Skip to content

ultrasaurus/flash-cve-analysis

Repository files navigation

Flash CVE - analysis

This is a rough analysis of Macromedia / Adobe Flash CVEs, categorizing the types of vulnerabilities with the goal of providing practical guidance to developers of how to think about potential vulnerabilities in new code.

Vulnerability Classification

pie chart showing memory safety as almost 70% of vulnerabilities

802	memory safety
42	other code execution
58	XSS, CORS, CLRF
61	parsing / validation
13	clickjacking
91	bypass sandbox
105	other

memory safety (802)

116 buffer.overflow 17 out-of-bounds read 0 out of bounds memory read 3 reads data that is past the end of the target buffer 2 out-of-bounds write 262 use.after.free 5 double.free 1 invalid pointer dereference 8 null pointer dereference 0 segmentation fault 3 improper memory access 35 integer.overflow 9 heap.overflow 4 bounds checking 337 memory corruption 0 heap corruption

other code execution (42)

1 insecure library loading 41 arbitrary code

XSS, CORS, CLRF (58)

46 xss 0 cross?domain 3 CORS 9 CSRF

parsing / validation (61)

1 not properly select a random memory address 1 insecure permissions for memory 1 vulnerability in the random number generator used for constant blinding 3 DNS rebinding 1 unintended reset 1 writable by other users 2 validat 3 malformed header overflow 49 type confusion 1 object confusion 1 does not verify a member element's size 0 wide characters 1 untrusted input 1 xml script 1 interpret jar: URLs 1 CRLF injection 1 modify HTTP headers

bypass sandbox (91)

2 FSCommand 88 bypass 1 local sandbox vulnerability

clickjacking (13)

4 trick a user 4 clickjacking 1 browse dialog box 2 address bar 1 certain screen position 1 user confusion

other (105)

1 vulnerabilities in web browsers 6 crash 4 denial of service 4 untrusted search path 1 component with a known vulnerability 1 privilege escalation 62 unspecified vulnerability 11 unspecified vectors 1 unspecified impact and attack vectors 1 leveraging incorrect permissions 1 leveraging an ""address leak.""" 1 via a crafted web site 1 user-assisted attackers 1 System.setClipboard 1 browser keystrokes

Data Source

The list of "Common Vulnerabilities and Exposures" from https://cve.mitre.org/data/downloads/index.html

wget https://cve.mitre.org/data/downloads/allitems.csv

Original file info:

file -I  allitems.csv 
allitems.csv: text/x-Algol68; charset=iso-8859-1

To make the csv file usable, remove the version text from the top of it...

head -2 allitems.csv | csvcut -c 1 > cve-version-info.txt

and change to utf-8 encoding...

iconv -f iso-8859-1 -t utf-8 < allitems.csv > cve-utf8.csv
mv cve-utf8.csv allitems.csv

Count Flash Player vulnerabilities

Disambiguate other products with Flash in the name and remove CVEs for other products that happen to mention Flash.

grep --color=none Flash allitems.csv    \
  | grep -v "flash drives" | grep -v FlashPix | grep -v IBM \
  | grep -v 'BB FlashBack' | grep -v 'FlashFXP' | grep -v 'Flash FTP' \
  | grep -v 'FFmpeg' | grep -v 'AFCommerce' | grep -v 'FlashChat' \
  | grep -v 'ColdFusion' | grep -v 'Joomla' | grep -v 'PHP remote file inclusion' \
  | grep -v 'SPI Flash' | grep -v 'SQL injection' | grep -v 'FlashUpload' \
  | grep -v 'ciscoFlashMIB' | grep -v 'SiteKey' | grep -v 'Flash Chat' \
  | grep -v 'Swfdec' | grep -v 'Flashlight' | grep -v Selfshot \
  | grep -v 'MediaWiki' | grep -v 'Server' | grep -v 'phpinfo.php' \
  | grep -v SeaMonkey | grep -v 'FlashAir Configuration' | grep -v Subsonic \
  | grep -v Asternic | grep -v Flashing | grep -v WordPress \
  | grep -v VMware | grep -v FlashAir | grep -v 'Adobe Reader' \
  | grep -v Omron | grep -v Cisco | grep -v 'Timbuktu Pro' \
  | grep -v 'Windows Media Player' > flash.csv

cat flash.csv | wc -l
# 1172

Browser vulnerabilities

grep --color=none Chrome allitems.csv > chrome.csv
cat chrome.csv | wc -l
# 2033
grep 'Internet Explorer' allitems.csv > ie.csv
cat ie.csv | wc -l
# 1999
grep --color=none Firefox allitems.csv > firefox.csv
cat firefox.csv | wc -l
# 2442

Script to categorize Flash Player CVEs

Text analysis of CVE descriptions, like:

798 arbitrary code (grep "execute arbitrary code" flash.csv | wc -l)

unique terms in terms.txt used by script sort.sh

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages