Search...

CVE-2008-1655

2008-04-09T17:05:00

ID CVE-2008-1655
Type cve
Reporter NVD
Modified 2017-09-28T21:30:48

Description

Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

JSON Vulners Source

Initial Source

{"id": "CVE-2008-1655", "bulletinFamily": "NVD", "title": "CVE-2008-1655", "description": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.", "published": "2008-04-09T17:05:00", "modified": "2017-09-28T21:30:48", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1655", "reporter": "NVD", "references": ["http://www.securitytracker.com/id?1019808", "http://www.redhat.com/support/errata/RHSA-2008-0221.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807", "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml", "http://www.vupen.com/english/advisories/2008/1697", "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1", "http://www.vupen.com/english/advisories/2008/1724/references", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html", "http://www.securityfocus.com/bid/28697", "http://www.adobe.com/support/security/bulletins/apsb08-11.html", "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns", "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"], "cvelist": ["CVE-2008-1655"], "type": "cve", "lastseen": "2017-09-29T14:25:50", "history": [{"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10724", "name": "oval:org.mitre.oval:def:10724", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:adobe:flex:3.0", "cpe:/a:adobe:flash_player:9.0.115.0", "cpe:/a:adobe:air:1.0"], "cvelist": ["CVE-2008-1655"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.", "edition": 2, "enchantments": {}, "hash": "d8c15a4e26a5cd7a5afbe627b5f39a21aa65ee56b3a56dfe05ebf35924c6d8b1", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "958f2a6cb5011e84023b088b8ec4e04f", "key": "assessment"}, {"hash": "9af4540360eda6d65c77ef491fa52d25", "key": "title"}, {"hash": "9df82ae5a0d41026c93bbb036dfce5fc", "key": "href"}, {"hash": "36182d42a7bb2ed6a3d2f6d6cdf640b2", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "38da0f522de3cfedde450cfb9f1e0e6c", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "96e937eebc9098bfd237351c23ab7711", "key": "cvelist"}, {"hash": "93e06f907b722b6e7610a1ff48fd09a2", "key": "scanner"}, {"hash": "8abd3409bbe13936f0b9844c32b97a14", "key": "modified"}, {"hash": "316587e835f5dee860aa950ecd3b10e1", "key": "published"}, {"hash": "1ae78f986a92ce32731825c2d307fc72", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1655", "id": "CVE-2008-1655", "lastseen": "2017-08-08T11:24:36", "modified": "2017-08-07T21:30:20", "objectVersion": "1.3", "published": "2008-04-09T17:05:00", "references": ["http://www.securitytracker.com/id?1019808", "http://www.redhat.com/support/errata/RHSA-2008-0221.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41807", "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml", "http://www.vupen.com/english/advisories/2008/1697", "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1", "http://www.vupen.com/english/advisories/2008/1724/references", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html", "http://www.securityfocus.com/bid/28697", "http://www.adobe.com/support/security/bulletins/apsb08-11.html", "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns", "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10724", "name": "oval:org.mitre.oval:def:10724", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2008-1655", "type": "cve", "viewCount": 0}, "differentElements": ["assessment", "modified"], "edition": 2, "lastseen": "2017-08-08T11:24:36"}, {"bulletin": {"assessment": {"href": "http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10724", "name": "oval:org.mitre.oval:def:10724", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:adobe:flex:3.0", "cpe:/a:adobe:flash_player:9.0.115.0", "cpe:/a:adobe:air:1.0"], "cvelist": ["CVE-2008-1655"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.", "edition": 1, "enchantments": {}, "hash": "1b6165f7b3a3bf8c7728f2ef7e956fb056ae5997dc7c8db4f6ba52aa23451452", "hashmap": [{"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "958f2a6cb5011e84023b088b8ec4e04f", "key": "assessment"}, {"hash": "9af4540360eda6d65c77ef491fa52d25", "key": "title"}, {"hash": "11660c283415801b92fd18f22eb5027c", "key": "references"}, {"hash": "9df82ae5a0d41026c93bbb036dfce5fc", "key": "href"}, {"hash": "36182d42a7bb2ed6a3d2f6d6cdf640b2", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "8cc01347503edc867331a19e3b916e9a", "key": "modified"}, {"hash": "38da0f522de3cfedde450cfb9f1e0e6c", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "96e937eebc9098bfd237351c23ab7711", "key": "cvelist"}, {"hash": "93e06f907b722b6e7610a1ff48fd09a2", "key": "scanner"}, {"hash": "316587e835f5dee860aa950ecd3b10e1", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1655", "id": "CVE-2008-1655", "lastseen": "2016-09-03T10:22:50", "modified": "2011-03-07T22:07:25", "objectVersion": "1.2", "published": "2008-04-09T17:05:00", "references": ["http://www.securitytracker.com/id?1019808", "http://www.redhat.com/support/errata/RHSA-2008-0221.html", "http://xforce.iss.net/xforce/xfdb/41807", "http://www.gentoo.org/security/en/glsa/glsa-200804-21.xml", "http://www.vupen.com/english/advisories/2008/1697", "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238305-1", "http://www.vupen.com/english/advisories/2008/1724/references", "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html", "http://www.securityfocus.com/bid/28697", "http://www.adobe.com/support/security/bulletins/apsb08-11.html", "http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html#goal_dns", "http://www.us-cert.gov/cas/techalerts/TA08-100A.html"], "reporter": "NVD", "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10724", "name": "oval:org.mitre.oval:def:10724", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}], "title": "CVE-2008-1655", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T10:22:50"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "309d4b12f02cef05b171ce6427c7b079"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "36182d42a7bb2ed6a3d2f6d6cdf640b2"}, {"key": "cvelist", "hash": "96e937eebc9098bfd237351c23ab7711"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "38da0f522de3cfedde450cfb9f1e0e6c"}, {"key": "href", "hash": "9df82ae5a0d41026c93bbb036dfce5fc"}, {"key": "modified", "hash": "0a3f710dbf88e2125c81323ef0793e2a"}, {"key": "published", "hash": "316587e835f5dee860aa950ecd3b10e1"}, {"key": "references", "hash": "1ae78f986a92ce32731825c2d307fc72"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "93e06f907b722b6e7610a1ff48fd09a2"}, {"key": "title", "hash": "9af4540360eda6d65c77ef491fa52d25"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "adf0bb43498ad6892663c325eea2337a3a52ef2d7ca24cefba0ffc6d775fcb6c", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:adobe:flex:3.0", "cpe:/a:adobe:flash_player:9.0.115.0", "cpe:/a:adobe:air:1.0"], "assessment": {"href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10724", "name": "oval:org.mitre.oval:def:10724", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}, "scanner": [{"href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10724", "name": "oval:org.mitre.oval:def:10724", "system": "http://oval.mitre.org/XMLSchema/oval-definitions-5"}]}

{"result": {"suse": [{"id": "SUSE-SA:2008:022", "type": "suse", "title": "remote code execution in flash-player", "description": "The Adobe Flash Player was updated to version 9.0.124.0 to fix several security problems.", "published": "2008-04-11T13:28:58", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00006.html", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2016-09-04T12:13:40"}], "openvas": [{"id": "OPENVAS:850000", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2008:022", "description": "Check for the Version of flash-player", "published": "2009-01-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850000", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2017-12-12T11:19:45"}, {"id": "OPENVAS:136141256231090019", "type": "openvas", "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Windows)", "description": "The remote host is probably affected by\n the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,\n CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.", "published": "2008-09-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090019", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "lastseen": "2017-12-20T13:19:08"}, {"id": "OPENVAS:90018", "type": "openvas", "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)", "description": "The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655", "published": "2008-09-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=90018", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "lastseen": "2017-12-08T11:44:41"}, {"id": "OPENVAS:60821", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200804-21 (netscape-flash)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-21.", "published": "2008-09-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60821", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2017-07-24T12:50:01"}, {"id": "OPENVAS:136141256231090018", "type": "openvas", "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)", "description": "The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655", "published": "2008-09-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090018", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "lastseen": "2018-04-06T11:16:07"}, {"id": "OPENVAS:102031", "type": "openvas", "title": "Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003", "description": "The remote host is missing Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003.\n One or more of the following components are affected:\n\n AFP Server\n Apache\n AppKit\n Apple Pixlet Video\n ATS\n CFNetwork\n CoreFoundation\n CoreGraphics\n CoreTypes\n CUPS\n Flash Player Plug-in\n Help Viewer\n iCal\n International Components for Unicode\n Image Capture\n Image Capture\n ImageIO\n Kernel\n LoginWindow\n Mail\n ruby\n Single Sign-On\n Wiki Server", "published": "2010-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=102031", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2007-6637", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6243", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "lastseen": "2017-07-02T21:10:02"}, {"id": "OPENVAS:1361412562310102031", "type": "openvas", "title": "Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003", "description": "The remote host is missing Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003.", "published": "2010-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102031", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2007-6637", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6243", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "lastseen": "2018-06-07T10:53:22"}], "nessus": [{"id": "GENTOO_GLSA-200804-21.NASL", "type": "nessus", "title": "GLSA-200804-21 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200804-21 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash:\n Secunia Research and Zero Day Initiative reported a boundary error related to DeclareFunction2 Actionscript tags in SWF files (CVE-2007-6019).\n The ISS X-Force and the Zero Day Initiative reported an unspecified input validation error that might lead to a buffer overflow (CVE-2007-0071).\n Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy files are not checked before sending HTTP headers to another domain (CVE-2008-1654) and that it does not sufficiently restrict the interpretation and usage of cross-domain policy files (CVE-2007-6243).\n The Stanford University and Ernst and Young's Advanced Security Center reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275, CVE-2008-1655).\n The Google Security Team and Minded Security Multiple reported multiple cross-site scripting vulnerabilities when passing input to Flash functions (CVE-2007-6637).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to send HTTP requests to other hosts, establish TCP sessions with arbitrary hosts, bypass the security sandbox model, or conduct Cross-Site Scripting and Cross-Site Request Forgery attacks.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-04-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32014", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2018-07-12T17:50:40"}, {"id": "SUSE_FLASH-PLAYER-5159.NASL", "type": "nessus", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 5159)", "description": "This flash player update to version 9.0.124.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.\n(CVE-2007-5275 / CVE-2007-6243 / CVE-2007-6637 / CVE-2007-6019 / CVE-2007-0071 / CVE-2008-1655 / CVE-2008-1654)", "published": "2008-04-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31964", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2017-10-29T13:41:43"}, {"id": "REDHAT-RHSA-2008-0221.NASL", "type": "nessus", "title": "RHEL 3 / 4 / 5 : flash-plugin (RHSA-2008:0221)", "description": "An updated Adobe Flash Player package that fixes several security issues is now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player displayed certain content. These may have made it possible to execute arbitrary code on a victim's machine, if the victim opened a malicious Adobe Flash file. (CVE-2007-0071, CVE-2007-6019)\n\nA flaw was found in the way Flash Player established TCP sessions to remote hosts. A remote attacker could, consequently, use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)\n\nA flaw was found in the way Flash Player restricted the interpretation and usage of cross-domain policy files. A remote attacker could use Flash Player to conduct cross-domain and cross-site scripting attacks.\n(CVE-2007-6243, CVE-2008-1654)\n\nA flaw was found in the way Flash Player interacted with web browsers.\nAn attacker could use malicious content presented by Flash Player to conduct a cross-site scripting attack. (CVE-2007-6637)\n\nAll users of Adobe Flash Player should upgrade to this updated package, which contains Flash Player version 9.0.124.0 and resolves these issues.", "published": "2009-08-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40719", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-3872", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2017-10-29T13:43:47"}, {"id": "FLASH_PLAYER_APSB08-11.NASL", "type": "nessus", "title": "Flash Player < 8.0.42.0 / 9.0.124.0 Multiple Vulnerabilities (APSB08-11)", "description": "According to its version number, the instance of Flash Player on the remote Windows host is affected by multiple issues, including several that could allow for arbitrary code execution.", "published": "2008-04-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31799", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2018-07-12T17:28:44"}, {"id": "SUSE_FLASH-PLAYER-5161.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : flash-player (flash-player-5161)", "description": "This flash player update to version 9.0.124.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.\n(CVE-2007-5275, CVE-2007-6243, CVE-2007-6637, CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654)", "published": "2008-04-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31965", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2017-10-29T13:38:23"}, {"id": "MACOSX_SECUPD2008-003.NASL", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2008-003)", "description": "The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-003 applied. \n\nThis update contains security fixes for a number of programs.", "published": "2008-05-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32478", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "lastseen": "2018-07-15T04:10:53"}, {"id": "MACOSX_10_5_3.NASL", "type": "nessus", "title": "Mac OS X 10.5.x < 10.5.3 Multiple Vulnerabilities", "description": "The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.3. \n\nMac OS X 10.5.3 contains security fixes for a number of programs.", "published": "2008-05-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32477", "cvelist": ["CVE-2008-1031", "CVE-2007-6612", "CVE-2008-1032", "CVE-2008-1572", "CVE-2007-6359", "CVE-2007-4465", "CVE-2008-0177", "CVE-2008-1575", "CVE-2008-1033", "CVE-2008-1577", "CVE-2007-5269", "CVE-2008-1030", "CVE-2008-1573", "CVE-2008-1027", "CVE-2007-5268", "CVE-2008-1579", "CVE-2006-3747", "CVE-2007-5266", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-3847", "CVE-2008-1028", "CVE-2008-1571", "CVE-2007-6388", "CVE-2008-1654", "CVE-2007-5000", "CVE-2008-1576", "CVE-2008-1578", "CVE-2005-3357", "CVE-2008-1036", "CVE-2007-0071", "CVE-2005-3352", "CVE-2008-1034", "CVE-2008-1574", "CVE-2007-5275", "CVE-2008-1580", "CVE-2008-1035", "CVE-2007-1863"], "lastseen": "2018-07-15T04:00:15"}], "gentoo": [{"id": "GLSA-200804-21", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash: \n\n * Secunia Research and Zero Day Initiative reported a boundary error related to DeclareFunction2 Actionscript tags in SWF files (CVE-2007-6019). \n * The ISS X-Force and the Zero Day Initiative reported an unspecified input validation error that might lead to a buffer overflow (CVE-2007-0071). \n * Microsoft, UBsecure and JPCERT/CC reported that cross-domain policy files are not checked before sending HTTP headers to another domain (CVE-2008-1654) and that it does not sufficiently restrict the interpretation and usage of cross-domain policy files (CVE-2007-6243). \n * The Stanford University and Ernst and Young's Advanced Security Center reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275, CVE-2008-1655). \n * The Google Security Team and Minded Security Multiple reported multiple cross-site scripting vulnerabilities when passing input to Flash functions (CVE-2007-6637). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to send HTTP requests to other hosts, establish TCP sessions with arbitrary hosts, bypass the security sandbox model, or conduct Cross-Site Scripting and Cross-Site Request Forgery attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-9.0.124.0\"", "published": "2008-04-18T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200804-21", "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2008-1655", "CVE-2007-6019", "CVE-2008-1654", "CVE-2007-0071", "CVE-2007-5275"], "lastseen": "2016-09-06T19:46:44"}], "seebug": [{"id": "SSV:3150", "type": "seebug", "title": "Adobe Flash Player 9.0.124.0\u7248\u672c\u4fee\u6539\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "BUGTRAQ ID: 27034,28695,26966,28697,26930,28696,28694\r\nCVE(CAN) ID: CVE-2007-5275,CVE-2007-6243,CVE-2007-6637,CVE-2007-6019,CVE-2007-0071,CVE-2008-1655,CVE-2008-1654\r\n\r\nFlash Player\u662f\u4e00\u6b3e\u975e\u5e38\u6d41\u884c\u7684FLASH\u64ad\u653e\u5668\u3002\r\n\r\nFlash Player 9.0.124.0\u7248\u672c\u4fee\u590d\u4e86\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u5141\u8bb8\u6076\u610f\u7528\u6237\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3001\u6267\u884c\u8de8\u7ad9\u811a\u672c\u6216\u5165\u4fb5\u7528\u6237\u7cfb\u7edf\uff0c\u5177\u4f53\u5305\u62ec\uff1a\r\n\r\n1) \u5904\u7406Declare Function (V7)\u6807\u7b7e\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff1b\r\n\r\n2) \u5904\u7406\u591a\u5a92\u4f53\u6587\u4ef6\u65f6\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff1b\r\n\r\n3) \u5728\u5c06\u4e3b\u673a\u540d\u7ed1\u5b9a\u5230IP\u5730\u5740\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4DNS\u91cd\u65b0\u7ed1\u5b9a\u653b\u51fb\uff1b \r\n\r\n4) \u5728\u53d1\u9001HTTP\u5934\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u7ed5\u8fc7\u8de8\u57df\u7b56\u7565\u6587\u4ef6\uff1b\r\n\r\n5) \u5f3a\u5236\u8de8\u57df\u7b56\u7565\u6587\u4ef6\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5728\u627f\u8f7d\u8be5\u6587\u4ef6\u7684Web\u670d\u52a1\u5668\u4e0a\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\uff1b\r\n\r\n6) \u5728\u5904\u7406asfunction:\u534f\u8bae\u65f6\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u5bf9\u67d0\u4e9b\u53c2\u6570\u7684\u8f93\u5165\u4fbf\u5c06\u5176\u8fd4\u56de\u7ed9\u4e86\u7528\u6237\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4e2d\u6ce8\u5165\u4efb\u610fHTML\u548c\u811a\u672c\u4ee3\u7801\u3002\r\n\n\nAdobe Flash Player < 9.0.115.0\n Adobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.adobe.com/go/getflash target=_blank>http://www.adobe.com/go/getflash</a>\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0221-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0221-01\uff1aCritical: flash-plugin security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0221.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0221.html</a>", "published": "2008-04-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-3150", "cvelist": ["CVE-2007-0071", "CVE-2007-5275", "CVE-2007-6019", "CVE-2007-6243", "CVE-2007-6637", "CVE-2008-1654", "CVE-2008-1655"], "lastseen": "2017-11-19T21:43:45"}], "redhat": [{"id": "RHSA-2008:0221", "type": "redhat", "title": "(RHSA-2008:0221) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\r\nWeb browser plug-in.\r\n\r\nSeveral input validation flaws were found in the way Flash Player displayed\r\ncertain content. These may have made it possible to execute arbitrary code\r\non a victim's machine, if the victim opened a malicious Adobe Flash file.\r\n(CVE-2007-0071, CVE-2007-6019)\r\n\r\nA flaw was found in the way Flash Player established TCP sessions to remote\r\nhosts. A remote attacker could, consequently, use Flash Player to conduct a\r\nDNS rebinding attack. (CVE-2007-5275, CVE-2008-1655)\r\n\r\nA flaw was found in the way Flash Player restricted the interpretation and\r\nusage of cross-domain policy files. A remote attacker could use Flash\r\nPlayer to conduct cross-domain and cross-site scripting attacks.\r\n(CVE-2007-6243, CVE-2008-1654)\r\n\r\nA flaw was found in the way Flash Player interacted with web browsers. An\r\nattacker could use malicious content presented by Flash Player to conduct a\r\ncross-site scripting attack. (CVE-2007-6637)\r\n\r\nAll users of Adobe Flash Player should upgrade to this updated package,\r\nwhich contains Flash Player version 9.0.124.0 and resolves these issues.", "published": "2008-04-08T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0221", "cvelist": ["CVE-2007-0071", "CVE-2007-5275", "CVE-2007-6019", "CVE-2007-6243", "CVE-2007-6637", "CVE-2008-1654", "CVE-2008-1655", "CVE-2008-3872"], "lastseen": "2017-09-09T07:20:25"}]}}