5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.5%
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a
victim machine to establish TCP sessions with arbitrary hosts via a Flash
(SWF) movie, related to lack of pinning of a hostname to a single IP
address after receiving an allow-access-from element in a
cross-domain-policy XML document, and the availability of a Flash Socket
class that does not use the browser’s DNS pins, aka DNS rebinding attacks,
a different issue than CVE-2002-1467 and CVE-2007-4324.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | flashplugin-nonfree | < 9.0.246.0ubuntu1 | UNKNOWN |
ubuntu | 8.10 | noarch | flashplugin-nonfree | < 10.0.32.18ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | flashplugin-nonfree | < 10.0.32.18ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | flashplugin-nonfree | < 10.0.32.18ubuntu1 | UNKNOWN |