590, CVE-2011-1591, CVE-2011-1592

BID: 47392








Plugin Type: local




56163Wireshark 1.4.x< 1.4.9 MultipleVulnerabilities

Medium 445 TCP Windows Yes


Description: The installed version of Wireshark is 1.4.x before 1.4.9. This version is affected by the following vulnerabilities :

- An error exists in IKE dissector that can allow denial of service attacks when processing certain malformed packets. (CVE-2011-3266)

- A buffer exception handling vulnerability exists that can allow denial of service attacks when processing certain malformed packets. (Issue #6135)

- It may be possible to make Wireshark execute Lua scripts using a method similar to DLL hijacking. (Issue #6136)

Solution: Upgrade to Wireshark version 1.4.9 or later.

See Also: http://www.wireshark.org/security/wnpa-sec-2011-13.htmlhttp://www.wireshark.org/security/wnpa-sec-2011-14.html


Metasploit


http://www.wireshark.org/security/wnpa-sec-2011-15.htmlhttp://www.wireshark.org/docs/relnotes/wireshark-1.4.9.html

Risk Factor: Medium


CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P


Path : C:\Program Files\WiresharkInstalled version : 1.4.4Fixed version : 1.4.9


CVE: CVE-2011-3266, CVE-2011-3360

BID: 49377, 49521, 49528

Crossref: OSVDB #74732, OSVDB #75347







Plugin Type: local


Exploit Frameworks: Canvas (D2ExploitPack), Metasploit (windows/misc/wireshark_lua.rb)


Metasploit



58659

MS12-027:Vulnerability inWindows CommonControls CouldAllow Remote CodeExecution (2664258)


Synopsis: The remote Windows host has a code execution vulnerability.

Description: There is an unspecified remote code execution vulnerability in Windows common controls, which is included in several Microsoft products. An attacker could exploit thisby tricking a user into viewing a maliciously crafted web page, resulting in arbitrary code execution.

Solution: Microsoft has released a set of patches for Office 2003, 2007 and 2010, Office 2003 Web Components, SQL Server 2005 and 2008, BizTalk Server 2002, Visual FoxPro8.0 and 9.0, and Visual Basic 6.0 Runtime :


If this control has been included with a third-party application, contact the third-party vendor for a fix.

Risk Factor: High

STIG Severity: II





Plugin Output:The following vulnerable controls do not have the kill bit set :

Class identifier : {bdd1f04b-858b-11d1-b16a-00c0f0283628}Filename : C:\WINDOWS\system32\MSCOMCTL.OCXInstalled version : 6.1.95.45

Class identifier : {C74190B6-8589-11d1-B16A-00C0F0283628}Filename : C:\WINDOWS\system32\MSCOMCTL.OCXInstalled version : 6.1.95.45

Nessus was unable to determine which Microsoft applications are using


Metasploit


these controls. It is possible they were installed by a third-party application.Refer to the Microsoft advisory for more information.


CVE: CVE-2012-0158

BID: 52911

Crossref: OSVDB #81125, EDB-ID #18780, IAVA #2012-A-0059, MSFT #MS12-027







Plugin Type: local


Exploit Frameworks: Metasploit (MS12-027 MSCOMCTL ActiveX Buffer Overflow)


Metasploit


10.0.100.40


IP Address: 10.0.100.40




Repository: repo




55804

Flash Playerfor Mac <=10.3.181.36 MultipleVulnerabilities(APSB11-21)


Synopsis: The remote Mac OS X host has a browser plugin that is affected by multiple vulnerabilities.

Description: According to its version, the instance of Flash Player installed on the remote Mac OS X host is 10.3.181.36 or earlier. As such, it is reportedly affected by several criticalvulnerabilities :

- Multiple buffer overflow vulnerabilities could lead to code execution. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, CVE-2011-2415)

- Multiple memory corruption vulnerabilities could lead to code execution. (CVE-2011-2135, CVE-2011-2140, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425)

- Multiple integer overflow vulnerabilities could lead to code execution. (CVE-2011-2136, CVE-2011-2138, CVE-2011-2416)

- A cross-site information disclosure vulnerability exists that could lead to code execution. (CVE-2011-2139)

By tricking a user on the affected system into opening a specially crafted document with Flash content, an attacker could leverage these vulnerabilities to execute arbitrary coderemotely on the system subject to the user's privileges.


Metasploit




Risk Factor: High

STIG Severity: II





CVE: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415,CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425

BID: 49073, 49074, 49075, 49076, 49077, 49079, 49080, 49081, 49082, 49083, 49084, 49085, 49086, 49186

Crossref: OSVDB #74432, OSVDB #74433, OSVDB #74434, OSVDB #74435, OSVDB #74436, OSVDB #74437, OSVDB #74438, OSVDB #74439, OSVDB #74440, OSVDB#74441, OSVDB #74442, OSVDB #74443, OSVDB #74444, OSVDB #75201, IAVA #2011-A-0110







Plugin Type: local




Metasploit



56199

Adobe Reader< 10.1.1 / 9.4.6 /8.3.1 MultipleVulnerabilities(APSB11-21,APSB11-24) (MacOS X)


Synopsis: The version of Adobe Reader on the remote Mac OS X host is affected by multiple vulnerabilities.

Description: The version of Adobe Reader installed on the remote Mac OS X host is earlier than 10.1.1 / 9.4.6 / 8.3.1. It is therefore potentially affected by the followingvulnerabilities :

- An unspecified error exists that can allow an attacker to bypass security leading to code execution. (CVE-2011-2431)

- Several errors exist that allow buffer overflows leading to code execution. (CVE-2011-2432, CVE-2011-2435)

- Several errors exist that allow heap overflows leading to code execution. (CVE-2011-2433, CVE-2011-2434, CVE-2011-2436, CVE-2011-2437)

- Several errors exist that allow stack overflows leading to code execution. (CVE-2011-2438)

- An error exists that can allow memory leaks leading to code execution. (CVE-2011-2439)

- A use-after-free error exists that can allow code exection. (CVE-2011-2440)

- Several errors exist in the 'CoolType.dll' library that can allow stack overflows leading to code execution.(CVE-2011-2441)

- A logic error exists that can lead to code execution.(CVE-2011-2442)

- Multiple issues exist as noted in APSB11-21, a security update for Adobe Flash Player. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137,CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2425, CVE-2011-2424)

Solution: Upgrade to Adobe Reader 10.1.1 / 9.4.6 / 8.3.1 or later.

See Also: http://www.adobe.com/support/security/bulletins/apsb11-21.htmlhttp://www.adobe.com/support/security/bulletins/apsb11-24.html

Risk Factor: High

STIG Severity: I


Metasploit




Plugin Output:Path : /Applications/Adobe Reader.appInstalled version : 10.0.0Fixed version : 10.1.1 / 9.4.6 / 8.3.1


CVE: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415,CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436,CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442

BID: 49073, 49074, 49075, 49076, 49077, 49079, 49080, 49081, 49082, 49083, 49084, 49085, 49086, 49186, 49572, 49575, 49576, 49577, 49578, 49579, 49580, 49581, 49582,49583, 49584, 49585

Crossref: OSVDB #74432, OSVDB #74433, OSVDB #74434, OSVDB #74435, OSVDB #74436, OSVDB #74437, OSVDB #74438, OSVDB #74439, OSVDB #74440, OSVDB#74441, OSVDB #74442, OSVDB #74443, OSVDB #74444, OSVDB #75201, OSVDB #75430, OSVDB #75431, OSVDB #75432, OSVDB #75433, OSVDB #75434, OSVDB#75435, OSVDB #75436, OSVDB #75437, OSVDB #75438, OSVDB #75439, OSVDB #75440, OSVDB #75441, IAVA #2011-A-0110, IAVA #2011-A-0127







Plugin Type: local

Source File: macosx_adobe_reader_apsb11-24.nasl



57044Adobe Reader <=10.1.1 / 9.4.6 U3D



Metasploit


Memory Corruption(APSA11-04) (MacOS X)

Synopsis: The version of Adobe Reader on the remote Mac OS X host is affected by a memory corruption vulnerability.

Description: The version of Adobe Reader installed on the remote Mac OS X host is earlier or equal to 10.1.1 / 9.4.6 and is affected by a memory corruption vulnerability related tothe 'Universal 3D' (U3D) file format.

A remote attacker could exploit this by tricking a user into viewing a maliciously crafted PDF file, causing application crashes and potentially resulting in arbitrary code execution.

Note that the Adobe Reader X user-specific option to use 'Protected Mode' prevents an exploit of this kind from executing and that Nessus cannot test for this configuration option.

Solution: At the time of this writing there is no vendor supplied patch. If the installed product is Reader X, then the user-specific option to use 'Protected Mode' should be enabled.

See Also: http://www.adobe.com/support/security/bulletins/apsa11-04.html

Risk Factor: High

STIG Severity: I





Plugin Output:Path : /Applications/Adobe Reader.appInstalled version : 10.0.0Fixed version : A workaround is available.


CVE: CVE-2011-2462

BID: 50922

Crossref: OSVDB #77529, IAVA #2011-A-0174, IAVA #2012-A-0008



Metasploit






Plugin Type: local

Source File: macosx_adobe_reader_apsa11-04.nasl

Exploit Frameworks: Canvas (CANVAS), Metasploit (Adobe Reader U3D Memory Corruption Vulnerability)


58002

Flash Player for Mac<= 10.3.183.14 /11.1.102.62 MultipleVulnerabilities(APSB12-03)


Synopsis: The remote Mac OS X host has a browser plugin that is affected by multiple vulnerabilities.

Description: According to its version, the instance of Flash Player installed on the remote Mac OS X host is 10.x equal to or earlier than 10.3.183.14 or 11.x equal to or earlier than11.1.102.62. It is, therefore, reportedly affected by several critical vulnerabilities :

- An unspecified memory corruption issue exists that could lead to code execution. (CVE-2012-0754)

- An unspecified type confusion memory corruption vulnerability exists that could lead to code execution.(CVE-2012-0752)

- An MP4 parsing memory corruption issue exists that could lead to code execution. (CVE-2012-0753)

- Multiple unspecified security bypass vulnerabilities exist that could lead to code execution. (CVE-2012-0755, CVE-2012-0756)

- A universal cross-site scripting issue exists that could be used to take actions on a user's behalf on any website or webmail provider. (CVE-2012-0767)

Solution: Upgrade to Adobe Flash version 10.3.183.15 / 11.1.102.62 or later.


Risk Factor: High

STIG Severity: I


Metasploit






CVE: CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756, CVE-2012-0767

BID: 52032, 52033, 52034, 52035, 52036, 52040

Crossref: IAVA #2012-A-0029, OSVDB #79296, OSVDB #79297, OSVDB #79298, OSVDB #79299, OSVDB #79300, OSVDB #79301, OSVDB #79302







Plugin Type: local


Exploit Frameworks: Metasploit (windows/browser/adobe_flash_mp4_cprt.rb)

Exploit Frameworks TENABLE NETWORK SECURITY,...

Documents

Transcript of Exploit Frameworks TENABLE NETWORK SECURITY,...