Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.90019
Kategorie:Windows
Titel:Adobe Flash Player 9.0.115.0 and earlier vulnerability (Windows)
Zusammenfassung:The remote host is probably affected by; the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,; CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.
Beschreibung:Summary:
The remote host is probably affected by
the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,
CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.

Vulnerability Impact:
- CVE 2007-5275
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a
victim machine to establish TCP sessions with arbitrary hosts via a Flash
(SWF) movie, related to lack of pinning of a hostname to a single IP address
after receiving an allow-access-from element in a cross-domain-policy XML
document, and the availability of a Flash Socket class that does not use
the browser's DNS pins, aka DNS rebinding attacks, a different issue than
CVE-2002-1467 and CVE-2007-4324.

- CVE 2007-6019
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows
remote attackers to execute arbitrary code via an SWF file with a modified
DeclareFunction2 Actionscript tag, which prevents an object from being
instantiated properly.

- CVE 2007-6243
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to
7.0.70.0 does not sufficiently restrict the interpretation and usage of
cross-domain policy files, which makes it easier for remote attackers to
conduct cross-domain and cross-site scripting (XSS) attacks.

- CVE 2007-6637
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player
allow remote attackers to inject arbitrary web script or HTML via a crafted
SWF file, related to 'pre-generated SWF files' and Adobe Dreamweaver CS3 or
Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by
CVE-2007-6244.1.

- CVE 2008-1654
Interaction error between Adobe Flash and multiple Universal Plug and Play
(UPnP) services allow remote attackers to perform Cross-Site Request Forgery
(CSRF) style attacks by using the Flash navigateToURL function to send a SOAP
message to a UPnP control point, as demonstrated by changing the primary DNS
server.

- CVE 2008-1655
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and
8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS
rebinding attacks via unknown vectors.

Affected Software/OS:
Adobe Flash Player version 9.0.115.0
and earlier on Windows.

Solution:
All Adobe Flash Player users should
upgrade to the latest version.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 26930
BugTraq ID: 28694
BugTraq ID: 26966
BugTraq ID: 27034
BugTraq ID: 28696
BugTraq ID: 28697
Common Vulnerability Exposure (CVE) ID: CVE-2007-5275
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://www.securityfocus.com/bid/26930
Cert/CC Advisory: TA07-355A
http://www.us-cert.gov/cas/techalerts/TA07-355A.html
Cert/CC Advisory: TA08-100A
http://www.us-cert.gov/cas/techalerts/TA08-100A.html
Cert/CC Advisory: TA08-150A
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.gentoo.org/security/en/glsa/glsa-200801-07.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml
http://crypto.stanford.edu/dns/dns-rebinding.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9250
http://www.redhat.com/support/errata/RHSA-2007-1126.html
http://www.redhat.com/support/errata/RHSA-2008-0221.html
http://securitytracker.com/id?1019116
http://secunia.com/advisories/28157
http://secunia.com/advisories/28161
http://secunia.com/advisories/28213
http://secunia.com/advisories/28570
http://secunia.com/advisories/29763
http://secunia.com/advisories/29865
http://secunia.com/advisories/30430
http://secunia.com/advisories/30507
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1
SuSE Security Announcement: SUSE-SA:2007:069 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html
SuSE Security Announcement: SUSE-SA:2008:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html
http://www.vupen.com/english/advisories/2007/4258
http://www.vupen.com/english/advisories/2008/1697
http://www.vupen.com/english/advisories/2008/1724/references
Common Vulnerability Exposure (CVE) ID: CVE-2007-6019
http://www.securityfocus.com/bid/28694
Bugtraq: 20080408 ZDI-08-021: Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/490623/100/0/threaded
Bugtraq: 20080414 Secunia Research: Adobe Flash Player "Declare Function (V7)" HeapOverflow (Google Search)
http://www.securityfocus.com/archive/1/490824/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-08-021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10160
http://www.securitytracker.com/id?1019810
http://securityreason.com/securityalert/3805
XForce ISS Database: adobe-flash-declarefunction2-bo(41717)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41717
Common Vulnerability Exposure (CVE) ID: CVE-2007-6243
BugTraq ID: 26929
http://www.securityfocus.com/bid/26929
http://www.securityfocus.com/bid/26966
CERT/CC vulnerability note: VU#935737
http://www.kb.cert.org/vuls/id/935737
http://jvn.jp/jp/JVN%2345675516/index.html
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11069
http://www.redhat.com/support/errata/RHSA-2008-0945.html
http://www.redhat.com/support/errata/RHSA-2008-0980.html
http://secunia.com/advisories/32448
http://secunia.com/advisories/32702
http://secunia.com/advisories/32759
http://secunia.com/advisories/33390
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
XForce ISS Database: adobe-unspecified-security-bypass(39129)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39129
Common Vulnerability Exposure (CVE) ID: CVE-2007-6637
http://www.securityfocus.com/bid/27034
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9828
http://securitytracker.com/id?1019141
Common Vulnerability Exposure (CVE) ID: CVE-2008-1654
http://www.securityfocus.com/bid/28696
Bugtraq: 20080113 Hacking The Interwebs (Google Search)
http://seclists.org/bugtraq/2008/Jan/0182.html
CERT/CC vulnerability note: VU#347812
http://www.kb.cert.org/vuls/id/347812
http://seclists.org/fulldisclosure/2008/Jan/0204.html
http://www.gnucitizen.org/blog/hacking-the-interwebs/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11435
http://www.securitytracker.com/id?1019807
XForce ISS Database: adobe-flash-navigatetourl-csrf(41718)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41718
Common Vulnerability Exposure (CVE) ID: CVE-2008-1655
http://www.securityfocus.com/bid/28697
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns
http://www.osvdb.org/44283
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724
http://www.securitytracker.com/id?1019808
XForce ISS Database: adobe-flash-dnsrebinding-security-bypass(41807)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41807
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.