This is a rough analysis of Macromedia / Adobe Flash CVEs, categorizing the types of vulnerabilities with the goal of providing practical guidance to developers of how to think about potential vulnerabilities in new code.
802 memory safety
42 other code execution
58 XSS, CORS, CLRF
61 parsing / validation
13 clickjacking
91 bypass sandbox
105 other
116 buffer.overflow 17 out-of-bounds read 0 out of bounds memory read 3 reads data that is past the end of the target buffer 2 out-of-bounds write 262 use.after.free 5 double.free 1 invalid pointer dereference 8 null pointer dereference 0 segmentation fault 3 improper memory access 35 integer.overflow 9 heap.overflow 4 bounds checking 337 memory corruption 0 heap corruption
1 insecure library loading 41 arbitrary code
46 xss 0 cross?domain 3 CORS 9 CSRF
1 not properly select a random memory address 1 insecure permissions for memory 1 vulnerability in the random number generator used for constant blinding 3 DNS rebinding 1 unintended reset 1 writable by other users 2 validat 3 malformed header overflow 49 type confusion 1 object confusion 1 does not verify a member element's size 0 wide characters 1 untrusted input 1 xml script 1 interpret jar: URLs 1 CRLF injection 1 modify HTTP headers
2 FSCommand 88 bypass 1 local sandbox vulnerability
4 trick a user 4 clickjacking 1 browse dialog box 2 address bar 1 certain screen position 1 user confusion
1 vulnerabilities in web browsers 6 crash 4 denial of service 4 untrusted search path 1 component with a known vulnerability 1 privilege escalation 62 unspecified vulnerability 11 unspecified vectors 1 unspecified impact and attack vectors 1 leveraging incorrect permissions 1 leveraging an ""address leak.""" 1 via a crafted web site 1 user-assisted attackers 1 System.setClipboard 1 browser keystrokes
The list of "Common Vulnerabilities and Exposures" from https://cve.mitre.org/data/downloads/index.html
wget https://cve.mitre.org/data/downloads/allitems.csv
Original file info:
file -I allitems.csv
allitems.csv: text/x-Algol68; charset=iso-8859-1
To make the csv file usable, remove the version text from the top of it...
head -2 allitems.csv | csvcut -c 1 > cve-version-info.txt
and change to utf-8 encoding...
iconv -f iso-8859-1 -t utf-8 < allitems.csv > cve-utf8.csv
mv cve-utf8.csv allitems.csv
Disambiguate other products with Flash in the name and remove CVEs for other products that happen to mention Flash.
grep --color=none Flash allitems.csv \
| grep -v "flash drives" | grep -v FlashPix | grep -v IBM \
| grep -v 'BB FlashBack' | grep -v 'FlashFXP' | grep -v 'Flash FTP' \
| grep -v 'FFmpeg' | grep -v 'AFCommerce' | grep -v 'FlashChat' \
| grep -v 'ColdFusion' | grep -v 'Joomla' | grep -v 'PHP remote file inclusion' \
| grep -v 'SPI Flash' | grep -v 'SQL injection' | grep -v 'FlashUpload' \
| grep -v 'ciscoFlashMIB' | grep -v 'SiteKey' | grep -v 'Flash Chat' \
| grep -v 'Swfdec' | grep -v 'Flashlight' | grep -v Selfshot \
| grep -v 'MediaWiki' | grep -v 'Server' | grep -v 'phpinfo.php' \
| grep -v SeaMonkey | grep -v 'FlashAir Configuration' | grep -v Subsonic \
| grep -v Asternic | grep -v Flashing | grep -v WordPress \
| grep -v VMware | grep -v FlashAir | grep -v 'Adobe Reader' \
| grep -v Omron | grep -v Cisco | grep -v 'Timbuktu Pro' \
| grep -v 'Windows Media Player' > flash.csv
cat flash.csv | wc -l
# 1172
grep --color=none Chrome allitems.csv > chrome.csv
cat chrome.csv | wc -l
# 2033
grep 'Internet Explorer' allitems.csv > ie.csv
cat ie.csv | wc -l
# 1999
grep --color=none Firefox allitems.csv > firefox.csv
cat firefox.csv | wc -l
# 2442
Text analysis of CVE descriptions, like:
798 arbitrary code (grep "execute arbitrary code" flash.csv | wc -l
)
unique terms in terms.txt
used by script sort.sh