Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Flash Player 9, several vulnerabilities

November 2008 by Vigil@nce

Several Adobe Flash Player vulnerabilities can be used by an
attacker to obtain information or to exploit several attacks.

 Gravity: 2/4
 Consequences: client access/rights, data reading
 Provenance: document
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Number of vulnerabilities in this bulletin: 6
 Creation date: 07/11/2008

IMPACTED PRODUCTS

 Microsoft Windows - plateform
 Red Hat Enterprise Linux
 Unix - plateform

DESCRIPTION

Several Adobe Flash Player vulnerabilities can be used by an
attacker to obtain information or to exploit several attacks.

An attacker can alter the HTTP headers in order to create a Cross
Site Scripting. [grav:2/4; CVE-2008-4818]

An attacker can create a DNS attack. [grav:2/4; CVE-2008-4819]

An attacker can use an ActionScipt attribute in order to inject
HTML code. [grav:2/4; CVE-2008-4823]

An attacker can use a policy file in order to bypass the domain
check. [grav:2/4; CVE-2008-4822]

An attacker can use the jar: protocol in order to obtain
information. [grav:1/4; CVE-2008-4821]

An attacker can use the Flash ActiveX in order to obtain
information. [grav:2/4; CVE-2008-4820]

CHARACTERISTICS

 Identifiers: APSB08-20, BID-32129, CVE-2008-4818, CVE-2008-4819,
CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823,
RHSA-2008:0980-02, VIGILANCE-VUL-8230
 Url: http://vigilance.fr/vulnerability/8230


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts