Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2008 Greenbone Networks GmbHOPENVAS:800027
HistoryOct 16, 2008 - 12:00 a.m.

Adobe Flash Player Multiple Security Bypass Vulnerabilities (Windows)

2008-10-1600:00:00
Copyright (C) 2008 Greenbone Networks GmbH
plugins.openvas.org
11

0.033 Low

EPSS

Percentile

90.3%

JSON

This host has Adobe Flash Player installed and is prone to
multiple security bypass vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_adobe_flash_player_sec_bypass_vuln_win.nasl 8178 2017-12-19 13:42:38Z cfischer $
#
# Adobe Flash Player Multiple Security Bypass Vulnerabilities (Windows)
#
# Authors:
# Chandan S <[email protected]>
#
# Copyright:
# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:adobe:flash_player";

tag_impact = "Successful attack could allow malicious people to bypass certain
  security restrictions or manipulate certain data.
  Impact Level: Application";
tag_affected = "Adobe Flash Player 9.x - 9.0.124.0 on Windows.";
tag_insight = "The flaws are due to,

  - a design error in the application allows access to the system's
    camera and microphone by tricking the user into clicking Flash Player
    access control dialogs disguised as normal graphical elements.

  - FileReference.browse() and FileReference.download() methods can be
    called without user interaction and can potentially be used
    to trick a user into downloading or uploading files.";
tag_solution = "Upgrade to Adobe Flash Player 10.0.12.36,
  http://www.adobe.com/downloads/";
tag_summary = "This host has Adobe Flash Player installed and is prone to
  multiple security bypass vulnerabilities.";

if(description)
{
  script_id(800027);
  script_version("$Revision: 8178 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-19 14:42:38 +0100 (Tue, 19 Dec 2017) $");
  script_tag(name:"creation_date", value:"2008-10-16 18:25:33 +0200 (Thu, 16 Oct 2008)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2007-6243", "CVE-2008-3873", "CVE-2007-4324",
                "CVE-2008-4401", "CVE-2008-4503");
  script_bugtraq_id(31117);
  script_name("Adobe Flash Player Multiple Security Bypass Vulnerabilities (Windows)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/32163/");
  script_xref(name : "URL" , value : "http://www.adobe.com/support/security/bulletins/apsb08-18.html");
  script_xref(name : "URL" , value : "http://www.adobe.com/support/security/advisories/apsa08-08.html");
  script_xref(name : "URL" , value : "http://blogs.adobe.com/psirt/2008/10/clickjacking_security_advisory.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_adobe_flash_player_detect_win.nasl");
  script_mandatory_keys("AdobeFlashPlayer/Win/Installed");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );
vers = infos['version'];
path = infos['location'];

# Grep for versions 9.0.124.0 and prior
if( version_in_range( version:vers, test_version:"9.0", test_version2:"9.0.124.0" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"10.0.12.36", install_path:path );
  security_message( port:0, data:report );
  exit( 0 );
}

exit( 99 );

Related

nessus 22
openvas 20
freebsd 2
redhat 4
cve 6
ubuntucve 6
cert 1
jvn 1
prion 6
seebug 5
securityvulns 5
suse 2
gentoo 3
nessus
nessus
FreeBSD : linux-flashplugin -- multiple vulnerabilities (78f456fd-9c87-11dd-a55e-00163e000016)
2008-10-20 00:00:00
openSUSE 10 Security Update : flash-player (flash-player-5747)
2008-11-12 00:00:00
SuSE 10 Security Update : flash-player (ZYPP Patch Number 5757)
2008-11-12 00:00:00
openvas
openvas
FreeBSD Ports: linux-flashplugin
2008-11-01 00:00:00
Adobe Flash Player Multiple Security Bypass Vulnerabilities (Linux)
2008-10-16 00:00:00
Adobe Flash Player Multiple Security Bypass Vulnerabilities - Windows
2008-10-16 00:00:00
freebsd
freebsd
linux-flashplugin -- multiple vulnerabilities
2008-10-15 00:00:00
linux-flashplugin -- multiple vulnerabilities
2007-12-18 00:00:00
redhat
redhat
(RHSA-2008:0945) Critical: flash-plugin security update
2008-10-28 00:00:00
(RHSA-2008:0980) Critical: flash-plugin security update
2008-11-12 00:00:00
(RHSA-2007:1126) Critical: flash-plugin security update
2007-12-18 00:00:00
cve
cve
CVE-2008-4503
2008-10-09 18:00:00
CVE-2007-6243
2007-12-20 01:46:00
CVE-2008-4401
2008-10-17 19:31:00
ubuntucve
ubuntucve
CVE-2008-4503
2008-10-09 00:00:00
CVE-2007-6243
2007-12-20 00:00:00
CVE-2008-4401
2008-10-17 00:00:00
cert
cert
Adobe Flash Player may load arbitrary, malformed cross-domain policy files
2008-03-25 00:00:00
jvn
jvn
JVN#45675516 Flash Player vulnerable in handling cross-domain policy files
2007-12-20 00:00:00
prion
prion
Cross site scripting
2007-12-20 01:46:00
Design/Logic Flaw
2008-10-17 19:31:00
Design/Logic Flaw
2008-10-09 18:00:00
seebug
seebug
Adobe Flash Player FileReference API任意文件上传/下载漏洞
2008-10-31 00:00:00
Adobe Flash Player ActionScript SecurityErrorEvent绕过安全限制漏洞
2007-12-22 00:00:00
Adobe Flash Player剪贴板安全漏洞
2008-09-14 00:00:00
securityvulns
securityvulns
[EXPL] Socket Connection Timing Can Reveal Information About Network Configuration &#40;Exploit&#41;
2007-12-24 00:00:00
US-CERT Technical Cyber Security Alert TA07-355A -- Adobe Updates for Multiple Vulnerabilities
2007-12-21 00:00:00
[EXPL] Socket Connection Timing Can Reveal Information About Network Configuration &#40;Exploit&#41;
2007-12-24 00:00:00
suse
suse
remote code execution in flash-player
2007-12-21 16:24:32
remote code execution in flash-player
2008-04-11 13:28:58
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2008-01-20 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2009-03-10 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2008-04-18 00:00:00

0.033 Low

EPSS

Percentile

90.3%

JSON
Related for OPENVAS:800027
nessus22openvas20freebsd2redhat4cve6ubuntucve6cert1jvn1prion6seebug5securityvulns5suse2gentoo3