English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.67544
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2010:0464
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0464.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security pages APSA10-01 and
APSB10-14, listed in the References section.

Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2009-3793,
CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,
CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,
CVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,
CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,
CVE-2010-2187, CVE-2010-2188)

An input sanitization flaw was found in the way flash-plugin processed
certain URLs. An attacker could use this flaw to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2010-2179)

A denial of service flaw was found in the way flash-plugin processed
certain SWF content. An attacker could use this flaw to create a
specially-crafted SWF file that would cause flash-plugin to crash.
(CVE-2008-4546)

All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.1.53.64.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0464.html
http://www.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-14.html

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4546
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BugTraq ID: 31537
http://www.securityfocus.com/bid/31537
Bugtraq: 20081002 Adobe Flash Player plug-in null pointer dereference and browser crash (Google Search)
http://www.securityfocus.com/archive/1/496929/100/0/threaded
Cert/CC Advisory: TA10-162A
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
http://security.gentoo.org/glsa/glsa-201101-09.xml
HPdes Security Advisory: HPSBMA02547
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
HPdes Security Advisory: SSRT100179
http://www.mochimedia.com/~matthew/flashcrash/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16302
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7187
http://www.redhat.com/support/errata/RHSA-2010-0464.html
http://www.redhat.com/support/errata/RHSA-2010-0470.html
http://securitytracker.com/id?1024085
http://securitytracker.com/id?1024086
http://secunia.com/advisories/32759
http://secunia.com/advisories/40545
http://secunia.com/advisories/43026
http://securityreason.com/securityalert/4401
SuSE Security Announcement: SUSE-SA:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
TurboLinux Advisory: TLSA-2010-19
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
http://www.vupen.com/english/advisories/2010/1421
http://www.vupen.com/english/advisories/2010/1432
http://www.vupen.com/english/advisories/2010/1434
http://www.vupen.com/english/advisories/2010/1453
http://www.vupen.com/english/advisories/2010/1482
http://www.vupen.com/english/advisories/2010/1522
http://www.vupen.com/english/advisories/2010/1793
http://www.vupen.com/english/advisories/2011/0192
XForce ISS Database: adobe-flash-version-dos(45630)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45630
Common Vulnerability Exposure (CVE) ID: CVE-2009-3793
BugTraq ID: 40759
http://www.securityfocus.com/bid/40759
BugTraq ID: 40809
http://www.securityfocus.com/bid/40809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16223
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7205
http://secunia.com/advisories/40144
Common Vulnerability Exposure (CVE) ID: CVE-2010-1297
BugTraq ID: 40586
http://www.securityfocus.com/bid/40586
Cert/CC Advisory: TA10-159A
http://www.us-cert.gov/cas/techalerts/TA10-159A.html
CERT/CC vulnerability note: VU#486225
http://www.kb.cert.org/vuls/id/486225
http://www.exploit-db.com/exploits/13787
http://blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/
http://community.websense.com/blogs/securitylabs/archive/2010/06/09/having-fun-with-adobe-0-day-exploits.aspx
http://www.osvdb.org/65141
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7116
http://securitytracker.com/id?1024057
http://securitytracker.com/id?1024058
http://secunia.com/advisories/40026
http://secunia.com/advisories/40034
http://www.vupen.com/english/advisories/2010/1348
http://www.vupen.com/english/advisories/2010/1349
http://www.vupen.com/english/advisories/2010/1636
XForce ISS Database: adobe-authplay-code-execution(59137)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59137
Common Vulnerability Exposure (CVE) ID: CVE-2010-2160
BugTraq ID: 40779
http://www.securityfocus.com/bid/40779
Bugtraq: 20100625 ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512020/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7508
Common Vulnerability Exposure (CVE) ID: CVE-2010-2161
BugTraq ID: 40781
http://www.securityfocus.com/bid/40781
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15576
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7303
Common Vulnerability Exposure (CVE) ID: CVE-2010-2162
BugTraq ID: 40801
http://www.securityfocus.com/bid/40801
Bugtraq: 20100616 ZDI-10-109: Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511862/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7166
Common Vulnerability Exposure (CVE) ID: CVE-2010-2163
BugTraq ID: 40803
http://www.securityfocus.com/bid/40803
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7501
Common Vulnerability Exposure (CVE) ID: CVE-2010-2164
BugTraq ID: 40780
http://www.securityfocus.com/bid/40780
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=872
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15798
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6765
Common Vulnerability Exposure (CVE) ID: CVE-2010-2165
BugTraq ID: 40782
http://www.securityfocus.com/bid/40782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16350
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6781
Common Vulnerability Exposure (CVE) ID: CVE-2010-2166
BugTraq ID: 40783
http://www.securityfocus.com/bid/40783
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15541
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7431
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.