Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Flash Player 9, several vulnerabilities

November 2008 by Vigil@nce

Several Adobe Flash Player vulnerabilities can be used by an attacker to obtain information or to exploit several attacks.

- Gravity: 2/4
- Consequences: client access/rights, data reading
- Provenance: document
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Number of vulnerabilities in this bulletin: 6
- Creation date: 07/11/2008

IMPACTED PRODUCTS

- Microsoft Windows - plateform
- Red Hat Enterprise Linux
- Unix - plateform

DESCRIPTION

Several Adobe Flash Player vulnerabilities can be used by an attacker to obtain information or to exploit several attacks.

An attacker can alter the HTTP headers in order to create a Cross Site Scripting. [grav:2/4; CVE-2008-4818]

An attacker can create a DNS attack. [grav:2/4; CVE-2008-4819]

An attacker can use an ActionScipt attribute in order to inject HTML code. [grav:2/4; CVE-2008-4823]

An attacker can use a policy file in order to bypass the domain check. [grav:2/4; CVE-2008-4822]

An attacker can use the jar: protocol in order to obtain information. [grav:1/4; CVE-2008-4821]

An attacker can use the Flash ActiveX in order to obtain information. [grav:2/4; CVE-2008-4820]

CHARACTERISTICS

- Identifiers: APSB08-20, BID-32129, CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, RHSA-2008:0980-02, VIGILANCE-VUL-8230
- Url: http://vigilance.fr/vulnerability/8230




See previous articles

    

See next articles