Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Titel:Adobe Flash Player and earlier vulnerability (Windows)
Zusammenfassung:The remote host is probably affected by; the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,; CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.
The remote host is probably affected by
the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,
CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.

Vulnerability Impact:
- CVE 2007-5275
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a
victim machine to establish TCP sessions with arbitrary hosts via a Flash
(SWF) movie, related to lack of pinning of a hostname to a single IP address
after receiving an allow-access-from element in a cross-domain-policy XML
document, and the availability of a Flash Socket class that does not use
the browser's DNS pins, aka DNS rebinding attacks, a different issue than
CVE-2002-1467 and CVE-2007-4324.

- CVE 2007-6019
Adobe Flash Player and earlier, and and earlier, allows
remote attackers to execute arbitrary code via an SWF file with a modified
DeclareFunction2 Actionscript tag, which prevents an object from being
instantiated properly.

- CVE 2007-6243
Adobe Flash Player 9.x up to, 8.x up to, and 7.x up to does not sufficiently restrict the interpretation and usage of
cross-domain policy files, which makes it easier for remote attackers to
conduct cross-domain and cross-site scripting (XSS) attacks.

- CVE 2007-6637
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player
allow remote attackers to inject arbitrary web script or HTML via a crafted
SWF file, related to 'pre-generated SWF files' and Adobe Dreamweaver CS3 or
Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by

- CVE 2008-1654
Interaction error between Adobe Flash and multiple Universal Plug and Play
(UPnP) services allow remote attackers to perform Cross-Site Request Forgery
(CSRF) style attacks by using the Flash navigateToURL function to send a SOAP
message to a UPnP control point, as demonstrated by changing the primary DNS

- CVE 2008-1655
Unspecified vulnerability in Adobe Flash Player and earlier, and and earlier, makes it easier for remote attackers to conduct DNS
rebinding attacks via unknown vectors.

Affected Software/OS:
Adobe Flash Player version
and earlier on Windows.

All Adobe Flash Player users should
upgrade to the latest version.

CVSS Score:

CVSS Vector:

Querverweis: BugTraq ID: 26930
BugTraq ID: 28694
BugTraq ID: 26966
BugTraq ID: 27034
BugTraq ID: 28696
BugTraq ID: 28697
Common Vulnerability Exposure (CVE) ID: CVE-2007-5275
Cert/CC Advisory: TA07-355A
Cert/CC Advisory: TA08-100A
Cert/CC Advisory: TA08-150A
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:022 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6019
Bugtraq: 20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability (Google Search)
Bugtraq: 20080414 Secunia Research: Adobe Flash Player "Declare Function (V7)" HeapOverflow (Google Search)
XForce ISS Database: adobe-flash-declarefunction2-bo(41717)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6243
BugTraq ID: 26929
CERT/CC vulnerability note: VU#935737
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
XForce ISS Database: adobe-unspecified-security-bypass(39129)
Common Vulnerability Exposure (CVE) ID: CVE-2007-6637
Common Vulnerability Exposure (CVE) ID: CVE-2008-1654
Bugtraq: 20080113 Hacking The Interwebs (Google Search)
CERT/CC vulnerability note: VU#347812
XForce ISS Database: adobe-flash-navigatetourl-csrf(41718)
Common Vulnerability Exposure (CVE) ID: CVE-2008-1655
XForce ISS Database: adobe-flash-dnsrebinding-security-bypass(41807)
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.