Flash Player APSB08-18 / APSB08-20 Multiple Vulnerabilities

According to its version number, an instance of Flash Player on the remote Windows host is 9.0.124.0 or earlier. Such versions are potentially affected by several vulnerabilities :

• A potential port-scanning issue. (CVE-2007-4324)
• Possible privilege escalation attacks against web servers hosting Flash content and cross-domain policy files. (CVE-2007-6243)
• Potential Clipboard attacks. (CVE-2008-3873)
• FileReference upload and download APIs that don’t require user interaction. (CVE-2008-4401)
• A ‘Clickjacking’ issue that could be abused by an attacker to lure a web browser user into unknowingly clicking on a link or dialog. (CVE-2008-4503)
• A potential cross-site scripting vulnerability. (CVE-2008-4818)
• A potential issue that could be leveraged to conduct a DNS rebinding attack. (CVE-2008-4819)
• An information disclosure issue affecting only the ActiveX control. (CVE-2008-4820)
• An information disclosure issue involving interpretation of the 'jar: ’ protocol and affecting only the plugin for Mozilla browsers. (CVE-2008-4821)
• An issue with policy file interpretation could potentially lead to bypass of a non-root domain policy. (CVE-2008-4822)
• A potential HTML injection issue involving an ActionScript attribute. (CVE-2008-4823)