{"id": "SECURITYVULNS:DOC:18697", "bulletinFamily": "software", "title": "[Full-disclosure] CVE-2007-6244: Adobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability", "description": "CVE-2007-6244\r\nAdobe Flash Player ActiveX Control Universal Cross-Site Scripting Vulnerability\r\n19 December 2007\r\n\r\n== Summary ==\r\n\r\nAffected Vendor: Adobe\r\nAffected Products: Flash Player ActiveX Control for Internet Explorer\r\nAffected Versions: Adobe Flash Player 9.0.48.0 and earlier, 8.0.35.0\r\nand earlier, and 7.0.70.0 and earlier.\r\nVendor Response: http://www.adobe.com/support/security/bulletins/apsb07-20.html\r\nDiscovered by: Adam Barth and Collin Jackson, Stanford University\r\n\r\n== Disclosure Timeline ==\r\n\r\n30 September 2007 - Vulnerability reported to vendor\r\n19 December 2007 - Coordinated public release of advisory\r\n\r\n== Vulnerability Details ==\r\n\r\nThis vulnerability allows remote attackers to run arbitrary JavaScript\r\ncode in the security context of other domains, resulting in\r\ninformation disclosure and session hijacking. User interaction is\r\nrequired to exploit this vulnerability in that the target must visit a\r\nmalicious page or open a malicious file.\r\n\r\nThe specific flaw exists in the Flash Player ActiveX Control's\r\nhandling of the navigateToURL API, which takes two arguments, a URL\r\nand the name of the frame to be navigated. The SWF movie can pass in a\r\njavascript: URI and the name of a frame on some other domain. The code\r\nin the URI executes in the security context of the named frame, rather\r\nthan the security context of the SWF movie or the page that embeds it.\r\n\r\n== Demonstration ==\r\n\r\nProof of concept code is available at\r\n<http://crypto.stanford.edu/advisories/CVE-2007-6244/>.\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "published": "2007-12-20T00:00:00", "modified": "2007-12-20T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18697", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2007-6244"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:24", "edition": 1, "viewCount": 23, "enchantments": {"score": {"value": 8.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "cert", "idList": ["VU:758769"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2008-393"]}, {"type": "cve", "idList": ["CVE-2007-6244", "CVE-2007-6637"]}, {"type": "freebsd", "idList": ["562CF6C4-B9F1-11DC-A302-000102CC8983"]}, {"type": "gentoo", "idList": ["GLSA-200801-07"]}, {"type": "nessus", "idList": ["4322.PRM", "FLASH_PLAYER_APSB07-20.NASL", "FREEBSD_PKG_562CF6C4B9F111DCA302000102CC8983.NASL", "GENTOO_GLSA-200801-07.NASL", "REDHAT-RHSA-2007-1126.NASL", "SUSE_FLASH-PLAYER-4855.NASL", "SUSE_FLASH-PLAYER-4856.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231090018", "OPENVAS:136141256231090019", "OPENVAS:60088", "OPENVAS:60219", "OPENVAS:850071", "OPENVAS:90018"]}, {"type": "redhat", "idList": ["RHSA-2007:1126"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8479"]}, {"type": "seebug", "idList": ["SSV:2652"]}, {"type": "suse", "idList": ["SUSE-SA:2007:069"]}]}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2007-6244"]}, {"type": "freebsd", "idList": ["562CF6C4-B9F1-11DC-A302-000102CC8983"]}, {"type": "gentoo", "idList": ["GLSA-200801-07"]}, {"type": "nessus", "idList": ["SUSE_FLASH-PLAYER-4855.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:60219"]}, {"type": "redhat", "idList": ["RHSA-2007:1126"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8479"]}, {"type": "seebug", "idList": ["SSV:2652"]}]}, "exploitation": null, "vulnersScore": 8.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"seebug": [{"lastseen": "2017-11-19T21:53:16", "description": "Adobe Flash Player\u662f\u4e00\u6b3e\u6d41\u884c\u7684FLASH\u64ad\u653e\u7a0b\u5e8f\u3002\r\nAdobe Flash Player\u5305\u542b\u7684ActiveX\u63a7\u4ef6\u5904\u7406navigateToURL API\u5b58\u5728\u7f3a\u9677\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u53ef\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u6216\u8fdb\u884c\u5176\u4ed6\u653b\u51fb\u3002\r\nnavigateToURL API\u51fd\u6570\u63a5\u6536\u4e24\u4e2a\u53c2\u6570\uff0cURL\u548c\u8981\u6d4f\u89c8\u7684\u5e27\u540d\uff0cSWF\u52a8\u753b\u53ef\u5728javascript: URI\u4e2d\u4f20\u9012\u800c\u5e27\u540d\u53ef\u662f\u5176\u4ed6\u57df\u7684\u5e27\u540d\uff0c\u8fd9\u53ef\u5bfc\u81f4URI\u6267\u884c\u5728\u5176\u4ed6\u5e27\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\u6765\u89e6\u53d1\u3002\r\n\n\nRedHat Enterprise Linux Supplementary v.5 server\r\nRedHat Enterprise Linux Extras v.4\r\nRedHat Enterprise Linux Extras v.3\r\nRedHat Enterprise Linux Extras 4.5.z\r\nRedHat Enterprise Linux Desktop Supplementary v.5 client\r\nRedHat Advanced Workstation for the Itanium Processor 2.1 \r\nAdobe Flash Player 9.0.48.0\r\nAdobe Flash Player 9.0.47.0\r\nAdobe Flash Player 9.0.45.0\r\nAdobe Flash Player 9.0.31.0\r\nAdobe Flash Player 9.0.28.0\r\nAdobe Flash Player 8.0.34.0\r\nAdobe Flash Player 7.0.69.0\n \u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nAdobe Flash Player 9.0.31.0\r\nAdobe install_flash_player_9_linux.tar.gz\r\n<a href=http://fpdownload.macromedia.com/get/flashplayer/current/install_flash target=_blank>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz\r\nAdobe Flash Player 8.0.34.0\r\nAdobe install_flash_player_9_linux.tar.gz\r\n<a href=http://fpdownload.macromedia.com/get/flashplayer/current/install_flash target=_blank>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz\r\nAdobe Flash Player 9.0.45.0\r\nAdobe install_flash_player_9_linux.tar.gz\r\n<a href=http://fpdownload.macromedia.com/get/flashplayer/current/install_flash target=_blank>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz\r\nAdobe Flash Player 7.0.69.0\r\nAdobe install_flash_player_9_linux.tar.gz\r\n<a href=http://fpdownload.macromedia.com/get/flashplayer/current/install_flash target=_blank>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz\r\nAdobe Flash Player 9.0.28.0\r\nAdobe install_flash_player_9_linux.tar.gz\r\n<a href=http://fpdownload.macromedia.com/get/flashplayer/current/install_flash target=_blank>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz\r\nAdobe Flash Player 9.0.48.0\r\nAdobe install_flash_player_9_linux.tar.gz\r\n<a href=http://fpdownload.macromedia.com/get/flashplayer/current/install_flash target=_blank>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz\r\nAdobe Flash Player 9.0.47.0\r\nAdobe install_flash_player_9_linux.tar.gz\r\n<a href=http://fpdownload.macromedia.com/get/flashplayer/current/install_flash target=_blank>http://fpdownload.macromedia.com/get/flashplayer/current/install_flash</a> _player_9_linux.tar.gz", "cvss3": {}, "published": "2007-12-21T00:00:00", "type": "seebug", "title": "Adobe Flash Player ActiveX\u63a7\u4ef6\u901a\u7528\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-6244"], "modified": "2007-12-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2652", "id": "SSV:2652", "sourceData": "\n \u53ef\u53c2\u8003\u5982\u4e0b\u6d4b\u8bd5\u7a0b\u5e8f\uff1a\r\nhttp://crypto.stanford.edu/advisories/CVE-2007-6244/uxssdemo.as\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-2652", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2022-03-23T13:31:24", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.", "cvss3": {}, "published": "2007-12-20T01:46:00", "type": "cve", "title": "CVE-2007-6244", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6244"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:adobe:flash_player:9.0", "cpe:/a:adobe:flash_player:8.0"], "id": "CVE-2007-6244", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6244", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:39:43", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to \"pre-generated SWF files\" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.", "cvss3": {}, "published": "2008-01-04T00:46:00", "type": "cve", "title": "CVE-2007-6637", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6244", "CVE-2007-6637"], "modified": "2017-09-29T01:30:00", "cpe": ["cpe:/a:adobe:flash_player:7.0.69.0", "cpe:/a:adobe:flash_player:9.0.115.0", "cpe:/a:adobe:flash_player:7.0.63", "cpe:/a:adobe:flash_player:9.0.20.0", "cpe:/a:adobe:flash_player:9.0.31", "cpe:/a:adobe:flash_player:8.0.34.0", "cpe:/a:adobe:flash_player:7.0.70.0", "cpe:/a:adobe:flash_player:7.0.25", "cpe:/a:adobe:flash_player:9.0.28", "cpe:/a:adobe:flash_player:9.0.16", "cpe:/a:adobe:flash_player:9.0.45.0", "cpe:/a:adobe:flash_player:8.0.35.0", "cpe:/a:adobe:flash_player:9.0.31.0", "cpe:/a:adobe:flash_player:9.0.28.0", "cpe:/a:adobe:flash_player:9.0.47.0", "cpe:/a:adobe:flash_player:9.0.48.0", "cpe:/a:adobe:flash_player:9.0.18d60", "cpe:/a:adobe:flash_player:8.0"], "id": "CVE-2007-6637", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6637", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:51:16", "description": "Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.", "cvss3": {}, "published": "2009-02-05T01:30:00", "type": "cve", "title": "CVE-2008-6062", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6242", "CVE-2007-6244", "CVE-2007-6637", "CVE-2008-6062"], "modified": "2018-10-11T20:56:00", "cpe": ["cpe:/a:adobe:dreamweaver:*"], "id": "CVE-2008-6062", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6062", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*"]}], "cert": [{"lastseen": "2021-09-28T17:51:27", "description": "### Overview\n\nThe Adobe Flash player asfunction protocol could allow an attacker to conduct cross-site scripting attacks on websites that host vulnerable Flash files.\n\n### Description\n\nThe [Adobe Flash Player](<http://www.adobe.com/products/flashplayer/>) is a player for the Flash media format and enables frame-based animations and multimedia to be viewed within a web browser. [ActionScript](<http://www.adobe.com/devnet/actionscript/>) is a scripting language that is used to develop software and multimedia files that are processed by the Adobe Flash Player. The [`asfunction`](<http://www.adobe.com/support/flash/action_scripts/actionscript_dictionary/actionscript_dictionary073.html>) protocol enables HTTP hyperlinks in Flash files to launch a ActionScript functions.\n\nPer Adobe Security Bulletin [APSB07-20](<http://www.adobe.com/support/security/bulletins/apsb07-20.html>): \n_This update restricts the unsupported asfunction: protocol to address potential cross-site scripting issues with some SWF files. This issue is specific to Flash Player 8 and Flash Player 9 and does not affect Flash Player 7._ \n \nNote that vulnerable versions of the Flash Player may be distributed with various operating systems. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker may be able to launch cross-site scripting attacks against sites that host vulnerable Flash files. \n \n--- \n \n### Solution\n\n**Update Flash Player** \nAdobe has released an update to address this issue. Adobe Security Bulletin [APSB07-20](<http://www.adobe.com/support/security/bulletins/apsb07-20.html>) contains more information about obtaining fixed software. Adobe Dreamweaver users may need to manually update their Flash player to obtain updates. See the Protocol Solutions Network Security Blog [Adobe/Macromedia/Dreamweaver vulnerability](<http://www.protocolsolutions.co.uk/wordpress/?cat=4>) posting for more information. \n \n--- \n \n \n**Limit access to Flash files** \n \nLimiting access to untrusted Flash files can prevent cross-site scripting attacks that use Flash files. Disable ActiveX controls in the Internet Zone in Microsoft Internet Explorer. See [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/>) for more information. Consider using the [NoScript](<http://noscript.net/>) extension to whitelist web sites that can run Flash in Mozilla browsers such as Firefox. See the NoScript [FAQ](<http://noscript.net/features#contentblocking>) for more information. \n \n--- \n \n### Vendor Information\n\n758769\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Adobe __ Affected\n\nUpdated: December 19, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.adobe.com/support/security/bulletins/apsb07-20.html> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23758769 Feedback>).\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://www.adobe.com/support/security/bulletins/apsb07-20.html>\n * <http://www.adobe.com/support/flash/action_scripts/actionscript_dictionary/actionscript_dictionary073.html>\n * <http://www.adobe.com/products/flashplayer/>\n * <http://www.adobe.com/devnet/actionscript/>\n * <http://noscript.net/>\n * <http://noscript.net/features#contentblocking>\n * <http://www.adobe.com/licensing/developer/fileformat/faq/>\n * <http://www.us-cert.gov/reading_room/securing_browser/>\n * <http://www.protocolsolutions.co.uk/wordpress/?cat=4>\n\n### Acknowledgements\n\nAdobe credits Rich Cannings of the Google Security Team for reporting this issue.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-6244](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-6244>) \n---|--- \n**Severity Metric:** | 14.58 \n**Date Public:** | 2007-12-19 \n**Date First Published:** | 2007-12-19 \n**Date Last Updated: ** | 2008-01-15 13:52 UTC \n**Document Revision: ** | 24 \n", "cvss3": {}, "published": "2007-12-19T00:00:00", "type": "cert", "title": "Adobe Flash Player asfunction protocol may enable cross-site scripting", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6244"], "modified": "2008-01-15T13:52:00", "id": "VU:758769", "href": "https://www.kb.cert.org/vuls/id/758769", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:33:56", "description": "Adobe Flash Player is a multimedia and application player. Flash Player runs the Shockware Flash (SWF) files, which contains multimedia content including vector and raster graphics, video, audio, and scripts. Flash Player is made available as a plug-in for a wide range of web browser applications. There exists a cross-site scripting vulnerability in the way Adobe Flash Player processes SWF files. The vulnerability is due to lack of input validation while parsing the parameter of navigateToURL function. A remote attacker can exploit this vulnerability by enticing the target user to open malicious web page embedding SWF files, potentially executing arbitrary HTML code within the context of a trusted web site. An attack targeting this vulnerability can result in the injection and execution of script code, within the context of a trusted web site. If code execution is successful, the behavior of the target will depend on the intention of the attacker.", "cvss3": {}, "published": "2010-07-19T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Flash Player ActiveX Control navigateToURL Cross-Site Scripting (CVE-2007-6244)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6244"], "modified": "2016-12-25T00:00:00", "id": "CPAI-2008-393", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2021-06-08T18:56:57", "description": "Heap buffer overflow on JPEG processing, universal crossite scripting, information leak.", "edition": 2, "cvss3": {}, "published": "2008-01-03T00:00:00", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-6242", "CVE-2007-6244"], "modified": "2008-01-03T00:00:00", "id": "SECURITYVULNS:VULN:8479", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8479", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:51:41", "description": "A flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted flash content.\n#### Solution\nThere is no known workaround, please install the update packages.", "cvss3": {}, "published": "2007-12-21T16:24:32", "type": "suse", "title": "remote code execution in flash-player", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "modified": "2007-12-21T16:24:32", "id": "SUSE-SA:2007:069", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00007.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:15", "description": "The remote host is missing updates announced in\nadvisory GLSA 200801-07.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200801-07 (netscape-flash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60219", "href": "http://plugins.openvas.org/nasl.php?oid=60219", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been identified, the worst of which allow\narbitrary code execution on a user's system via a malicious Flash file.\";\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-www/netscape-flash-9.0.115.0'\n\nPlease be advised that unaffected packages of the Adobe Flash Player have\nknown problems when used from within the Konqueror and Opera browsers.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200801-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=193519\nhttp://www.gentoo.org/security/en/glsa/glsa-200711-30.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200801-07.\";\n\n \n\nif(description)\n{\n script_id(60219);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200801-07 (netscape-flash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-www/netscape-flash\", unaffected: make_list(\"ge 9.0.115.0\"), vulnerable: make_list(\"lt 9.0.115.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:20:30", "description": "Check for the Version of flash-player", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2007:069", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "modified": "2017-12-08T00:00:00", "id": "OPENVAS:850071", "href": "http://plugins.openvas.org/nasl.php?oid=850071", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_069.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for flash-player SUSE-SA:2007:069\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1\";\ntag_insight = \"A flash player update to version 9.0.115.0 fixes several security\n problems. In the worst case an attacker could potentially have flash-player\n execute arbitrary code via specially crafted flash content.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850071);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2007-069\");\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_name( \"SuSE Update for flash-player SUSE-SA:2007:069\");\n\n script_summary(\"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.1\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.1\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.48.0~4.4\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.2\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.48.0~4.4\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.2\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~9.0.115.0~0.2\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-08T11:44:41", "description": "The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655", "cvss3": {}, "published": "2008-09-03T00:00:00", "type": "openvas", "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "modified": "2017-12-07T00:00:00", "id": "OPENVAS:90018", "href": "http://plugins.openvas.org/nasl.php?oid=90018", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: flash_player_CB-A08-0059.nasl 8024 2017-12-07 08:47:24Z teissa $\n# Description: Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_impact = \"CVE 2007-5275\n The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause\n a victim machine to establish TCP sessions with arbitrary hosts via a\n Flash (SWF) movie, related to lack of pinning of a hostname to a single\n IP address after receiving an allow-access-from element in a\n cross-domain-policy XML document, and the availability of a Flash Socket\n class that does not use the browser's DNS pins, aka DNS rebinding attacks,\n a different issue than CVE-2002-1467 and CVE-2007-4324.\n CVE 2007-6019\n Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier,\n allows remote attackers to execute arbitrary code via an SWF file with\n a modified DeclareFunction2 Actionscript tag, which prevents an object\n from being instantiated properly.\n CVE 2007-6243\n Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x\n up to 7.0.70.0 does not sufficiently restrict the interpretation and\n usage of cross-domain policy files, which makes it easier for remote\n attackers to conduct cross-domain and cross-site scripting (XSS) attacks.\n CVE 2007-6637\n Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash\n Player allow remote attackers to inject arbitrary web script or HTML\n via a crafted SWF file, related to 'pre-generated SWF files' and Adobe\n Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector\n is already covered by CVE-2007-6244.1.\n CVE 2008-1654\n Interaction error between Adobe Flash and multiple Universal Plug and Play\n (UPnP) services allow remote attackers to perform Cross-Site Request\n Forgery (CSRF) style attacks by using the Flash navigateToURL function\n to send a SOAP message to a UPnP control point, as demonstrated by changing\n the primary DNS server.\n CVE 2008-1655\n Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier,\n and 8.0.39.0 and earlier, makes it easier for remote attackers to\n conduct DNS rebinding attacks via unknown vectors.\";\n\ntag_summary = \"The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655\";\n\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest version:\";\n\n# $Revision: 8024 $\n\nif(description)\n{\n script_id(90018);\n script_version(\"$Revision: 8024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:47:24 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-03 22:30:27 +0200 (Wed, 03 Sep 2008)\");\n script_cve_id(\"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\",\n \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(28697, 28696, 27034, 26966, 28694, 26930);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n name = \"Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)\";\n script_name(name);\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n family = \"General\";\n script_family(family);\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_require_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(!flashVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:flashVer, test_version:\"9,0,115,0\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-29T22:26:43", "description": "The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655", "cvss3": {}, "published": "2008-09-03T00:00:00", "type": "openvas", "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "modified": "2020-04-27T00:00:00", "id": "OPENVAS:136141256231090018", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090018", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n# $Revision: 11555 $\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90018\");\n script_version(\"2020-04-27T11:01:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 11:01:03 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-09-03 22:30:27 +0200 (Wed, 03 Sep 2008)\");\n script_cve_id(\"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\",\n \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(28697, 28696, 27034, 26966, 28694, 26930);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player 9.0.115.0 and earlier vulnerability (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n script_tag(name:\"solution\", value:\"All Adobe Flash Player users should upgrade to the latest version:\");\n script_tag(name:\"summary\", value:\"The remote host is probably affected by the vulnerabilities\n described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,\n CVE-2008-1654, CVE-2008-1655\");\n script_tag(name:\"impact\", value:\"CVE 2007-5275\n The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause\n a victim machine to establish TCP sessions with arbitrary hosts via a\n Flash (SWF) movie, related to lack of pinning of a hostname to a single\n IP address after receiving an allow-access-from element in a\n cross-domain-policy XML document, and the availability of a Flash Socket\n class that does not use the browser's DNS pins, aka DNS rebinding attacks,\n a different issue than CVE-2002-1467 and CVE-2007-4324.\n CVE 2007-6019\n Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier,\n allows remote attackers to execute arbitrary code via an SWF file with\n a modified DeclareFunction2 Actionscript tag, which prevents an object\n from being instantiated properly.\n CVE 2007-6243\n Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x\n up to 7.0.70.0 does not sufficiently restrict the interpretation and\n usage of cross-domain policy files, which makes it easier for remote\n attackers to conduct cross-domain and cross-site scripting (XSS) attacks.\n CVE 2007-6637\n Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash\n Player allow remote attackers to inject arbitrary web script or HTML\n via a crafted SWF file, related to 'pre-generated SWF files' and Adobe\n Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector\n is already covered by CVE-2007-6244.1.\n CVE 2008-1654\n Interaction error between Adobe Flash and multiple Universal Plug and Play\n (UPnP) services allow remote attackers to perform Cross-Site Request\n Forgery (CSRF) style attacks by using the Flash navigateToURL function\n to send a SOAP message to a UPnP control point, as demonstrated by changing\n the primary DNS server.\n CVE 2008-1655\n Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier,\n and 8.0.39.0 and earlier, makes it easier for remote attackers to\n conduct DNS rebinding attacks via unknown vectors.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nflashVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(!flashVer){\n exit(0);\n}\n\nif(version_is_less_equal(version:flashVer, test_version:\"9.0.115.0\")){\n report = report_fixed_ver(installed_version:flashVer, vulnerable_range:\"Less than or equal to 9.0.115.0\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:20", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: linux-flashplugin", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4768", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-5476", "CVE-2007-6246", "CVE-2007-6245", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-5275"], "modified": "2016-09-22T00:00:00", "id": "OPENVAS:60088", "href": "http://plugins.openvas.org/nasl.php?oid=60088", "sourceData": "#\n#VID 562cf6c4-b9f1-11dc-a302-000102cc8983\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: linux-flashplugin\n\nFor details, please visit the referenced security advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb07-20.html\nhttp://secunia.com/advisories/28161/\nhttp://www.vuxml.org/freebsd/562cf6c4-b9f1-11dc-a302-000102cc8983.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60088);\n script_version(\"$Revision: 4128 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-22 07:37:51 +0200 (Thu, 22 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-6242\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-4324\", \"CVE-2007-6246\", \"CVE-2007-5476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: linux-flashplugin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0r115\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"7.0r73\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:28", "description": "The remote host is probably affected by\n the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,\n CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.", "cvss3": {}, "published": "2008-09-03T00:00:00", "type": "openvas", "title": "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6637", "CVE-2007-6243", "CVE-2007-4324", "CVE-2002-1467", "CVE-2008-1655", "CVE-2007-6019", "CVE-2007-6244", "CVE-2008-1654", "CVE-2007-5275"], "modified": "2018-12-03T00:00:00", "id": "OPENVAS:136141256231090019", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231090019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: smbcl_flash_player_CB-A08-0059.nasl 12623 2018-12-03 13:11:38Z cfischer $\n# Description: Adobe Flash Player 9.0.115.0 and earlier vulnerability (Windows)\n#\n# Authors:\n# Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>\n# Modified to Implement based on 'smb_nt.inc'\n# - By Sharath S <sharaths@secpod.com> On 2009-09-14\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.90019\");\n script_version(\"$Revision: 12623 $\");\n script_cve_id(\"CVE-2007-5275\", \"CVE-2007-6019\", \"CVE-2007-6243\",\n \"CVE-2007-6637\", \"CVE-2008-1654\", \"CVE-2008-1655\");\n script_bugtraq_id(26930, 28694, 26966, 27034, 28696, 28697);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-03 14:11:38 +0100 (Mon, 03 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-03 22:30:27 +0200 (Wed, 03 Sep 2008)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"Adobe Flash Player 9.0.115.0 and earlier vulnerability (Windows)\");\n\n script_tag(name:\"summary\", value:\"The remote host is probably affected by\n the vulnerabilities described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243,\n CVE-2007-6637, CVE-2008-1654, CVE-2008-1655.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"- CVE 2007-5275\n The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a\n victim machine to establish TCP sessions with arbitrary hosts via a Flash\n (SWF) movie, related to lack of pinning of a hostname to a single IP address\n after receiving an allow-access-from element in a cross-domain-policy XML\n document, and the availability of a Flash Socket class that does not use\n the browser's DNS pins, aka DNS rebinding attacks, a different issue than\n CVE-2002-1467 and CVE-2007-4324.\n\n - CVE 2007-6019\n Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows\n remote attackers to execute arbitrary code via an SWF file with a modified\n DeclareFunction2 Actionscript tag, which prevents an object from being\n instantiated properly.\n\n - CVE 2007-6243\n Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to\n 7.0.70.0 does not sufficiently restrict the interpretation and usage of\n cross-domain policy files, which makes it easier for remote attackers to\n conduct cross-domain and cross-site scripting (XSS) attacks.\n\n - CVE 2007-6637\n Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player\n allow remote attackers to inject arbitrary web script or HTML via a crafted\n SWF file, related to 'pre-generated SWF files' and Adobe Dreamweaver CS3 or\n Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by\n CVE-2007-6244.1.\n\n - CVE 2008-1654\n Interaction error between Adobe Flash and multiple Universal Plug and Play\n (UPnP) services allow remote attackers to perform Cross-Site Request Forgery\n (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP\n message to a UPnP control point, as demonstrated by changing the primary DNS\n server.\n\n - CVE 2008-1655\n Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and\n 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS\n rebinding attacks via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version 9.0.115.0\n and earlier on Windows.\");\n\n script_tag(name:\"solution\", value:\"All Adobe Flash Player users should\n upgrade to the latest version.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less_equal(version:playerVer, test_version:\"9.0.115.0\")){\n report = 'Installed version: ' + playerVer;\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:47:03", "description": "The flash-plugin package contains a Firefox-compatible Adobe Flash Player\r\nWeb browser plug-in.\r\n\r\nSeveral input validation flaws were found in the way Flash Player displays\r\ncertain content. It may be possible to execute arbitrary code on a victim's\r\nmachine, if the victim opens a malicious Adobe Flash file. \r\n(CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)\r\n\r\nA flaw was found in the way Flash Player handled the asfunction: protocol.\r\nMalformed SWF files could perform a cross-site scripting attack.\r\n(CVE-2007-6244)\r\n\r\nA flaw was found in the way Flash Player modified HTTP request headers.\r\nMalicious content could allow Flash Player to conduct a HTTP response\r\nsplitting attack. (CVE-2007-6245)\r\n\r\nA flaw was found in the way Flash Player processes certain SWF content. A\r\nmalicious SWF file could allow a remote attacker to conduct a port scanning\r\nattack from the client's machine. (CVE-2007-4324)\r\n\r\nA flaw was found in the way Flash Player establishes TCP sessions. A remote\r\nattacker could use Flash Player to conduct a DNS rebinding attack.\r\n(CVE-2007-5275) \r\n\r\nUsers of Adobe Flash Player are advised to upgrade to this updated package,\r\nwhich contains version 9.0.115.0 and resolves these issues.", "cvss3": {}, "published": "2007-12-18T00:00:00", "type": "redhat", "title": "(RHSA-2007:1126) Critical: flash-plugin security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2017-09-08T08:08:51", "id": "RHSA-2007:1126", "href": "https://access.redhat.com/errata/RHSA-2007:1126", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T13:11:51", "description": "This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324, CVE-2007-4768, CVE-2007-5275, CVE-2007-6242, CVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and Mozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.", "cvss3": {"score": null, "vector": null}, "published": "2007-12-24T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : flash-player (flash-player-4855)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:10.1", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_FLASH-PLAYER-4855.NASL", "href": "https://www.tenable.com/plugins/nessus/29784", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-4855.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29784);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n\n script_name(english:\"openSUSE 10 Security Update : flash-player (flash-player-4855)\");\n script_summary(english:\"Check for the flash-player-4855 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash player update to version 9.0.115.0 fixes several security\nproblems. In the worst case an attacker could potentially have\nflash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324, CVE-2007-4768, CVE-2007-5275, CVE-2007-6242,\nCVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and\nMozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"flash-player-9.0.115.0-0.2\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"flash-player-9.0.115.0-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"flash-player-9.0.115.0-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-12T15:50:21", "description": "According to its version number, the instance of Flash Player on the remote Windows host is affected by multiple issues, including several which could allow for arbitrary code execution by means of a malicious SWF file.", "cvss3": {"score": null, "vector": null}, "published": "2007-12-19T00:00:00", "type": "nessus", "title": "Flash Player < 7.0.73.0 / 9.0.115.0 Multiple Vulnerabilities (APSB07-20)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB07-20.NASL", "href": "https://www.tenable.com/plugins/nessus/29741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29741);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2007-4324\",\n \"CVE-2007-4768\",\n \"CVE-2007-5275\",\n \"CVE-2007-6242\",\n \"CVE-2007-6243\",\n \"CVE-2007-6244\",\n \"CVE-2007-6245\",\n \"CVE-2007-6246\"\n );\n script_bugtraq_id(\n 25260,\n 26346,\n 26930,\n 26949,\n 26951,\n 26960,\n 26965,\n 26966,\n 26969\n );\n\n script_name(english:\"Flash Player < 7.0.73.0 / 9.0.115.0 Multiple Vulnerabilities (APSB07-20)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a browser plugin that is affected by\nmultiple issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the instance of Flash Player on the\nremote Windows host is affected by multiple issues, including several\nwhich could allow for arbitrary code execution by means of a malicious\nSWF file.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb07-20.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Flash Player version 9.0.115.0 / 7.0.73.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\n#\n\nif (!get_kb_item(\"SMB/Flash_Player/installed\")) exit(0);\n\n\n# Identify vulnerable versions.\ninfo = \"\";\n\nforeach variant (make_list(\"Plugin\", \"ActiveX\"))\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n if (!isnull(vers) && !isnull(files))\n {\n foreach key (keys(vers))\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n\n ver = vers[key];\n if (ver)\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (\n (iver[0] == 7 && iver[1] == 0 && iver[2] < 73) ||\n (iver[0] == 8 && iver[1] == 0 && iver[2] <= 35) ||\n (iver[0] == 9 && iver[1] == 0 && iver[2] < 115)\n )\n {\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += ' - Browser Plugin (for Firefox / Netscape / Opera) :\\n';\n }\n else if (variant == \"ActiveX\")\n {\n info += ' - ActiveX control (for Internet Explorer) :\\n';\n }\n info += ' ' + file + ', ' + ver + '\\n';\n }\n }\n }\n }\n}\n\n\nif (info)\n{\n report = string(\n \"\\n\",\n \"Nessus has identified the following vulnerable instance(s) of Flash\\n\",\n \"Player installed on the remote host :\\n\",\n \"\\n\",\n info\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:48", "description": "This flash player update to version 9.0.115.0 fixes several security problems. In the worst case an attacker could potentially have flash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324 / CVE-2007-4768 / CVE-2007-5275 / CVE-2007-6242 / CVE-2007-6243 / CVE-2007-6244 / CVE-2007-6245 / CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and Mozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.", "cvss3": {"score": null, "vector": null}, "published": "2007-12-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 4856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FLASH-PLAYER-4856.NASL", "href": "https://www.tenable.com/plugins/nessus/29785", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29785);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 4856)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This flash player update to version 9.0.115.0 fixes several security\nproblems. In the worst case an attacker could potentially have\nflash-player execute arbitrary code via specially crafted files.\n(CVE-2007-4324 / CVE-2007-4768 / CVE-2007-5275 / CVE-2007-6242 /\nCVE-2007-6243 / CVE-2007-6244 / CVE-2007-6245 / CVE-2007-6246)\n\nNote: Since Adobe doesn't support browsers other than Firefox and\nMozilla, this update doesn't work with browsers such as Konqueror.\nUpdates for konquerors are already in the works.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4324.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-4768.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-5275.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6242.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6243.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6244.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6245.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6246.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 4856.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"flash-player-9.0.115.0-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:32", "description": "The remote host is affected by the vulnerability described in GLSA-200801-07 (Adobe Flash Player: Multiple vulnerabilities)\n\n Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow (GLSA 200711-30, CVE-2007-4768).\n Aaron Portnoy reported an unspecified vulnerability related to input validation (CVE-2007-6242).\n Jesse Michael and Thomas Biege reported that Flash does not correctly set memory permissions (CVE-2007-6246).\n Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275).\n David Neu reported an error withing the implementation of the Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).\n Toshiharu Sugiyama reported that Flash does not sufficiently restrict the interpretation and usage of cross-domain policy files, allowing for easier cross-site scripting attacks (CVE-2007-6243).\n Rich Cannings reported a cross-site scripting vulnerability in the way the 'asfunction:' protocol was handled (CVE-2007-6244).\n Toshiharu Sugiyama discovered that Flash allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks (CVE-2007-6245).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to establish TCP sessions with arbitrary hosts, bypass the Security Sandbox Model, obtain sensitive information, port scan arbitrary hosts, or conduct cross-site-scripting attacks.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2008-01-21T00:00:00", "type": "nessus", "title": "GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200801-07.NASL", "href": "https://www.tenable.com/plugins/nessus/30031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200801-07.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30031);\n script_version(\"1.28\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_xref(name:\"GLSA\", value:\"200801-07\");\n\n script_name(english:\"GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200801-07\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Flash contains a copy of PCRE which is vulnerable to a heap-based\n buffer overflow (GLSA 200711-30, CVE-2007-4768).\n Aaron Portnoy reported an unspecified vulnerability related to\n input validation (CVE-2007-6242).\n Jesse Michael and Thomas Biege reported that Flash does not\n correctly set memory permissions (CVE-2007-6246).\n Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong\n Shao reported that Flash does not pin DNS hostnames to a single IP\n addresses, allowing for DNS rebinding attacks (CVE-2007-5275).\n David Neu reported an error withing the implementation of the\n Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).\n Toshiharu Sugiyama reported that Flash does not sufficiently\n restrict the interpretation and usage of cross-domain policy files,\n allowing for easier cross-site scripting attacks (CVE-2007-6243).\n Rich Cannings reported a cross-site scripting vulnerability in the\n way the 'asfunction:' protocol was handled (CVE-2007-6244).\n Toshiharu Sugiyama discovered that Flash allows remote attackers to\n modify HTTP headers for client requests and conduct HTTP Request\n Splitting attacks (CVE-2007-6245).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted file\n (usually in a web browser), possibly leading to the execution of\n arbitrary code with the privileges of the user running the Adobe Flash\n Player. The attacker could also cause a user's machine to establish TCP\n sessions with arbitrary hosts, bypass the Security Sandbox Model,\n obtain sensitive information, port scan arbitrary hosts, or conduct\n cross-site-scripting attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-30\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200801-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-9.0.115.0'\n Please be advised that unaffected packages of the Adobe Flash Player\n have known problems when used from within the Konqueror and Opera\n browsers.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 9.0.115.0\"), vulnerable:make_list(\"lt 9.0.115.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:07:02", "description": "An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player displays certain content. It may be possible to execute arbitrary code on a victim's machine, if the victim opens a malicious Adobe Flash file. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)\n\nA flaw was found in the way Flash Player handled the asfunction:\nprotocol. Malformed SWF files could perform a cross-site scripting attack. (CVE-2007-6244)\n\nA flaw was found in the way Flash Player modified HTTP request headers. Malicious content could allow Flash Player to conduct a HTTP response splitting attack. (CVE-2007-6245)\n\nA flaw was found in the way Flash Player processes certain SWF content. A malicious SWF file could allow a remote attacker to conduct a port scanning attack from the client's machine. (CVE-2007-4324)\n\nA flaw was found in the way Flash Player establishes TCP sessions. A remote attacker could use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275)\n\nUsers of Adobe Flash Player are advised to upgrade to this updated package, which contains version 9.0.115.0 and resolves these issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-08-24T00:00:00", "type": "nessus", "title": "RHEL 3 / 4 / 5 : flash-plugin (RHSA-2007:1126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.5", "cpe:/o:redhat:enterprise_linux:4.6", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.1"], "id": "REDHAT-RHSA-2007-1126.NASL", "href": "https://www.tenable.com/plugins/nessus/40711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1126. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40711);\n script_version(\"1.39\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_bugtraq_id(25260, 26930, 26949, 26951, 26960, 26965, 26966, 26969);\n script_xref(name:\"RHSA\", value:\"2007:1126\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : flash-plugin (RHSA-2007:1126)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes a security issue is\nnow available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe flash-plugin package contains a Firefox-compatible Adobe Flash\nPlayer Web browser plug-in.\n\nSeveral input validation flaws were found in the way Flash Player\ndisplays certain content. It may be possible to execute arbitrary code\non a victim's machine, if the victim opens a malicious Adobe Flash\nfile. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246)\n\nA flaw was found in the way Flash Player handled the asfunction:\nprotocol. Malformed SWF files could perform a cross-site scripting\nattack. (CVE-2007-6244)\n\nA flaw was found in the way Flash Player modified HTTP request\nheaders. Malicious content could allow Flash Player to conduct a HTTP\nresponse splitting attack. (CVE-2007-6245)\n\nA flaw was found in the way Flash Player processes certain SWF\ncontent. A malicious SWF file could allow a remote attacker to conduct\na port scanning attack from the client's machine. (CVE-2007-4324)\n\nA flaw was found in the way Flash Player establishes TCP sessions. A\nremote attacker could use Flash Player to conduct a DNS rebinding\nattack. (CVE-2007-5275)\n\nUsers of Adobe Flash Player are advised to upgrade to this updated\npackage, which contains version 9.0.115.0 and resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-5275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-6246\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb07-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb07-20.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1126\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1126\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"flash-plugin-9.0.115.0-1.el3.with.oss\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"flash-plugin-9.0.115.0-1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-9.0.115.0-1.el5\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:49", "description": "Adobe Security bulletin :\n\nCritical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.", "cvss3": {"score": null, "vector": null}, "published": "2008-01-04T00:00:00", "type": "nessus", "title": "FreeBSD : linux-flashplugin -- multiple vulnerabilities (562cf6c4-b9f1-11dc-a302-000102cc8983)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-5476", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-flashplugin", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_562CF6C4B9F111DCA302000102CC8983.NASL", "href": "https://www.tenable.com/plugins/nessus/29849", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29849);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-4324\", \"CVE-2007-4768\", \"CVE-2007-5275\", \"CVE-2007-5476\", \"CVE-2007-6242\", \"CVE-2007-6243\", \"CVE-2007-6244\", \"CVE-2007-6245\", \"CVE-2007-6246\");\n script_xref(name:\"Secunia\", value:\"28161\");\n\n script_name(english:\"FreeBSD : linux-flashplugin -- multiple vulnerabilities (562cf6c4-b9f1-11dc-a302-000102cc8983)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe Security bulletin :\n\nCritical vulnerabilities have been identified in Adobe Flash Player\nthat could allow an attacker who successfully exploits these potential\nvulnerabilities to take control of the affected system. A malicious\nSWF must be loaded in Flash Player by the user for an attacker to\nexploit these potential vulnerabilities. Users are recommended to\nupdate to the most current version of Flash Player available for their\nplatform.\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb07-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb07-20.html\"\n );\n # https://vuxml.freebsd.org/freebsd/562cf6c4-b9f1-11dc-a302-000102cc8983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b6659b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(20, 79, 119, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplugin>=9.0<9.0r115\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-flashplugin>=7.0<7.0r73\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:11:54", "description": " According to its version number, the instance of Flash Player on the remote Windows host is affected by multiple issues, including several that could allow for arbitrary code execution by means of a malicious SWF file.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2007-12-19T00:00:00", "type": "nessus", "title": "Flash Player < 9.0.115.0 / 7.0.73.0 APSB07-20 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-1660", "CVE-2007-1659", "CVE-2007-5275", "CVE-2007-6243", "CVE-2007-4324", "CVE-2007-4768", "CVE-2007-6242", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-4766", "CVE-2007-4767"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*"], "id": "4322.PRM", "href": "https://www.tenable.com/plugins/nnm/4322", "sourceData": "Binary data 4322.prm", "cvss": {"score": 9.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:15:54", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. \n\n### Description\n\n * Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow (GLSA 200711-30, CVE-2007-4768).\n * Aaron Portnoy reported an unspecified vulnerability related to input validation (CVE-2007-6242).\n * Jesse Michael and Thomas Biege reported that Flash does not correctly set memory permissions (CVE-2007-6246).\n * Dan Boneh, Adam Barth, Andrew Bortz, Collin Jackson, and Weidong Shao reported that Flash does not pin DNS hostnames to a single IP addresses, allowing for DNS rebinding attacks (CVE-2007-5275).\n * David Neu reported an error withing the implementation of the Socket and XMLSocket ActionScript 3 classes (CVE-2007-4324).\n * Toshiharu Sugiyama reported that Flash does not sufficiently restrict the interpretation and usage of cross-domain policy files, allowing for easier cross-site scripting attacks (CVE-2007-6243).\n * Rich Cannings reported a cross-site scripting vulnerability in the way the \"asfunction:\" protocol was handled (CVE-2007-6244).\n * Toshiharu Sugiyama discovered that Flash allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks (CVE-2007-6245).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file (usually in a web browser), possibly leading to the execution of arbitrary code with the privileges of the user running the Adobe Flash Player. The attacker could also cause a user's machine to establish TCP sessions with arbitrary hosts, bypass the Security Sandbox Model, obtain sensitive information, port scan arbitrary hosts, or conduct cross-site-scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-9.0.115.0\"\n\nPlease be advised that unaffected packages of the Adobe Flash Player have known problems when used from within the Konqueror and Opera browsers.", "cvss3": {}, "published": "2008-01-20T00:00:00", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2009-05-28T00:00:00", "id": "GLSA-200801-07", "href": "https://security.gentoo.org/glsa/200801-07", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nAdobe Security bulletin:\n\nCritical vulnerabilities have been identified in Adobe Flash\n\t Player that could allow an attacker who successfully exploits these\n\t potential vulnerabilities to take control of the affected system. A\n\t malicious SWF must be loaded in Flash Player by the user for an\n\t attacker to exploit these potential vulnerabilities. Users are\n\t recommended to update to the most current version of Flash Player\n\t available for their platform.\n\n\n", "cvss3": {}, "published": "2007-12-18T00:00:00", "type": "freebsd", "title": "linux-flashplugin -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4324", "CVE-2007-4768", "CVE-2007-5275", "CVE-2007-5476", "CVE-2007-6242", "CVE-2007-6243", "CVE-2007-6244", "CVE-2007-6245", "CVE-2007-6246"], "modified": "2007-12-18T00:00:00", "id": "562CF6C4-B9F1-11DC-A302-000102CC8983", "href": "https://vuxml.freebsd.org/freebsd/562cf6c4-b9f1-11dc-a302-000102cc8983.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}