ID CVE-2007-6246 Type cve Reporter NVD Modified 2017-09-28T21:29:52
Description
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
{"result": {"nessus": [{"id": "SUSE_FLASH-PLAYER-4856.NASL", "type": "nessus", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 4856)", "description": "This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324 / CVE-2007-4768 / CVE-2007-5275 / CVE-2007-6242 / CVE-2007-6243 / CVE-2007-6244 / CVE-2007-6245 / CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and Mozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.", "published": "2007-12-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29785", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2017-10-29T13:37:48"}, {"id": "FLASH_PLAYER_APSB07-20.NASL", "type": "nessus", "title": "Flash Player < 7.0.73.0 / 9.0.115.0 Multiple Vulnerabilities (APSB07-20)", "description": "According to its version number, the instance of Flash Player on the remote Windows host is affected by multiple issues, including several which could allow for arbitrary code execution by means of a malicious SWF file.", "published": "2007-12-19T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29741", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2018-07-12T18:23:52"}, {"id": "FREEBSD_PKG_562CF6C4B9F111DCA302000102CC8983.NASL", "type": "nessus", "title": "FreeBSD : linux-flashplugin -- multiple vulnerabilities (562cf6c4-b9f1-11dc-a302-000102cc8983)", "description": "Adobe Security bulletin :\n\nCritical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.", "published": "2008-01-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29849", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-5476", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2017-10-29T13:32:51"}, {"id": "GENTOO_GLSA-200801-07.NASL", "type": "nessus", "title": "GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200801-07 (Adobe Flash Player: Multiple vulnerabilities)\n\n Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow (GLSA 200711-30, CVE-2007-4768).\n Aaron Portnoy reported an unspecified vulnerability related to input validation (CVE-2007-6242).\n Jesse Michael and Thomas Biege reported that Flash does not correctly set memory permissions (CVE-2007-6246).\n Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275).\n David Neu reported an error withing the implementation of the Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).\n Toshiharu Sugiyama reported that Flash does not sufficiently restrict the interpretation and usage of cross-domain policy files, allowing for easier cross-site scripting attacks (CVE-2007-6243).\n Rich Cannings reported a cross-site scripting vulnerability in the way the 'asfunction:' protocol was handled (CVE-2007-6244).\n Toshiharu Sugiyama discovered that Flash allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks (CVE-2007-6245).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to establish TCP sessions with arbitrary hosts, bypass the Security Sandbox Model, obtain sensitive information, port scan arbitrary hosts, or conduct cross-site-scripting attacks.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-01-21T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=30031", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2018-07-12T18:26:07"}, {"id": "SUSE_FLASH-PLAYER-4855.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : flash-player (flash-player-4855)", "description": "This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324, CVE-2007-4768, CVE-2007-5275, CVE-2007-6242, CVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and Mozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.", "published": "2007-12-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29784", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2017-10-29T13:40:38"}, {"id": "REDHAT-RHSA-2007-1126.NASL", "type": "nessus", "title": "RHEL 3 / 4 / 5 : flash-plugin (RHSA-2007:1126)", "description": "An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player displays certain content. It may be possible to execute arbitrary code on a victim's machine, if the victim opens a malicious Adobe Flash file. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)\n\nA flaw was found in the way Flash Player handled the asfunction:\nprotocol. Malformed SWF files could perform a cross-site scripting attack. (CVE-2007-6244)\n\nA flaw was found in the way Flash Player modified HTTP request headers. Malicious content could allow Flash Player to conduct a HTTP response splitting attack. (CVE-2007-6245)\n\nA flaw was found in the way Flash Player processes certain SWF content. A malicious SWF file could allow a remote attacker to conduct a port scanning attack from the client's machine. (CVE-2007-4324)\n\nA flaw was found in the way Flash Player establishes TCP sessions. A remote attacker could use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275)\n\nUsers of Adobe Flash Player are advised to upgrade to this updated package, which contains version 9.0.115.0 and resolves these issues.", "published": "2009-08-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40711", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2017-10-29T13:45:40"}], "openvas": [{"id": "OPENVAS:60088", "type": "openvas", "title": "FreeBSD Ports: linux-flashplugin", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60088", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-5476", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2017-07-02T21:10:20"}, {"id": "OPENVAS:850071", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2007:069", "description": "Check for the Version of flash-player", "published": "2009-01-28T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850071", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2017-12-12T11:20:30"}, {"id": "OPENVAS:60219", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200801-07 (netscape-flash)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200801-07.", "published": "2008-09-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60219", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2017-07-24T12:50:15"}], "redhat": [{"id": "RHSA-2007:1126", "type": "redhat", "title": "(RHSA-2007:1126) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\r\nWeb browser plug-in.\r\n\r\nSeveral input validation flaws were found in the way Flash Player displays\r\ncertain content. It may be possible to execute arbitrary code on a victim's\r\nmachine, if the victim opens a malicious Adobe Flash file. \r\n(CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)\r\n\r\nA flaw was found in the way Flash Player handled the asfunction: protocol.\r\nMalformed SWF files could perform a cross-site scripting attack.\r\n(CVE-2007-6244)\r\n\r\nA flaw was found in the way Flash Player modified HTTP request headers.\r\nMalicious content could allow Flash Player to conduct a HTTP response\r\nsplitting attack. (CVE-2007-6245)\r\n\r\nA flaw was found in the way Flash Player processes certain SWF content. A\r\nmalicious SWF file could allow a remote attacker to conduct a port scanning\r\nattack from the client's machine. (CVE-2007-4324)\r\n\r\nA flaw was found in the way Flash Player establishes TCP sessions. A remote\r\nattacker could use Flash Player to conduct a DNS rebinding attack.\r\n(CVE-2007-5275) \r\n\r\nUsers of Adobe Flash Player are advised to upgrade to this updated package,\r\nwhich contains version 9.0.115.0 and resolves these issues.", "published": "2007-12-18T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1126", "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "lastseen": "2017-09-09T07:20:17"}], "suse": [{"id": "SUSE-SA:2007:069", "type": "suse", "title": "remote code execution in flash-player", "description": "A flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted flash content.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-12-21T16:24:32", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2016-09-04T11:51:41"}], "freebsd": [{"id": "562CF6C4-B9F1-11DC-A302-000102CC8983", "type": "freebsd", "title": "linux-flashplugin -- multiple vulnerabilities", "description": "\nAdobe Security bulletin:\n\nCritical vulnerabilities have been identified in Adobe Flash\n\t Player that could allow an attacker who successfully exploits these\n\t potential vulnerabilities to take control of the affected system. A\n\t malicious SWF must be loaded in Flash Player by the user for an\n\t attacker to exploit these potential vulnerabilities. Users are\n\t recommended to update to the most current version of Flash Player\n\t available for their platform.\n\n", "published": "2007-12-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/562cf6c4-b9f1-11dc-a302-000102cc8983.html", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-5476", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2016-09-26T17:24:58"}], "gentoo": [{"id": "GLSA-200801-07", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. \n\n### Description\n\n * Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow (GLSA 200711-30, CVE-2007-4768).\n * Aaron Portnoy reported an unspecified vulnerability related to input validation (CVE-2007-6242).\n * Jesse Michael and Thomas Biege reported that Flash does not correctly set memory permissions (CVE-2007-6246).\n * Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275).\n * David Neu reported an error withing the implementation of the Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).\n * Toshiharu Sugiyama reported that Flash does not sufficiently restrict the interpretation and usage of cross-domain policy files, allowing for easier cross-site scripting attacks (CVE-2007-6243).\n * Rich Cannings reported a cross-site scripting vulnerability in the way the \"asfunction:\" protocol was handled (CVE-2007-6244).\n * Toshiharu Sugiyama discovered that Flash allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks (CVE-2007-6245).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to establish TCP sessions with arbitrary hosts, bypass the Security Sandbox Model, obtain sensitive information, port scan arbitrary hosts, or conduct cross-site-scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-9.0.115.0\"\n\nPlease be advised that unaffected packages of the Adobe Flash Player have known problems when used from within the Konqueror and Opera browsers.", "published": "2008-01-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200801-07", "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "lastseen": "2016-09-06T19:46:31"}]}}
