Think you have a false positive on this rule?

Sid 1-33982

Message

EXPLOIT-KIT Nuclear exploit kit landing page detected

Summary

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

Impact

CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2010-0188:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2012-0507:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2012-1723:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2013-0074:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2013-2465:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2013-2471:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2013-2551:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2013-2883:

CVSS base score 7.5

CVSS impact score 6.4

CVSS exploitability score 10.0

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

CVE-2013-7331:

CVSS base score 5.8

CVSS impact score 4.9

CVSS exploitability score 8.6

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

CVE-2014-0515:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2014-0556:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2014-8439:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2015-0311:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2015-0336:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-0188: Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2012-0507: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

CVE-2012-1723: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVE-2013-0074: Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."

CVE-2013-2465: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

CVE-2013-2471: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."

CVE-2013-2551: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.

CVE-2013-2883: Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object.

CVE-2013-7331: The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

CVE-2014-0515: Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

CVE-2014-0556: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.

CVE-2014-8439: Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.

CVE-2015-0311: Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

CVE-2015-0336: Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334.

Affected systems

  • adobe acrobat_reader 8.0
  • adobe acrobat_reader 8.1
  • adobe acrobat_reader 8.1.1
  • adobe acrobat_reader 8.1.2
  • adobe acrobat_reader 8.1.3
  • adobe acrobat_reader 8.1.4
  • adobe acrobat_reader 8.1.5
  • adobe acrobat_reader 8.1.6
  • adobe acrobat_reader 8.1.7
  • adobe acrobat_reader 9.0
  • adobe acrobat_reader 9.1
  • adobe acrobat_reader 9.1.1
  • adobe acrobat_reader 9.1.2
  • adobe acrobat_reader 9.1.3
  • adobe acrobat_reader 9.2
  • adobe acrobat_reader 9.3
  • oracle jre 1.6.0
  • oracle jre 1.7.0
  • sun jre 1.5.0
  • sun jre 1.6.0
  • oracle jdk 1.6.0
  • oracle jdk 1.7.0
  • sun jdk 1.4.2_37
  • sun jdk 1.5.0
  • sun jre 1.4.2_37
  • microsoft silverlight 5.0.60401.0
  • microsoft silverlight 5.0.60818.0
  • microsoft silverlight 5.0.61118.0
  • oracle jdk 1.5.0
  • oracle jre 1.5.0
  • sun jdk 1.6.0
  • microsoft internet_explorer 6
  • microsoft internet_explorer 7
  • microsoft internet_explorer 8
  • microsoft internet_explorer 9
  • microsoft internet_explorer 10
  • google chrome 28.0.1500.0
  • google chrome 28.0.1500.2
  • google chrome 28.0.1500.3
  • google chrome 28.0.1500.4
  • google chrome 28.0.1500.5
  • google chrome 28.0.1500.6
  • google chrome 28.0.1500.8
  • google chrome 28.0.1500.9
  • google chrome 28.0.1500.10
  • google chrome 28.0.1500.11
  • google chrome 28.0.1500.12
  • google chrome 28.0.1500.13
  • google chrome 28.0.1500.14
  • google chrome 28.0.1500.15
  • google chrome 28.0.1500.16
  • google chrome 28.0.1500.17
  • google chrome 28.0.1500.18
  • google chrome 28.0.1500.19
  • google chrome 28.0.1500.20
  • google chrome 28.0.1500.21
  • google chrome 28.0.1500.22
  • google chrome 28.0.1500.23
  • google chrome 28.0.1500.24
  • google chrome 28.0.1500.25
  • google chrome 28.0.1500.26
  • google chrome 28.0.1500.27
  • google chrome 28.0.1500.28
  • google chrome 28.0.1500.29
  • google chrome 28.0.1500.31
  • google chrome 28.0.1500.32
  • google chrome 28.0.1500.33
  • google chrome 28.0.1500.34
  • google chrome 28.0.1500.35
  • google chrome 28.0.1500.36
  • google chrome 28.0.1500.37
  • google chrome 28.0.1500.38
  • google chrome 28.0.1500.39
  • google chrome 28.0.1500.40
  • google chrome 28.0.1500.41
  • google chrome 28.0.1500.42
  • google chrome 28.0.1500.43
  • google chrome 28.0.1500.44
  • google chrome 28.0.1500.45
  • google chrome 28.0.1500.46
  • google chrome 28.0.1500.47
  • google chrome 28.0.1500.48
  • google chrome 28.0.1500.49
  • google chrome 28.0.1500.50
  • google chrome 28.0.1500.51
  • google chrome 28.0.1500.52
  • google chrome 28.0.1500.53
  • google chrome 28.0.1500.54
  • google chrome 28.0.1500.56
  • google chrome 28.0.1500.58
  • google chrome 28.0.1500.59
  • google chrome 28.0.1500.60
  • google chrome 28.0.1500.61
  • google chrome 28.0.1500.62
  • google chrome 28.0.1500.63
  • google chrome 28.0.1500.64
  • google chrome 28.0.1500.66
  • google chrome 28.0.1500.68
  • google chrome 28.0.1500.70
  • google chrome 28.0.1500.71
  • google chrome 28.0.1500.72
  • google chrome 28.0.1500.89
  • google chrome 28.0.1500.91
  • google chrome 28.0.1500.93
  • google chrome 28.0.1500.94
  • debian debian_linux 7.0
  • microsoft internet_explorer 11
  • microsoft windows_8 -
  • microsoft windows_8.1 -
  • adobe flash_player 11.2.202.223
  • adobe flash_player 11.2.202.228
  • adobe flash_player 11.2.202.233
  • adobe flash_player 11.2.202.235
  • adobe flash_player 11.2.202.236
  • adobe flash_player 11.2.202.238
  • adobe flash_player 11.2.202.243
  • adobe flash_player 11.2.202.251
  • adobe flash_player 11.2.202.258
  • adobe flash_player 11.2.202.261
  • adobe flash_player 11.2.202.262
  • adobe flash_player 11.2.202.270
  • adobe flash_player 11.2.202.273
  • adobe flash_player 11.2.202.275
  • adobe flash_player 11.2.202.280
  • adobe flash_player 11.2.202.285
  • adobe flash_player 11.2.202.291
  • adobe flash_player 11.2.202.297
  • adobe flash_player 11.2.202.310
  • adobe flash_player 11.2.202.332
  • adobe flash_player 11.2.202.335
  • adobe flash_player 11.2.202.336
  • adobe flash_player 11.2.202.341
  • adobe flash_player 11.2.202.346
  • adobe flash_player 11.2.202.350
  • adobe flash_player 11.7.700.169
  • adobe flash_player 11.7.700.202
  • adobe flash_player 11.7.700.224
  • adobe flash_player 11.7.700.225
  • adobe flash_player 11.7.700.232
  • adobe flash_player 11.7.700.242
  • adobe flash_player 11.7.700.257
  • adobe flash_player 11.7.700.260
  • adobe flash_player 11.7.700.261
  • adobe flash_player 11.7.700.269
  • adobe flash_player 11.7.700.272
  • adobe flash_player 11.7.700.275
  • adobe flash_player 11.8.800.94
  • adobe flash_player 11.8.800.97
  • adobe flash_player 11.8.800.168
  • adobe flash_player 13.0.0.182
  • adobe flash_player 13.0.0.201
  • adobe adobe_air 13.0.0.83
  • adobe adobe_air 13.0.0.111
  • adobe adobe_air 14.0.0.110
  • adobe adobe_air 14.0.0.137
  • adobe adobe_air 14.0.0.178
  • adobe adobe_air 14.0.0.179
  • adobe adobeairsdk 13.0.0.83
  • adobe adobeairsdk 13.0.0.111
  • adobe adobeairsdk 14.0.0.110
  • adobe adobeairsdk 14.0.0.137
  • adobe adobeairsdk 14.0.0.178
  • adobe flash_player 11.2.202.356
  • adobe flash_player 11.2.202.359
  • adobe flash_player 11.2.202.378
  • adobe flash_player 11.2.202.394
  • adobe flash_player 11.2.202.400
  • adobe flash_player 13.0.0.206
  • adobe flash_player 13.0.0.214
  • adobe flash_player 13.0.0.223
  • adobe flash_player 13.0.0.231
  • adobe flash_player 13.0.0.241
  • adobe flash_player 14.0.0.125
  • adobe flash_player 14.0.0.145
  • adobe flash_player 14.0.0.176
  • adobe flash_player 14.0.0.179
  • adobe flash_player 15.0.0.144
  • adobe air 15.0.0.292
  • adobe air_sdk 15.0.0.301
  • adobe airsdkand_compiler 15.0.0.301
  • adobe flash_player 11.2.202.418
  • adobe flash_player 13.0.0.252
  • adobe flash_player 15.0.0.223
  • adobe flash_player 11.2.202.438
  • adobe flash_player 13.0.0.262
  • adobe flash_player 15.0.0.152
  • adobe flash_player 15.0.0.167
  • adobe flash_player 15.0.0.189
  • adobe flash_player 15.0.0.239
  • adobe flash_player 15.0.0.246
  • adobe flash_player 16.0.0.235
  • adobe flash_player 16.0.0.257
  • adobe flash_player 16.0.0.287
  • adobe flash_player 11.2.202.442
  • adobe flash_player 13.0.0.264
  • adobe flash_player 16.0.0.296
  • adobe flash_player 16.0.0.305

Ease of attack

CVE-2010-0188:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2012-0507:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2012-1723:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2013-0074:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2013-2465:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2013-2471:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2013-2551:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2013-2883:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2013-7331:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2014-0515:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2014-0556:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2014-8439:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2015-0311:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2015-0336:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References